From 1fba80bbbe0269d89263eff8583cc2ea73dcb1df Mon Sep 17 00:00:00 2001
From: Update third-party rules
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Wed, 5 Nov 2025 00:25:58 +0000
Subject: [PATCH] Update third-party rules as of 2025-11-05

---
 .../2023.3CX/libffmpeg.change_decrease.mdiff  |     6 +-
 .../2023.3CX/libffmpeg.change_increase.mdiff  |     6 +-
 tests/macOS/2023.3CX/libffmpeg.dirty.mdiff    |     6 +-
 tests/macOS/2023.3CX/libffmpeg.increase.mdiff |     6 +-
 .../2024.aspdasdksa2/callback.bat.json        |     4 +-
 third_party/yara/YARAForge/RELEASE            |     2 +-
 .../yara/YARAForge/yara-rules-full.yar        | 26623 ++++++++--------
 7 files changed, 13633 insertions(+), 13020 deletions(-)

diff --git a/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff b/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff
index 1f68eb0f3..355dc80b3 100644
--- a/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff
+++ b/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff
@@ -5,9 +5,9 @@
 | RISK | KEY | DESCRIPTION | EVIDENCE |
 |:--|:--|:--|:--|
 | -CRITICAL | [3P/sekoia/downloader_smooth_operator](https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/yara_rules/downloader_mac_smooth_operator.yar#L1-L16) | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
-| -CRITICAL | [3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275) | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$op1`<br>`$op2`<br>`$sa1`<br>`$sa2` |
-| -CRITICAL | [3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214) | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
-| -CRITICAL | [3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_xor_hunting.yar#L2-L25) | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
+| -CRITICAL | [3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275) | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$op1`<br>`$op2`<br>`$sa1`<br>`$sa2` |
+| -CRITICAL | [3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214) | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
+| -CRITICAL | [3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_xor_hunting.yar#L2-L25) | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
 | -CRITICAL | [3P/volexity/iconic](https://github.com/volexity/threat-intel/blob/c24b8d9bea44ac757193a3152b1fd9dbf34fe503/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50) | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`<br>`$str2`<br>`$str3` |
 | -CRITICAL | [anti-static/xor/user_agent](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/xor/xor-user_agent.yara#xor_mozilla) | XOR'ed user agent, often found in backdoors, by Florian Roth | [xor_mozilla::$Mozilla_5_0](https://github.com/search?q=xor_mozilla%3A%3A%24Mozilla_5_0&type=code) |
 | -CRITICAL | [impact/remote_access/net_exec](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/net_exec.yara#lazarus_darwin_nsurl) | executes programs, sets permissions, sleeps, makes HTTP requests | [NSMutableURLRequest](https://github.com/search?q=NSMutableURLRequest&type=code)<br>[gethostname](https://github.com/search?q=gethostname&type=code)<br>[localtime](https://github.com/search?q=localtime&type=code)<br>[sprintf](https://github.com/search?q=sprintf&type=code)<br>[strncpy](https://github.com/search?q=strncpy&type=code)<br>[pclose](https://github.com/search?q=pclose&type=code)<br>[chmod](https://github.com/search?q=chmod&type=code)<br>[flock](https://github.com/search?q=flock&type=code)<br>[popen](https://github.com/search?q=popen&type=code)<br>[sleep](https://github.com/search?q=sleep&type=code)<br>[rand](https://github.com/search?q=rand&type=code) |
diff --git a/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff b/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff
index 52df07ba3..2d5e8d18a 100644
--- a/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff
+++ b/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff
@@ -5,9 +5,9 @@
 | RISK | KEY | DESCRIPTION | EVIDENCE |
 |:--|:--|:--|:--|
 | +CRITICAL | **[3P/sekoia/downloader_smooth_operator](https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/yara_rules/downloader_mac_smooth_operator.yar#L1-L16)** | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
-| +CRITICAL | **[3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$op1`<br>`$op2`<br>`$sa1`<br>`$sa2` |
-| +CRITICAL | **[3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
-| +CRITICAL | **[3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
+| +CRITICAL | **[3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$op1`<br>`$op2`<br>`$sa1`<br>`$sa2` |
+| +CRITICAL | **[3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
+| +CRITICAL | **[3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
 | +CRITICAL | **[3P/volexity/iconic](https://github.com/volexity/threat-intel/blob/c24b8d9bea44ac757193a3152b1fd9dbf34fe503/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50)** | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`<br>`$str2`<br>`$str3` |
 | +CRITICAL | **[anti-static/xor/user_agent](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/xor/xor-user_agent.yara#xor_mozilla)** | XOR'ed user agent, often found in backdoors, by Florian Roth | [xor_mozilla::$Mozilla_5_0](https://github.com/search?q=xor_mozilla%3A%3A%24Mozilla_5_0&type=code) |
 | +CRITICAL | **[impact/remote_access/net_exec](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/net_exec.yara#lazarus_darwin_nsurl)** | executes programs, sets permissions, sleeps, makes HTTP requests | [NSMutableURLRequest](https://github.com/search?q=NSMutableURLRequest&type=code)<br>[gethostname](https://github.com/search?q=gethostname&type=code)<br>[localtime](https://github.com/search?q=localtime&type=code)<br>[sprintf](https://github.com/search?q=sprintf&type=code)<br>[strncpy](https://github.com/search?q=strncpy&type=code)<br>[pclose](https://github.com/search?q=pclose&type=code)<br>[chmod](https://github.com/search?q=chmod&type=code)<br>[flock](https://github.com/search?q=flock&type=code)<br>[popen](https://github.com/search?q=popen&type=code)<br>[sleep](https://github.com/search?q=sleep&type=code)<br>[rand](https://github.com/search?q=rand&type=code) |
diff --git a/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff b/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff
index 52df07ba3..2d5e8d18a 100644
--- a/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff
+++ b/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff
@@ -5,9 +5,9 @@
 | RISK | KEY | DESCRIPTION | EVIDENCE |
 |:--|:--|:--|:--|
 | +CRITICAL | **[3P/sekoia/downloader_smooth_operator](https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/yara_rules/downloader_mac_smooth_operator.yar#L1-L16)** | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
-| +CRITICAL | **[3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$op1`<br>`$op2`<br>`$sa1`<br>`$sa2` |
-| +CRITICAL | **[3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
-| +CRITICAL | **[3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
+| +CRITICAL | **[3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$op1`<br>`$op2`<br>`$sa1`<br>`$sa2` |
+| +CRITICAL | **[3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
+| +CRITICAL | **[3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
 | +CRITICAL | **[3P/volexity/iconic](https://github.com/volexity/threat-intel/blob/c24b8d9bea44ac757193a3152b1fd9dbf34fe503/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50)** | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`<br>`$str2`<br>`$str3` |
 | +CRITICAL | **[anti-static/xor/user_agent](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/xor/xor-user_agent.yara#xor_mozilla)** | XOR'ed user agent, often found in backdoors, by Florian Roth | [xor_mozilla::$Mozilla_5_0](https://github.com/search?q=xor_mozilla%3A%3A%24Mozilla_5_0&type=code) |
 | +CRITICAL | **[impact/remote_access/net_exec](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/net_exec.yara#lazarus_darwin_nsurl)** | executes programs, sets permissions, sleeps, makes HTTP requests | [NSMutableURLRequest](https://github.com/search?q=NSMutableURLRequest&type=code)<br>[gethostname](https://github.com/search?q=gethostname&type=code)<br>[localtime](https://github.com/search?q=localtime&type=code)<br>[sprintf](https://github.com/search?q=sprintf&type=code)<br>[strncpy](https://github.com/search?q=strncpy&type=code)<br>[pclose](https://github.com/search?q=pclose&type=code)<br>[chmod](https://github.com/search?q=chmod&type=code)<br>[flock](https://github.com/search?q=flock&type=code)<br>[popen](https://github.com/search?q=popen&type=code)<br>[sleep](https://github.com/search?q=sleep&type=code)<br>[rand](https://github.com/search?q=rand&type=code) |
diff --git a/tests/macOS/2023.3CX/libffmpeg.increase.mdiff b/tests/macOS/2023.3CX/libffmpeg.increase.mdiff
index 52df07ba3..2d5e8d18a 100644
--- a/tests/macOS/2023.3CX/libffmpeg.increase.mdiff
+++ b/tests/macOS/2023.3CX/libffmpeg.increase.mdiff
@@ -5,9 +5,9 @@
 | RISK | KEY | DESCRIPTION | EVIDENCE |
 |:--|:--|:--|:--|
 | +CRITICAL | **[3P/sekoia/downloader_smooth_operator](https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/yara_rules/downloader_mac_smooth_operator.yar#L1-L16)** | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
-| +CRITICAL | **[3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$op1`<br>`$op2`<br>`$sa1`<br>`$sa2` |
-| +CRITICAL | **[3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
-| +CRITICAL | **[3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
+| +CRITICAL | **[3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$op1`<br>`$op2`<br>`$sa1`<br>`$sa2` |
+| +CRITICAL | **[3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
+| +CRITICAL | **[3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xo1` |
 | +CRITICAL | **[3P/volexity/iconic](https://github.com/volexity/threat-intel/blob/c24b8d9bea44ac757193a3152b1fd9dbf34fe503/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50)** | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`<br>`$str2`<br>`$str3` |
 | +CRITICAL | **[anti-static/xor/user_agent](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/xor/xor-user_agent.yara#xor_mozilla)** | XOR'ed user agent, often found in backdoors, by Florian Roth | [xor_mozilla::$Mozilla_5_0](https://github.com/search?q=xor_mozilla%3A%3A%24Mozilla_5_0&type=code) |
 | +CRITICAL | **[impact/remote_access/net_exec](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/net_exec.yara#lazarus_darwin_nsurl)** | executes programs, sets permissions, sleeps, makes HTTP requests | [NSMutableURLRequest](https://github.com/search?q=NSMutableURLRequest&type=code)<br>[gethostname](https://github.com/search?q=gethostname&type=code)<br>[localtime](https://github.com/search?q=localtime&type=code)<br>[sprintf](https://github.com/search?q=sprintf&type=code)<br>[strncpy](https://github.com/search?q=strncpy&type=code)<br>[pclose](https://github.com/search?q=pclose&type=code)<br>[chmod](https://github.com/search?q=chmod&type=code)<br>[flock](https://github.com/search?q=flock&type=code)<br>[popen](https://github.com/search?q=popen&type=code)<br>[sleep](https://github.com/search?q=sleep&type=code)<br>[rand](https://github.com/search?q=rand&type=code) |
diff --git a/tests/windows/2024.aspdasdksa2/callback.bat.json b/tests/windows/2024.aspdasdksa2/callback.bat.json
index 6d641636c..2b7ecd622 100644
--- a/tests/windows/2024.aspdasdksa2/callback.bat.json
+++ b/tests/windows/2024.aspdasdksa2/callback.bat.json
@@ -12,11 +12,11 @@
                     ],
                     "RiskScore": 4,
                     "RiskLevel": "CRITICAL",
-                    "RuleURL": "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_susp.yar#L52-L91",
+                    "RuleURL": "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_susp.yar#L52-L91",
                     "ReferenceURL": "Internal%20Research",
                     "RuleAuthor": "Florian Roth (Nextron Systems)",
                     "RuleLicense": "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE",
-                    "RuleLicenseURL": "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE",
+                    "RuleLicenseURL": "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE",
                     "ID": "3P/sig_base/powershell_webdownload",
                     "RuleName": "SIGNATURE_BASE_Suspicious_Powershell_Webdownload_1"
                 },
diff --git a/third_party/yara/YARAForge/RELEASE b/third_party/yara/YARAForge/RELEASE
index befd73573..23733dc65 100644
--- a/third_party/yara/YARAForge/RELEASE
+++ b/third_party/yara/YARAForge/RELEASE
@@ -1 +1 @@
-20251102
+20251104
diff --git a/third_party/yara/YARAForge/yara-rules-full.yar b/third_party/yara/YARAForge/yara-rules-full.yar
index 909222064..570e9239f 100644
--- a/third_party/yara/YARAForge/yara-rules-full.yar
+++ b/third_party/yara/YARAForge/yara-rules-full.yar
@@ -12,16 +12,16 @@
  * Force Exclude Importance Level: 0
  * Minimum Age (in days): 0
  * Minimum Score: 40
- * Creation Date: 2025-11-02
- * Number of Rules: 11414
- * Skipped: 0 (age), 231 (quality), 8 (score), 0 (importance)
+ * Creation Date: 2025-11-04
+ * Number of Rules: 11426
+ * Skipped: 0 (age), 226 (quality), 8 (score), 0 (importance)
  */
 
-import "hash"
+import "console"
 import "math"
 import "elf"
-import "console"
 import "pe"
+import "hash"
 import "dotnet"
 
 
@@ -29,9 +29,9 @@ import "dotnet"
  * YARA Rule Set
  * Repository Name: ReversingLabs
  * Repository: https://github.com/reversinglabs/reversinglabs-yara-rules/
- * Retrieval Date: 2025-11-02
- * Git Commit: af35d842f569bd9f726a9a77f947dda7763f87ec
- * Number of Rules: 1238
+ * Retrieval Date: 2025-11-04
+ * Git Commit: e0a0be54aa1e11ccfd6854e4f19e9476f328fd84
+ * Number of Rules: 1240
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
  *
  *
@@ -66,8 +66,8 @@ rule REVERSINGLABS_Win32_Infostealer_Multigrainpos : TC_DETECTION MALICIOUS MALW
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/infostealer/Win32.Infostealer.MultigrainPOS.yara#L1-L88"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/infostealer/Win32.Infostealer.MultigrainPOS.yara#L1-L88"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9808c95b850a54677c4132057b8372cabf0159920b7e0e6834a83f0d39c088fa"
 		score = 75
 		quality = 90
@@ -150,8 +150,8 @@ rule REVERSINGLABS_Win32_Infostealer_Projecthookpos : TC_DETECTION MALICIOUS MAL
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/infostealer/Win32.Infostealer.ProjectHookPOS.yara#L1-L98"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/infostealer/Win32.Infostealer.ProjectHookPOS.yara#L1-L98"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b7534c9e905256aaf80f04b746a92c50689437b288f7e393ef13fde1740c4a4e"
 		score = 75
 		quality = 90
@@ -245,8 +245,8 @@ rule REVERSINGLABS_Win32_Infostealer_Lumarstealer : TC_DETECTION MALICIOUS MALWA
 		date = "2023-12-07"
 		modified = "2023-12-07"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/infostealer/Win32.Infostealer.LumarStealer.yara#L1-L190"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/infostealer/Win32.Infostealer.LumarStealer.yara#L1-L190"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0bc9e12396b1e85f69b965e9ea50960c59c50aba40317fb4de8f6abd092ec7d2"
 		score = 75
 		quality = 90
@@ -411,6 +411,189 @@ rule REVERSINGLABS_Win32_Infostealer_Lumarstealer : TC_DETECTION MALICIOUS MALWA
 	condition:
 		uint16( 0 ) == 0x5A4D and ( all of ( $collect_os_information_p* ) ) and ( all of ( $send_data_to_c2_p* ) ) and ( all of ( $find_files_p* ) ) and ( all of ( $find_crypto_wallets_* ) )
 }
+rule REVERSINGLABS_Win64_Infostealer_Weaselstore : TC_DETECTION MALICIOUS MALWARE FILE
+{
+	meta:
+		description = "Yara rule that detects WeaselStore infostealer."
+		author = "ReversingLabs"
+		id = "d8800cda-3043-5156-9de2-9eb7b5a2779f"
+		date = "2025-11-03"
+		modified = "2025-11-03"
+		reference = "ReversingLabs"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/infostealer/Win64.Infostealer.WeaselStore.yara#L1-L198"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
+		logic_hash = "8311ffe7337a52c9ae67c184c59d5a7e142ded5a2859559a9b76febd4c5dec66"
+		score = 75
+		quality = 90
+		tags = "TC_DETECTION, MALICIOUS, MALWARE, FILE"
+		status = "RELEASED"
+		sharing = "TLP:WHITE"
+		category = "MALWARE"
+		tc_detection_type = "Infostealer"
+		tc_detection_name = "WeaselStore"
+		tc_detection_factor = 5
+		importance = 25
+
+	strings:
+		$spawn_shell_p1 = {
+            4C 8D A4 24 ?? ?? ?? ?? 4D 3B 66 ?? 0F 86 ?? ?? ?? ?? 55 48 89 E5 48 81 EC ?? ?? ??
+            ?? 48 89 84 24 ?? ?? ?? ?? 66 44 0F D6 BC 24 ?? ?? 00 00 C6 44 24 ?? ?? 44 0F 11 BC
+            24 ?? ?? ?? ?? 48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 44 0F 11 BC 24 ?? ?? ?? ?? 48 85
+            DB 0F 86 ?? ?? ?? ?? 48 89 8C 24 ?? ?? ?? ?? 48 89 9C 24 ?? ?? ?? ?? 48 89 84 24 ??
+            ?? ?? ?? 48 8B 18 48 8B 48 ?? 48 8D 44 24 ?? 90 E8 ?? ?? ?? ?? 48 8B 94 24 ?? ?? ??
+            ?? 48 83 FA ?? 0F 86 ?? ?? ?? ?? 48 89 9C 24 ?? ?? ?? ?? 48 89 84 24 ?? ?? ?? ?? 48
+            8B 94 24 ?? ?? ?? ?? 48 8B 5A ?? 48 8B 4A ?? 48 8D 44 24 ?? 0F 1F 40 ?? E8 ?? ?? ??
+            ?? B9 ?? ?? ?? ?? BF ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 8B 94 24 ?? ?? ?? ?? 0F 1F 40 ??
+            48 83 FA ?? 0F 86 ?? ?? ?? ?? 48 89 84 24 ?? ?? ?? ?? 48 8B 94 24 ?? ?? ?? ?? 48 8B
+            5A ?? 48 8B 4A ?? 31 C0 E8 ?? ?? ?? ?? 48 89 84 24 ?? ?? ?? ?? 48 89 9C 24 ?? ?? ??
+            ?? 48 8B 94 24 ?? ?? ?? ?? 48 83 C2 ?? 48 F7 DA 48 C1 FA ?? 83 E2 ?? 48 8B B4 24 ??
+            ?? ?? ?? 48 01 F2 48 89 94 24 ?? ?? ?? ?? 48 8B 8C 24 ?? ?? ?? ?? 48 83 C1 ?? 48 89
+            8C 24 ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ?? 48 89 CB E8 ?? ?? ?? ?? 48 89 84 24 ?? ?? ??
+            ?? 48 8B 94 24 ?? ?? ?? ?? 31 C9 EB ?? 48 89 04 11 48 8B 94 24 ?? ?? ?? ?? 48 83 C2
+            ?? 4C 8D 46 ?? 48 89 C8 4C 89 C1 48 8B B4 24 ?? ?? ?? ?? 0F 1F 44 00 ?? 48 39 F1 7D
+            ?? 48 89 8C 24 ?? ?? ?? ?? 48 89 94 24 ?? ?? ?? ?? 48 8B 1A 48 8B 4A ?? 31 C0 66 90
+            E8 ?? ?? ?? ?? 48 8B 94 24 ?? ?? ?? ?? 48 89 D6 48 C1 E2 ?? 48 8B 8C 24 ?? ?? ?? ??
+            48 89 5C 11 ?? 83 3D ?? ?? ?? ?? ?? 74 ?? E8 ?? ?? ?? ?? 49 89 03 4C 8B 04 11 4D 89
+            43 ?? E9 ?? ?? ?? ?? 48 8B 94 24 ?? ?? ?? ?? 48 83 FA ?? 0F 85 ?? ?? ?? ?? 48 8B 94
+        }
+		$spawn_shell_p2 = {
+            24 ?? ?? ?? ?? 81 3A ?? ?? ?? ?? 90 0F 85 ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ?? 48 8D 1D
+            ?? ?? ?? ?? 48 8B 8C 24 ?? ?? ?? ?? 0F 1F 40 ?? E8 ?? ?? ?? ?? 48 89 8C 24 ?? ?? ??
+            ?? C6 44 24 ?? ?? 48 8B 8C 24 ?? ?? ?? ?? 48 8B BC 24 ?? ?? ?? ?? 48 8B B4 24 ?? ??
+            ?? ?? 4C 8B 84 24 ?? ?? ?? ?? 4D 89 C1 E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 90 48 85 FF 0F
+            84 ?? ?? ?? ?? 48 89 B4 24 ?? ?? ?? ?? 48 89 BC 24 ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ??
+            E8 ?? ?? ?? ?? 48 89 84 24 ?? ?? ?? ?? C7 00 ?? ?? ?? ?? C6 40 ?? ?? 48 8B 8C 24 ??
+            ?? ?? ?? 48 8B 49 ?? 48 8B 84 24 ?? ?? ?? ?? FF D1 48 89 D9 48 89 C3 31 C0 E8 ?? ??
+            ?? ?? 48 89 84 24 ?? ?? ?? ?? 48 89 9C 24 ?? ?? ?? ?? 48 89 8C 24 ?? ?? ?? ?? 48 8D
+            05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 C7 40 ?? ?? ?? ?? ?? 48 C7 40 ?? ?? ?? ?? ?? 83 3D
+            ?? ?? ?? ?? ?? 75 ?? 48 8B 8C 24 ?? ?? ?? ?? 48 8B 9C 24 ?? ?? ?? ?? EB ?? E8 ?? ??
+            ?? ?? 48 8B 8C 24 ?? ?? ?? ?? 49 89 0B 48 8B 9C 24 ?? ?? ?? ?? 49 89 5B ?? 48 89 08
+            48 8B 8C 24 ?? ?? ?? ?? 48 89 48 ?? 48 8B 8C 24 ?? ?? ?? ?? 48 89 48 ?? 48 89 58 ??
+            48 8D 0D ?? ?? ?? ?? 48 89 8C 24 ?? ?? ?? ?? 48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48
+            89 84 24 ?? ?? ?? ?? 48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48 C7 84 24 ?? ?? ?? ?? ??
+            ?? ?? ?? C6 44 24 ?? ?? 48 8B 94 24 ?? ?? ?? ?? 48 8B 02 FF D0 48 8B 84 24 ?? ?? ??
+            ?? 48 8B 8C 24 ?? ?? ?? ?? 48 8B BC 24 ?? ?? ?? ?? 48 8B 9C 24 ?? ?? ?? ?? 48 8B B4
+        }
+		$spawn_shell_p3 = {
+            24 ?? ?? ?? ?? 48 81 C4 ?? ?? ?? ?? 5D C3 48 89 8C 24 ?? ?? ?? ?? 48 89 9C 24 ?? ??
+            ?? ?? 48 89 84 24 ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 89 84 24 ?? ??
+            ?? ?? C7 00 ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ?? 0F 1F 44 00 ?? E8 ?? ?? ?? ?? 48 C7 40
+            ?? ?? ?? ?? ?? 48 C7 40 ?? ?? ?? ?? ?? 83 3D ?? ?? ?? ?? ?? 75 ?? 48 8B 8C 24 ?? ??
+            ?? ?? 48 8B 9C 24 ?? ?? ?? ?? EB ?? E8 ?? ?? ?? ?? 48 8B 8C 24 ?? ?? ?? ?? 49 89 0B
+            48 8B 9C 24 ?? ?? ?? ?? 49 89 5B ?? 48 89 08 48 8B 8C 24 ?? ?? ?? ?? 48 89 48 ?? 48
+            8B 8C 24 ?? ?? ?? ?? 48 89 48 ?? 48 89 58 ?? 48 8D 0D ?? ?? ?? ?? 48 89 8C 24 ?? ??
+            ?? ?? 48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48 89 84 24 ?? ?? ?? ?? 48 C7 84 24 ?? ??
+            ?? ?? ?? ?? ?? ?? 48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? C6 44 24 ?? ?? 48 8B 94 24 ??
+            ?? ?? ?? 48 8B 02 FF D0 48 8B 84 24 ?? ?? ?? ?? 48 8B 8C 24 ?? ?? ?? ?? 48 8B BC 24
+            ?? ?? ?? ?? 48 8B 9C 24 ?? ?? ?? ?? 48 8B B4 24 ?? ?? ?? ?? 48 81 C4 ?? ?? ?? ?? 5D
+            C3 48 8B 9C 24 ?? ?? ?? ?? 48 89 C1 48 89 F7 48 8B 84 24 ?? ?? ?? ?? 90 E8 ?? ?? ??
+            ?? E8 ?? ?? ?? ?? 48 85 C0 0F 84 ?? ?? ?? ?? 48 89 9C 24 ?? ?? ?? ?? 48 89 84 24 ??
+            ?? ?? ?? 48 8D 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 89 84 24 ?? ?? ?? ?? C7 00 ?? ?? ??
+            ?? C6 40 ?? ?? 48 8B 8C 24 ?? ?? ?? ?? 48 8B 49 ?? 48 8B 84 24 ?? ?? ?? ?? FF D1 48
+            89 D9 48 89 C3 31 C0 90 E8 ?? ?? ?? ?? 48 89 84 24 ?? ?? ?? ?? 48 89 9C 24 ?? ?? ??
+            ?? 48 89 8C 24 ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 C7 40 ?? ?? ?? ??
+            ?? 48 C7 40 ?? ?? ?? ?? ?? 83 3D ?? ?? ?? ?? ?? 75 ?? 48 8B 94 24 ?? ?? ?? ?? 4C 8B
+        }
+		$spawn_shell_p4 = {
+            84 24 ?? ?? ?? ?? EB ?? E8 ?? ?? ?? ?? 48 8B 94 24 ?? ?? ?? ?? 49 89 13 4C 8B 84 24
+            ?? ?? ?? ?? 4D 89 43 ?? 48 89 10 48 8B 94 24 ?? ?? ?? ?? 48 89 50 ?? 48 8B 94 24 ??
+            ?? ?? ?? 48 89 50 ?? 4C 89 40 ?? 48 8D 15 ?? ?? ?? ?? 48 89 94 24 ?? ?? ?? ?? 48 C7
+            84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48 89 84 24 ?? ?? ?? ?? 48 C7 84 24 ?? ?? ?? ?? ?? ??
+            ?? ?? 48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48 8B 84 24 ?? ?? ?? ?? 48 8B 8C 24 ?? ??
+            ?? ?? 48 8B 9C 24 ?? ?? ?? ?? BF ?? ?? ?? ?? 48 89 FE 48 81 C4 ?? ?? ?? ?? 5D C3 48
+            8D 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 89 84 24 ?? ?? ?? ?? C7 00 ?? ?? ?? ?? 48 8B 9C
+            24 ?? ?? ?? ?? 48 89 D9 48 8D 3D ?? ?? ?? ?? BE ?? ?? ?? ?? 48 8B 84 24 ?? ?? ?? ??
+            E8 ?? ?? ?? ?? 48 89 84 24 ?? ?? ?? ?? 48 89 9C 24 ?? ?? ?? ?? 44 0F 11 BC 24 ?? ??
+            ?? ?? 44 0F 11 BC 24 ?? ?? ?? ?? 48 8B 84 24 ?? ?? ?? ?? 48 8B 9C 24 ?? ?? ?? ?? E8
+            ?? ?? ?? ?? 48 8D 0D ?? ?? ?? ?? 48 89 8C 24 ?? ?? ?? ?? 48 89 84 24 ?? ?? ?? ?? 48
+            8B 84 24 ?? ?? ?? ?? 48 8B 9C 24 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 8D 0D ?? ?? ?? ?? 48
+            89 8C 24 ?? ?? ?? ?? 48 89 84 24 ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ?? BB ?? ?? ?? ?? 48
+            8D 8C 24 ?? ?? ?? ?? BF ?? ?? ?? ?? 48 89 FE E8 ?? ?? ?? ?? 48 89 D9 48 89 C3 31 C0
+            E8 ?? ?? ?? ?? 48 89 84 24 ?? ?? ?? ?? 48 89 9C 24 ?? ?? ?? ?? 48 89 8C 24 ?? ?? ??
+            ?? 48 8D 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 C7 40 ?? ?? ?? ?? ?? 48 C7 40 ?? ?? ?? ??
+            ?? 83 3D ?? ?? ?? ?? ?? 75 ?? 48 8B 94 24 ?? ?? ?? ?? 4C 8B 84 24 ?? ?? ?? ?? EB ??
+            E8 ?? ?? ?? ?? 48 8B 94 24 ?? ?? ?? ?? 49 89 13 4C 8B 84 24 ?? ?? ?? ?? 4D 89 43 ??
+            48 89 10 48 8B 94 24 ?? ?? ?? ?? 48 89 50 ?? 48 8B 94 24 ?? ?? ?? ?? 48 89 50 ?? 4C
+            89 40 ?? 48 8D 15 ?? ?? ?? ?? 48 89 94 24 ?? ?? ?? ?? 48 C7 84 24
+        }
+		$gather_chrome_cookies = {
+            49 3B 66 ?? 0F 86 ?? ?? ?? ?? 55 48 89 E5 48 83 EC ?? 48 8D 05 ?? ?? ?? ?? E8 ?? ??
+            ?? ?? 48 89 44 24 ?? 44 0F 11 7C 24 ?? 48 C7 44 24 ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? 44
+            0F 11 7C 24 ?? 48 8D 0D ?? ?? ?? ?? 48 89 4C 24 ?? 48 8D 4C 24 ?? 48 89 4C 24 ?? 48
+            8D 4C 24 ?? E8 ?? ?? ?? ?? 48 8B 4C 24 ?? 48 8B 7C 24 ?? 48 8B 74 24 ?? 48 8D 05 ??
+            ?? ?? ?? 48 8B 5C 24 ?? 41 B8 ?? ?? ?? ?? 66 90 E8 ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ??
+            BB ?? ?? ?? ?? 48 89 D9 E8 ?? ?? ?? ?? 48 89 44 24 ?? 48 8D 05 ?? ?? ?? ?? E8 ?? ??
+            ?? ?? C7 00 ?? ?? ?? ?? 48 8B 4C 24 ?? 48 C7 41 ?? ?? ?? ?? ?? 48 C7 41 ?? ?? ?? ??
+            ?? 83 3D ?? ?? ?? ?? ?? 74 ?? E8 ?? ?? ?? ?? 49 89 03 48 8B 11 49 89 53 ?? 48 89 01
+            48 8D 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 B9 ?? ?? ?? ?? ?? ?? ?? ?? 48 89 08 48 B9 ??
+            ?? ?? ?? ?? ?? ?? ?? 48 89 48 ?? 48 8B 4C 24 ?? 48 C7 41 ?? ?? ?? ?? ?? 48 C7 41 ??
+            ?? ?? ?? ?? 83 3D ?? ?? ?? ?? ?? 74 ?? E8 ?? ?? ?? ?? 49 89 03 48 8B 51 ?? 49 89 53
+            ?? 48 89 41 ?? 48 8B 54 24 ?? 4C 8B 42 ?? 48 8B 42 ?? 49 39 C0 72 ?? 4C 8B 0A 48 8B
+            52 ?? 48 29 C2 49 29 C0 4C 89 41 ?? 48 89 51 ?? 48 F7 DA 48 C1 FA ?? 48 21 D0 49 8D
+            14 01 83 3D ?? ?? ?? ?? ?? 74 ?? E8 ?? ?? ?? ?? 49 89 13 4C 8B 41 ?? 4D 89 43 ?? 48
+            89 51 ?? 48 8D 05 ?? ?? ?? ?? BB ?? ?? ?? ?? BF ?? ?? ?? ?? 48 89 FE 48 83 C4 ?? 5D
+            C3
+        }
+		$change_chrome_profile_p1 = {
+            4C 8D 64 24 ?? 4D 3B 66 ?? 0F 86 ?? ?? ?? ?? 55 48 89 E5 48 81 EC ?? ?? ?? ?? 48 C7
+            44 24 ?? ?? ?? ?? ?? 44 0F 11 7C 24 ?? E8 ?? ?? ?? ?? 44 0F 11 BC 24 ?? ?? ?? ?? 48
+            8D 0D ?? ?? ?? ?? 48 89 8C 24 ?? ?? ?? ?? 48 8D 4C 24 ?? 48 89 8C 24 ?? ?? ?? ?? 48
+            8D 8C 24 ?? ?? ?? ?? 0F 1F 44 00 ?? E8 ?? ?? ?? ?? 44 0F 11 BC 24 ?? ?? ?? ?? 44 0F
+            11 BC 24 ?? ?? ?? ?? 48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ?? 48 89
+            84 24 ?? ?? ?? ?? 48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ?? 48 89 84
+            24 ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ?? BB ?? ?? ?? ?? 48 8D 8C 24 ?? ?? ?? ?? BF ?? ??
+            ?? ?? 48 89 FE E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 31 C0 48 8D 1D ?? ?? ?? ?? B9 ?? ?? ??
+            ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 89 44 24 ?? 48 8B 4C 24 ?? 48 8B 54 24 ?? EB ??
+            48 8B 8C 24 ?? ?? ?? ?? 48 83 C1 ?? 48 8B 54 24 ?? 48 FF CA 48 8B 44 24 ?? 48 85 D2
+            0F 8E ?? ?? ?? ?? 48 89 54 24 ?? 48 89 8C 24 ?? ?? ?? ?? 48 8B 01 48 89 44 24 ?? 48
+            8B 59 ?? 48 89 5C 24 ?? 0F 1F 40 ?? E8 ?? ?? ?? ?? 48 85 DB 75 ?? 48 89 44 24 ?? 48
+            8D 1D ?? ?? ?? ?? B9 ?? ?? ?? ?? 0F 1F 44 00 ?? E8 ?? ?? ?? ?? 84 C0 74 ?? 48 8B 44
+        }
+		$change_chrome_profile_p2 = {
+            24 ?? 48 8D 1D ?? ?? ?? ?? 48 8B 4C 24 ?? 48 8D 3D ?? ?? ?? ?? BE ?? ?? ?? ?? E8 ??
+            ?? ?? ?? 48 8D 05 ?? ?? ?? ?? BB ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 8D 1D ?? ?? ?? ?? 48
+            89 C1 48 8D 3D ?? ?? ?? ?? BE ?? ?? ?? ?? 48 8B 44 24 ?? E8 ?? ?? ?? ?? 48 8B 44 24
+            ?? E8 ?? ?? ?? ?? 48 89 DF 48 89 CE 41 B8 ?? ?? ?? ?? 48 8B 5C 24 ?? 48 89 C1 48 8B
+            44 24 ?? 90 E8 ?? ?? ?? ?? E9 ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 89
+            44 24 ?? C7 00 ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 89 44 24 ?? 48 B9
+            ?? ?? ?? ?? ?? ?? ?? ?? 48 89 08 48 B9 ?? ?? ?? ?? ?? ?? ?? ?? 48 89 48 ?? 48 B9 ??
+            ?? ?? ?? ?? ?? ?? ?? 48 89 48 ?? 48 8D 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 C7 40 ?? ??
+            ?? ?? ?? 48 C7 40 ?? ?? ?? ?? ?? 83 3D ?? ?? ?? ?? ?? 66 90 75 ?? 48 8B 54 24 ?? 4C
+            8B 44 24 ?? EB ?? E8 ?? ?? ?? ?? 48 8B 54 24 ?? 49 89 13 4C 8B 44 24 ?? 4D 89 43 ??
+            48 89 10 48 C7 40 ?? ?? ?? ?? ?? 48 C7 40 ?? ?? ?? ?? ?? 4C 89 40 ?? BB ?? ?? ?? ??
+            48 89 C1 BF ?? ?? ?? ?? 48 89 FE 48 8D 05 ?? ?? ?? ?? 48 81 C4 ?? ?? ?? ?? 5D C3
+        }
+		$network_communication_p1 = {
+            4C 8D 64 24 ?? 4D 3B 66 ?? 0F 86 ?? ?? ?? ?? 55 48 89 E5 48 81 EC ?? ?? ?? ?? 48 89
+            8C 24 ?? ?? ?? ?? 66 44 0F D6 BC 24 ?? ?? 00 00 48 89 84 24 ?? ?? ?? ?? 48 89 9C 24
+            ?? ?? ?? ?? C6 44 24 ?? ?? 44 0F 11 7C 24 ?? 44 0F 11 7C 24 ?? 48 85 C9 48 8D 15 ??
+            ?? ?? ?? 48 0F 45 D1 48 89 F9 48 89 D0 48 89 CB E8 ?? ?? ?? ?? 48 89 5C 24 ?? 48 89
+            4C 24 ?? 48 89 44 24 ?? 90 48 8D 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 8B 54 24 ?? 48 89
+            50 ?? 48 8B 54 24 ?? 48 89 50 ?? 83 3D ?? ?? ?? ?? ?? 66 90 75 ?? 48 8B 54 24 ?? EB
+            ?? E8 ?? ?? ?? ?? 48 8B 54 24 ?? 49 89 13 48 89 10 48 8B 15 ?? ?? ?? ?? 90 48 8B 9C
+            24 ?? ?? ?? ?? 48 8B 8C 24 ?? ?? ?? ?? 48 8D 3D ?? ?? ?? ?? BE ?? ?? ?? ?? 4C 8D 05
+            ?? ?? ?? ?? 49 89 C1 48 89 D0 E8 ?? ?? ?? ?? 48 85 DB 75 ?? 48 8B 48 ?? 84 01 48 8B
+            50 ?? 44 0F 11 BC 24 ?? ?? ?? ?? 48 C7 84 24 ?? ?? ?? ?? ?? ?? ?? ?? 48 8D 35 ?? ??
+            ?? ?? 48 89 B4 24 ?? ?? ?? ?? 48 89 8C 24 ?? ?? ?? ?? 48 89 94 24 ?? ?? ?? ?? 48 8D
+            8C 24 ?? ?? ?? ?? 48 89 8C 24 ?? ?? ?? ?? C6 44 24 ?? ?? 48 8B 48 ?? 48 8B 58 ?? 48
+        }
+		$network_communication_p2 = {
+            85 C9 0F 84 ?? ?? ?? ?? 48 8B 51 ?? 48 8B 35 ?? ?? ?? ?? 48 8B 3E 8B 49 ?? E9 ?? ??
+            ?? ?? 48 89 8C 24 ?? ?? ?? ?? 48 89 5C 24 ?? 0F 1F 44 00 ?? E8 ?? ?? ?? ?? 48 8D 05
+            ?? ?? ?? ?? BB ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 8B 44 24 ?? 48 8B 9C 24 ?? ?? ?? ?? E8
+            ?? ?? ?? ?? E8 ?? ?? ?? ?? 44 0F 11 7C 24 ?? 48 8B 4C 24 ?? 48 89 4C 24 ?? 48 8B BC
+            24 ?? ?? ?? ?? 48 89 7C 24 ?? 48 8B 44 24 ?? 48 8B 5C 24 ?? 48 81 C4 ?? ?? ?? ?? 5D
+            C3 48 89 C8 E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 89 D9 48 89 C3 31 C0 E8 ?? ?? ?? ?? 48
+            89 44 24 ?? 48 89 5C 24 ?? 44 0F 11 7C 24 ?? C6 44 24 ?? ?? 48 8B 94 24 ?? ?? ?? ??
+            48 8B 0A FF D1 48 8B 4C 24 ?? 48 8B 44 24 ?? 48 8B 5C 24 ?? 48 8B 7C 24 ?? 48 81 C4
+            ?? ?? ?? ?? 5D C3 49 89 C8 48 21 F9 48 C1 E1 ?? 4C 8B 4C 31 ?? 49 39 D1 74 ?? 49 8D
+            48 ?? 4D 85 C9 75 ?? 48 89 9C 24 ?? ?? ?? ?? 48 8D 05 ?? ?? ?? ?? 48 89 D3 E8 ?? ??
+            ?? ?? 48 8B 9C 24 ?? ?? ?? ?? 48 89 C1
+        }
+
+	condition:
+		uint16( 0 ) == 0x5A4D and ( all of ( $spawn_shell_p* ) ) and ( $gather_chrome_cookies ) and ( all of ( $change_chrome_profile_p* ) ) and ( all of ( $network_communication_p* ) )
+}
 rule REVERSINGLABS_Win64_Infostealer_Daolpu : TC_DETECTION MALICIOUS MALWARE FILE
 {
 	meta:
@@ -420,8 +603,8 @@ rule REVERSINGLABS_Win64_Infostealer_Daolpu : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2024-08-26"
 		modified = "2024-08-26"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/infostealer/Win64.Infostealer.Daolpu.yara#L1-L322"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/infostealer/Win64.Infostealer.Daolpu.yara#L1-L322"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5ffd0427c6c8e666cfabc48426e7771595a7024548706f37a1de3538e4e2d559"
 		score = 75
 		quality = 90
@@ -718,8 +901,8 @@ rule REVERSINGLABS_Win64_Infostealer_Skuld : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2025-06-10"
 		modified = "2025-06-10"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/infostealer/Win64.Infostealer.Skuld.yara#L1-L192"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/infostealer/Win64.Infostealer.Skuld.yara#L1-L192"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a927a8bc74e2a6676825b208cd74f1be09cc3bc3aea7f7d54c5d016a330e77c2"
 		score = 75
 		quality = 90
@@ -896,8 +1079,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Infostealer_Gomorrahstealer : TC_DETECTION MALI
 		date = "2024-11-27"
 		modified = "2024-11-27"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/infostealer/ByteCode.MSIL.Infostealer.GomorrahStealer.yara#L1-L111"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/infostealer/ByteCode.MSIL.Infostealer.GomorrahStealer.yara#L1-L111"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "75d86ea2ef9f24487ef54979508170651cd60abba6daa4c3117e20a77bb3b086"
 		score = 75
 		quality = 90
@@ -993,8 +1176,8 @@ rule REVERSINGLABS_Win32_Infostealer_Stealc : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2023-06-07"
 		modified = "2023-06-07"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/infostealer/Win32.Infostealer.StealC.yara#L1-L57"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/infostealer/Win32.Infostealer.StealC.yara#L1-L57"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bea1cf370150387eb185deff726e10e660e7eb571c20d22878def08b36f457bf"
 		score = 75
 		quality = 90
@@ -1044,8 +1227,8 @@ rule REVERSINGLABS_Win32_Backdoor_Konni : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2023-12-07"
 		modified = "2023-12-07"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Win32.Backdoor.Konni.yara#L1-L190"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Win32.Backdoor.Konni.yara#L1-L190"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7907a657d804d485718ba13bb23513de0b909e7d455c2b3ee193b5329edd3ac6"
 		score = 75
 		quality = 90
@@ -1219,8 +1402,8 @@ rule REVERSINGLABS_Linux_Backdoor_Pygmygoat : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2025-01-20"
 		modified = "2025-01-20"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Linux.Backdoor.PygmyGoat.yara#L1-L135"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Linux.Backdoor.PygmyGoat.yara#L1-L135"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "11e076865bfc72b79ca42ca821e4c1d81ea705f3ba7711be8677b648ada859a1"
 		score = 75
 		quality = 90
@@ -1342,8 +1525,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Agentracoon : TC_DETECTION MALICIOUS M
 		date = "2023-12-15"
 		modified = "2023-12-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/ByteCode.MSIL.Backdoor.AgentRacoon.yara#L1-L128"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/ByteCode.MSIL.Backdoor.AgentRacoon.yara#L1-L128"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3ba73f19f59c2e5880df820c52f16997047d7299eb14d421ae2ed8f3790bcfe9"
 		score = 75
 		quality = 90
@@ -1455,8 +1638,8 @@ rule REVERSINGLABS_Linux_Backdoor_Gobrat : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2025-03-27"
 		modified = "2025-03-27"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Linux.Backdoor.GobRAT.yara#L1-L168"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Linux.Backdoor.GobRAT.yara#L1-L168"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ce29568231a4103663f4b478de3210e00e14b14eda7781f05ecf0cf576fc5ad2"
 		score = 75
 		quality = 90
@@ -1609,8 +1792,8 @@ rule REVERSINGLABS_Linux_Backdoor_Wolfsbane : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2025-03-17"
 		modified = "2025-03-17"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Linux.Backdoor.WolfsBane.yara#L1-L124"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Linux.Backdoor.WolfsBane.yara#L1-L124"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c2bc992375bfa989c2a18a52e09c551cd6dfefda8fb96e7af4dabfead76e784f"
 		score = 75
 		quality = 90
@@ -1715,6 +1898,138 @@ rule REVERSINGLABS_Linux_Backdoor_Wolfsbane : TC_DETECTION MALICIOUS MALWARE FIL
 	condition:
 		uint32( 0 ) == 0x464C457F and ( $load_embedded_library ) and ( all of ( $decrypt_embedded_library_* ) ) and ( all of ( $remove_backdoor_p* ) )
 }
+rule REVERSINGLABS_Win64_Backdoor_Eggstremefuel : TC_DETECTION MALICIOUS MALWARE FILE
+{
+	meta:
+		description = "Yara rule that detects EggStremeFuel backdoor."
+		author = "ReversingLabs"
+		id = "ec9d0294-042c-513e-9b7e-1cb9ca812f09"
+		date = "2025-11-03"
+		modified = "2025-11-03"
+		reference = "ReversingLabs"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Win64.Backdoor.EggStremeFuel.yara#L1-L144"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
+		logic_hash = "c229cc4357353a8bc1305389e0b4146558ef449498eeb3a9dc118b82895d6e80"
+		score = 75
+		quality = 90
+		tags = "TC_DETECTION, MALICIOUS, MALWARE, FILE"
+		status = "RELEASED"
+		sharing = "TLP:WHITE"
+		category = "MALWARE"
+		tc_detection_type = "Backdoor"
+		tc_detection_name = "EggStremeFuel"
+		tc_detection_factor = 5
+		importance = 25
+
+	strings:
+		$download_file_from_c2 = {
+            48 89 5C 24 ?? 55 56 57 48 8D AC 24 ?? ?? ?? ?? B8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 2B
+            E0 48 8B 05 ?? ?? ?? ?? 48 33 C4 48 89 85 ?? ?? ?? ?? 0F 10 02 48 8D 44 24 ?? 48 8B
+            F9 0F 10 4A ?? B9 ?? ?? ?? ?? 41 B8 ?? ?? ?? ?? 0F 11 00 0F 10 42 ?? 0F 11 48 ?? 0F
+            10 4A ?? 0F 11 40 ?? 0F 10 42 ?? 0F 11 48 ?? 0F 10 4A ?? 0F 11 40 ?? 0F 10 42 ?? 0F
+            11 48 ?? 0F 11 40 ?? 48 03 C1 0F 10 42 ?? 48 03 D1 48 8D 8D ?? ?? ?? ?? 0F 11 40 ??
+            0F 10 0A 0F 10 42 ?? 0F 11 08 0F 10 4A ?? 0F 11 40 ?? 0F 10 42 ?? 0F 11 48 ?? 0F 10
+            4A ?? 33 D2 0F 11 40 ?? 0F 11 48 ?? E8 ?? ?? ?? ?? 48 8B 44 24 ?? 48 C1 E8 ?? 85 C0
+            75 ?? 48 8D 44 24 ?? 49 83 C8 ?? 49 FF C0 42 80 3C 00 ?? 75 ?? 45 33 C9 48 8D 54 24
+            ?? E9 ?? ?? ?? ?? 81 7C 24 ?? ?? ?? ?? ?? 75 ?? 48 8D 44 24 ?? 49 83 C8 ?? 49 FF C0
+            42 80 3C 00 ?? 75 ?? 41 B9 ?? ?? ?? ?? EB ?? 33 D2 48 8D 4D ?? 41 B8 ?? ?? ?? ?? E8
+            ?? ?? ?? ?? 44 8B 44 24 ?? 48 8D 95 ?? ?? ?? ?? 48 8B 8F ?? ?? ?? ?? 45 33 C9 FF 15
+            ?? ?? ?? ?? 44 8B 44 24 ?? 8B D8 41 3B C0 7D ?? 48 63 CB 48 8D 95 ?? ?? ?? ?? 48 03
+            D1 44 2B C3 48 8B 8F ?? ?? ?? ?? 45 33 C9 FF 15 ?? ?? ?? ?? B9 ?? ?? ?? ?? 8B F0 FF
+            15 ?? ?? ?? ?? 85 F6 7F ?? 48 8B CF E8 ?? ?? ?? ?? 48 8B CF E8 ?? ?? ?? ?? 44 8B 44
+            24 ?? 03 DE 41 3B D8 7C ?? 44 89 44 24 ?? 48 8D 97 ?? ?? ?? ?? 41 B8 ?? ?? ?? ?? 4C
+            8D 8D ?? ?? ?? ?? 48 8D 4D ?? E8 ?? ?? ?? ?? 44 8B 44 24 ?? 48 8D 95 ?? ?? ?? ?? 41
+            B9 ?? ?? ?? ?? E8 ?? ?? ?? ?? 48 8B 8D ?? ?? ?? ?? 48 33 CC E8 ?? ?? ?? ?? 48 8B 9C
+            24 ?? ?? ?? ?? 48 81 C4 ?? ?? ?? ?? 5F 5E 5D C3
+        }
+		$upload_file_to_c2 = {
+            48 89 5C 24 ?? 48 89 74 24 ?? 55 57 41 56 48 8D AC 24 ?? ?? ?? ?? B8 ?? ?? ?? ?? E8
+            ?? ?? ?? ?? 48 2B E0 48 8B 05 ?? ?? ?? ?? 48 33 C4 48 89 85 ?? ?? ?? ?? 48 8B 3D ??
+            ?? ?? ?? 45 8B F0 48 8B F2 48 8B 4F ?? 48 85 C9 74 ?? E8 ?? ?? ?? ?? 48 8D 15 ?? ??
+            ?? ?? 48 8B CE E8 ?? ?? ?? ?? 48 89 47 ?? 48 8B D8 48 85 C0 75 ?? FF 15 ?? ?? ?? ??
+            33 D2 48 8D 4C 24 ?? 8B D8 44 8D 42 ?? E8 ?? ?? ?? ?? 44 8B C3 48 8D 15 ?? ?? ?? ??
+            48 8D 4C 24 ?? E8 ?? ?? ?? ?? 48 8D 4C 24 ?? 48 83 C8 ?? 48 FF C0 80 3C 01 ?? 75 ??
+            4C 8B C8 4C 8D 44 24 ?? BA ?? ?? ?? ?? E9 ?? ?? ?? ?? 33 C0 C6 44 24 ?? ?? 33 D2 48
+            89 44 24 ?? 41 B8 ?? ?? ?? ?? 48 89 44 24 ?? 48 8D 4D ?? 66 89 44 24 ?? 88 44 24 ??
+            E8 ?? ?? ?? ?? 33 D2 48 8B CB 44 8D 42 ?? E8 ?? ?? ?? ?? 48 8B 4F ?? E8 ?? ?? ?? ??
+            44 8B C0 48 8D 15 ?? ?? ?? ?? 48 8D 4C 24 ?? E8 ?? ?? ?? ?? 48 8B 4F ?? 45 33 C0 41
+            8B D6 E8 ?? ?? ?? ?? 48 8D 4C 24 ?? 48 83 C8 ?? 48 FF C0 80 3C 01 ?? 75 ?? 89 44 24
+            ?? 45 33 C9 48 8D 44 24 ?? 4C 8B C6 48 89 44 24 ?? 45 8D 71 ?? 41 8B D6 E8 ?? ?? ??
+            ?? EB ?? 4C 8B 4F ?? 48 8D 4D ?? BA ?? ?? ?? ?? 41 B8 ?? ?? ?? ?? E8 ?? ?? ?? ?? B9
+            ?? ?? ?? ?? 48 8B D8 FF 15 ?? ?? ?? ?? 83 64 24 ?? ?? 4C 8D 45 ?? 48 83 64 24 ?? ??
+            44 8B CB 41 8B D6 E8 ?? ?? ?? ?? 84 C0 74 ?? 48 8B 4F ?? E8 ?? ?? ?? ?? 85 C0 74 ??
+            B9 ?? ?? ?? ?? FF 15 ?? ?? ?? ?? 41 B9 ?? ?? ?? ?? 4C 8B C6 41 8B D6 83 64 24 ?? ??
+            48 83 64 24 ?? ?? E8 ?? ?? ?? ?? 48 8B 4F ?? 48 85 C9 74 ?? E8 ?? ?? ?? ?? 48 8B 8D
+            ?? ?? ?? ?? 48 33 CC E8 ?? ?? ?? ?? 4C 8D 9C 24 ?? ?? ?? ?? 49 8B 5B ?? 49 8B 73 ??
+            49 8B E3 41 5E 5F 5D C3
+        }
+		$get_logical_drive_data_p1 = {
+            48 8B C4 55 57 41 54 41 56 41 57 48 8D A8 ?? ?? ?? ?? 48 81 EC ?? ?? ?? ?? 48 C7 44
+            24 ?? ?? ?? ?? ?? 48 89 58 ?? 48 89 70 ?? 48 8B 05 ?? ?? ?? ?? 48 33 C4 48 89 85 ??
+            ?? ?? ?? 48 8B F9 33 D2 41 B8 ?? ?? ?? ?? 48 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? C6 45
+            ?? ?? 33 C0 48 89 45 ?? 88 45 ?? 33 D2 33 C9 FF 15 ?? ?? ?? ?? 48 63 D8 48 8B CB E8
+            ?? ?? ?? ?? 48 8B F0 48 8B D0 8B CB FF 15 ?? ?? ?? ?? 45 33 E4 41 BE ?? ?? ?? ?? 45
+            8B C6 33 D2 48 8D 4D ?? E8 ?? ?? ?? ?? 45 8B C6 33 D2 48 8D 8D ?? ?? ?? ?? E8 ?? ??
+            ?? ?? 8B C3 99 83 E2 ?? 03 C2 C1 F8 ?? 85 C0 0F 8E ?? ?? ?? ?? 33 DB C6 44 24 ?? ??
+            4C 8B F6 44 8B F8 8A 04 33 88 44 24 ?? 49 8B CE FF 15 ?? ?? ?? ?? 83 F8 ?? 75 ?? 80
+            7F ?? ?? 75 ?? 0F B7 44 24 ?? 66 89 47 ?? C6 47 ?? ?? C6 47 ?? ?? 48 8D 15 ?? ?? ??
+            ?? EB ?? 83 F8 ?? 75 ?? 48 8D 15 ?? ?? ?? ?? EB ?? 83 F8 ?? 0F 85 ?? ?? ?? ?? 48 8D
+            15 ?? ?? ?? ?? 44 0F BE 04 33 48 8D 4D ?? E8 ?? ?? ?? ?? 0F B7 45 ?? 66 89 45 ?? 8A
+            45 ?? 88 45 ?? 4C 8D 4C 24 ?? 4C 8D 44 24 ?? 48 8D 54 24 ?? 48 8D 4D ?? FF 15 ?? ??
+            ?? ?? 85 C0 74 ?? 4C 8B 4C 24 ?? 49 C1 E9 ?? 4C 8B 44 24 ?? 49 C1 E8 ?? 48 8D 15 ??
+            ?? ?? ?? 48 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? FF 15 ?? ?? ?? ?? 48 C7 44 24 ?? ?? ??
+            ?? ?? 48 83 64 24 ?? ?? C6 44 24 ?? ?? 48 8D 95 ?? ?? ?? ?? 48 8D 4C 24 ?? E8 ?? ??
+            ?? ?? 90 48 C7 45 ?? ?? ?? ?? ?? 48 83 65 ?? ?? C6 44 24 ?? ?? 48 8D 55 ?? 48 8D 4C
+        }
+		$get_logical_drive_data_p2 = {
+            24 ?? E8 ?? ?? ?? ?? 90 48 8D 4F ?? 4C 8D 44 24 ?? 48 8D 54 24 ?? E8 ?? ?? ?? ?? 90
+            45 33 C0 B2 ?? 48 8D 4C 24 ?? E8 ?? ?? ?? ?? 90 45 33 C0 B2 ?? 48 8D 4C 24 ?? E8 ??
+            ?? ?? ?? 41 B8 ?? ?? ?? ?? 33 D2 48 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? 41 B8 ?? ?? ??
+            ?? 33 D2 48 8D 4D ?? E8 ?? ?? ?? ?? 49 83 C6 ?? 41 83 C4 ?? 48 83 C3 ?? 49 83 EF ??
+            0F 85 ?? ?? ?? ?? 48 8D 54 24 ?? 48 8D 4F ?? E8 ?? ?? ?? ?? 90 48 83 78 ?? ?? 72 ??
+            48 8B 00 4C 8B C0 48 8D 15 ?? ?? ?? ?? 48 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? 90 45 33
+            C0 B2 ?? 48 8D 4C 24 ?? E8 ?? ?? ?? ?? 48 8D 85 ?? ?? ?? ?? 49 83 C9 ?? 49 FF C1 42
+            80 3C 08 ?? 75 ?? 83 64 24 ?? ?? 48 83 64 24 ?? ?? 4C 8D 85 ?? ?? ?? ?? BA ?? ?? ??
+            ?? E8 ?? ?? ?? ?? 48 8D 4F ?? E8 ?? ?? ?? ?? 48 8B 8D ?? ?? ?? ?? 48 33 CC E8 ?? ??
+            ?? ?? 4C 8D 9C 24 ?? ?? ?? ?? 49 8B 5B ?? 49 8B 73 ?? 49 8B E3 41 5F 41 5E 41 5C 5F
+            5D C3
+        }
+		$get_os_information_p1 = {
+            48 8B C4 55 41 54 41 56 48 8D A8 ?? ?? ?? ?? 48 81 EC ?? ?? ?? ?? 48 C7 44 24 ?? ??
+            ?? ?? ?? 48 89 58 ?? 48 89 70 ?? 48 89 78 ?? 48 8B 05 ?? ?? ?? ?? 48 33 C4 48 89 85
+            ?? ?? ?? ?? 48 8B F1 33 D2 41 B8 ?? ?? ?? ?? 48 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? 48
+            8D 7E ?? 48 8B CF E8 ?? ?? ?? ?? 33 D2 41 B8 ?? ?? ?? ?? 48 8D 8D ?? ?? ?? ?? E8 ??
+            ?? ?? ?? 45 33 E4 44 89 64 24 ?? 48 8D 54 24 ?? 33 C9 FF 15 ?? ?? ?? ?? 8B 4C 24 ??
+            E8 ?? ?? ?? ?? 48 8B D8 44 8B 44 24 ?? 33 D2 48 8B C8 E8 ?? ?? ?? ?? 48 8D 54 24 ??
+            48 8B CB FF 15 ?? ?? ?? ?? 41 BE ?? ?? ?? ?? 45 8B C6 33 D2 48 8D 4D ?? E8 ?? ?? ??
+            ?? 44 89 74 24 ?? 48 8D 54 24 ?? 48 8D 4D ?? FF 15 ?? ?? ?? ?? 4C 8D 4D ?? 4C 8B C3
+            48 8D 15 ?? ?? ?? ?? 48 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? 45 8D 74 24 ?? 4C 89 74 24
+            ?? 4C 89 64 24 ?? 44 88 64 24 ?? 48 8D 95 ?? ?? ?? ?? 48 8D 4C 24 ?? E8 ?? ?? ?? ??
+            90 4C 89 74 24 ?? 4C 89 64 24 ?? 44 88 64 24 ?? 48 8D 15 ?? ?? ?? ?? 48 8D 4C 24 ??
+            E8 ?? ?? ?? ?? 90 4C 8D 44 24 ?? 48 8D 54 24 ?? 48 8B CF E8 ?? ?? ?? ?? 90 45 33 C0
+            B2 ?? 48 8D 4C 24 ?? E8 ?? ?? ?? ?? 90 45 33 C0 B2 ?? 48 8D 4C 24 ?? E8 ?? ?? ?? ??
+            41 8D 4C 24 ?? E8 ?? ?? ?? ?? 48 8B D8 33 C0 48 89 03 48 89 43 ?? 48 8D 0D ?? ?? ??
+            ?? FF 15 ?? ?? ?? ?? 48 8B 48 ?? 48 8B 11 8B 0A FF 15 ?? ?? ?? ?? 48 8B D0 45 8D 44
+        }
+		$get_os_information_p2 = {
+            24 ?? 48 8B CB FF 15 ?? ?? ?? ?? 4C 89 74 24 ?? 4C 89 64 24 ?? 44 88 64 24 ?? 48 8B
+            D3 48 8D 4C 24 ?? E8 ?? ?? ?? ?? 90 4C 89 74 24 ?? 4C 89 64 24 ?? 44 88 64 24 ?? 48
+            8D 15 ?? ?? ?? ?? 48 8D 4C 24 ?? E8 ?? ?? ?? ?? 90 4C 8D 44 24 ?? 48 8D 54 24 ?? 48
+            8B CF E8 ?? ?? ?? ?? 90 45 33 C0 B2 ?? 48 8D 4C 24 ?? E8 ?? ?? ?? ?? 90 45 33 C0 B2
+            ?? 48 8D 4C 24 ?? E8 ?? ?? ?? ?? 45 33 C0 48 8D 54 24 ?? 48 8B CE E8 ?? ?? ?? ?? 45
+            33 C0 B2 ?? 48 8D 4C 24 ?? E8 ?? ?? ?? ?? 48 8B CE E8 ?? ?? ?? ?? 48 8B CE E8 ?? ??
+            ?? ?? 48 8D 54 24 ?? 48 8B CE E8 ?? ?? ?? ?? 45 33 C0 B2 ?? 48 8D 4C 24 ?? E8 ?? ??
+            ?? ?? 48 8D 54 24 ?? 48 8B CF E8 ?? ?? ?? ?? 90 48 83 78 ?? ?? 72 ?? 48 8B 00 4C 8B
+            C0 48 8D 15 ?? ?? ?? ?? 48 8D 8D ?? ?? ?? ?? E8 ?? ?? ?? ?? 90 45 33 C0 B2 ?? 48 8D
+            4C 24 ?? E8 ?? ?? ?? ?? 48 8D 85 ?? ?? ?? ?? 49 83 C9 ?? 49 FF C1 46 38 24 08 75 ??
+            44 89 64 24 ?? 4C 89 64 24 ?? 4C 8D 85 ?? ?? ?? ?? BA ?? ?? ?? ?? E8 ?? ?? ?? ?? 48
+            8B 8D ?? ?? ?? ?? 48 33 CC E8 ?? ?? ?? ?? 4C 8D 9C 24 ?? ?? ?? ?? 49 8B 5B ?? 49 8B
+            73 ?? 49 8B 7B ?? 49 8B E3 41 5E 41 5C 5D C3
+        }
+
+	condition:
+		uint16( 0 ) == 0x5A4D and ( $download_file_from_c2 ) and ( $upload_file_to_c2 ) and ( all of ( $get_logical_drive_data_p* ) ) and ( all of ( $get_os_information_p* ) )
+}
 rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Njrat : TC_DETECTION MALICIOUS MALWARE FILE
 {
 	meta:
@@ -1724,8 +2039,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Njrat : TC_DETECTION MALICIOUS MALWARE
 		date = "2024-07-31"
 		modified = "2024-07-31"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/ByteCode.MSIL.Backdoor.NjRAT.yara#L1-L266"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/ByteCode.MSIL.Backdoor.NjRAT.yara#L1-L266"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "eeecf90965e6952d8b9efc9d1e96eaa47709b1d69fc7d435f4aebaaf0191f317"
 		score = 75
 		quality = 90
@@ -1954,8 +2269,8 @@ rule REVERSINGLABS_Linux_Backdoor_Autocolor : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2025-04-11"
 		modified = "2025-04-11"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Linux.Backdoor.AutoColor.yara#L1-L177"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Linux.Backdoor.AutoColor.yara#L1-L177"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "068d4d6916437197d4b3ac9c05803a35e15c00b0e70cb61ad6361981dc7cfee3"
 		score = 75
 		quality = 90
@@ -2117,8 +2432,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Orcusrat : TC_DETECTION MALICIOUS MALW
 		date = "2024-09-10"
 		modified = "2024-09-10"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/ByteCode.MSIL.Backdoor.OrcusRAT.yara#L1-L134"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/ByteCode.MSIL.Backdoor.OrcusRAT.yara#L1-L134"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "17a85613e9e4c862ce81fee49065c250381dbf8a50cf07d496f5fd2c1b82d92e"
 		score = 75
 		quality = 90
@@ -2234,8 +2549,8 @@ rule REVERSINGLABS_Linux_Backdoor_Bpfdoor : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2025-10-13"
 		modified = "2025-10-13"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Linux.Backdoor.BPFDoor.yara#L1-L326"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Linux.Backdoor.BPFDoor.yara#L1-L326"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9d3c5408180f5aedca77229c3ecaa499b71530b51d715cb4f35397f0874a84b8"
 		score = 75
 		quality = 90
@@ -2526,8 +2841,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Resolverrat : TC_DETECTION MALICIOUS M
 		date = "2025-06-30"
 		modified = "2025-06-30"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/ByteCode.MSIL.Backdoor.ResolverRAT.yara#L1-L94"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/ByteCode.MSIL.Backdoor.ResolverRAT.yara#L1-L94"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4847650c49d305ea3c3e1dd23efefe03c485cff78253a49e06ee45bb46ebf360"
 		score = 75
 		quality = 90
@@ -2610,8 +2925,8 @@ rule REVERSINGLABS_Win64_Backdoor_Konni : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2023-12-07"
 		modified = "2023-12-07"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Win64.Backdoor.Konni.yara#L1-L205"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Win64.Backdoor.Konni.yara#L1-L205"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "37c45e3ed23ca9f4de876f666c9f6d9bf7eee5cb1650b02cdd9f58e2ccc4b5cb"
 		score = 75
 		quality = 90
@@ -2799,8 +3114,8 @@ rule REVERSINGLABS_Win32_Backdoor_Minodo : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2023-06-07"
 		modified = "2023-06-07"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Win64.Backdoor.Minodo.yara#L1-L110"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Win64.Backdoor.Minodo.yara#L1-L110"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "807408699fe00c8d1170598050e533dd0d79bb170f2538b6b6227cda7410060b"
 		score = 75
 		quality = 90
@@ -2895,8 +3210,8 @@ rule REVERSINGLABS_Linux_Backdoor_Krasue : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2024-03-04"
 		modified = "2024-03-04"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Linux.Backdoor.Krasue.yara#L1-L127"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Linux.Backdoor.Krasue.yara#L1-L127"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e2daa35ef9e0793062c9fb3bd8e4838e1e81ee3d228d8117b1c3b0e72eb8e151"
 		score = 75
 		quality = 90
@@ -3006,8 +3321,8 @@ rule REVERSINGLABS_Win64_Backdoor_Wmrat : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2025-03-17"
 		modified = "2025-03-17"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Win64.Backdoor.wmRAT.yara#L1-L144"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Win64.Backdoor.wmRAT.yara#L1-L144"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "23aadaf1571f23b3f02191e3079171c981d4969d0bd266d6db8c95fc091a1606"
 		score = 75
 		quality = 90
@@ -3137,8 +3452,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Limerat : TC_DETECTION MALICIOUS MALWA
 		date = "2024-03-04"
 		modified = "2024-03-04"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/ByteCode.MSIL.Backdoor.LimeRAT.yara#L1-L91"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/ByteCode.MSIL.Backdoor.LimeRAT.yara#L1-L91"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "03eaa2ac41950f036601222b32a28c03aae3b3445501e988e2f87e231a1a1522"
 		score = 75
 		quality = 90
@@ -3217,8 +3532,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Menorah : TC_DETECTION MALICIOUS MALWA
 		date = "2024-05-10"
 		modified = "2024-05-10"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/ByteCode.MSIL.Backdoor.Menorah.yara#L1-L169"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/ByteCode.MSIL.Backdoor.Menorah.yara#L1-L169"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "770aefca192ceb3a778c0b1259105ace8e64cb35d0c34acb15c45fb6f22ad94b"
 		score = 75
 		quality = 90
@@ -3376,8 +3691,8 @@ rule REVERSINGLABS_Win64_Backdoor_Backconnect : TC_DETECTION MALICIOUS MALWARE F
 		date = "2025-04-11"
 		modified = "2025-04-11"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Win64.Backdoor.BackConnect.yara#L1-L154"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Win64.Backdoor.BackConnect.yara#L1-L154"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7089d5f2dab21755e83ca81ea6cf0f8a55fa261fa2c556759812b16a3d78608a"
 		score = 75
 		quality = 90
@@ -3517,8 +3832,8 @@ rule REVERSINGLABS_Linux_Backdoor_GTPDOOR : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2024-09-10"
 		modified = "2024-09-10"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Linux.Backdoor.GTPDOOR.yara#L1-L264"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Linux.Backdoor.GTPDOOR.yara#L1-L264"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b7b4b33b7838142e34c6d02260b6585305c4730c90e12b1adc099f9aeecf071a"
 		score = 75
 		quality = 90
@@ -3747,8 +4062,8 @@ rule REVERSINGLABS_Linux_Backdoor_Sshdinjector : TC_DETECTION MALICIOUS MALWARE
 		date = "2025-03-27"
 		modified = "2025-03-27"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Linux.Backdoor.Sshdinjector.yara#L1-L197"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Linux.Backdoor.Sshdinjector.yara#L1-L197"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9370b59a3317ac14b5791723411216315e480fad7419d248aaed42a19312da0c"
 		score = 75
 		quality = 90
@@ -3929,8 +4244,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Veaty : TC_DETECTION MALICIOUS MALWARE
 		date = "2025-10-13"
 		modified = "2025-10-13"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/ByteCode.MSIL.Backdoor.Veaty.yara#L1-L84"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/ByteCode.MSIL.Backdoor.Veaty.yara#L1-L84"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "77e5ffee617b5d4e4b28d99b25dd6ea2f89551a702c6a25a2db3edbf941d034d"
 		score = 75
 		quality = 90
@@ -4007,8 +4322,8 @@ rule REVERSINGLABS_Win64_Backdoor_Sidetwist : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2024-03-18"
 		modified = "2024-03-18"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Win64.Backdoor.SideTwist.yara#L1-L154"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Win64.Backdoor.SideTwist.yara#L1-L154"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "811fa73ede59493c71435743848a3fce3a1604ec4065ffcb0b43e9715dfa5c31"
 		score = 75
 		quality = 90
@@ -4142,8 +4457,8 @@ rule REVERSINGLABS_Win64_Backdoor_Voldemort : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2024-10-09"
 		modified = "2024-10-09"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Win64.Backdoor.Voldemort.yara#L1-L208"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Win64.Backdoor.Voldemort.yara#L1-L208"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1fe2abe17436d2965e34d1f10223af50d9600809fdef234e7d89c74fa33228a9"
 		score = 75
 		quality = 90
@@ -4331,8 +4646,8 @@ rule REVERSINGLABS_Linux_Backdoor_Noodrat : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2024-08-26"
 		modified = "2024-08-26"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Linux.Backdoor.NoodRAT.yara#L1-L162"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Linux.Backdoor.NoodRAT.yara#L1-L162"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2ec4a8ba7428054edb4dcdb6a00015b9758badf515f2c210bb946ba5402674d2"
 		score = 75
 		quality = 90
@@ -4478,8 +4793,8 @@ rule REVERSINGLABS_Linux_Backdoor_Chaosrat : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2025-06-30"
 		modified = "2025-06-30"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Linux.Backdoor.ChaosRAT.yara#L1-L270"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Linux.Backdoor.ChaosRAT.yara#L1-L270"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "09a11559384f3e01c8ac304d933a8279175c676fba9ec70627f44b76e90090f9"
 		score = 75
 		quality = 90
@@ -4707,8 +5022,8 @@ rule REVERSINGLABS_Linux_Backdoor_Pondrat : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2025-09-22"
 		modified = "2025-09-22"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Linux.Backdoor.PondRAT.yara#L1-L99"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Linux.Backdoor.PondRAT.yara#L1-L99"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d3a1e7fa39e35574164ebdb1c4d8b63937cb4ee135734056efc24771151c1091"
 		score = 75
 		quality = 90
@@ -4799,8 +5114,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Backdoor_Asyncrat : TC_DETECTION MALICIOUS MALW
 		date = "2024-05-22"
 		modified = "2024-05-22"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/ByteCode.MSIL.Backdoor.AsyncRAT.yara#L1-L149"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/ByteCode.MSIL.Backdoor.AsyncRAT.yara#L1-L149"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "53a13975cd53b571910f951adc44707c11b86c003eeb7b88dbe701253645ac89"
 		score = 75
 		quality = 90
@@ -4923,8 +5238,8 @@ rule REVERSINGLABS_Linux_Trojan_Chinaz : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2024-07-31"
 		modified = "2024-07-31"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Linux.Trojan.ChinaZ.yara#L1-L246"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Linux.Trojan.ChinaZ.yara#L1-L246"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d8d08f4f3f36ecc7b219b6b1aae3c76d26e8fb3a44444763929190c6124532ff"
 		score = 75
 		quality = 90
@@ -5133,8 +5448,8 @@ rule REVERSINGLABS_Linux_Backdoor_Linodas : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2024-05-22"
 		modified = "2024-05-22"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Linux.Backdoor.Linodas.yara#L1-L216"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Linux.Backdoor.Linodas.yara#L1-L216"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "12445771106e36b74b1ea292a8a25cab66bcaf0a08cf88d39a9f1bb13c6f525b"
 		score = 75
 		quality = 90
@@ -5314,8 +5629,8 @@ rule REVERSINGLABS_Win64_Backdoor_Miyarat : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2025-02-27"
 		modified = "2025-02-27"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/backdoor/Win64.Backdoor.MiyaRAT.yara#L1-L264"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/backdoor/Win64.Backdoor.MiyaRAT.yara#L1-L264"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a06deed11a7bdaa17b4cb69da1bd66ff2f2072af8cf4081f7481a51e4567135d"
 		score = 75
 		quality = 90
@@ -5563,8 +5878,8 @@ rule REVERSINGLABS_Win32_Trojan_Trickbot : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/trojan/Win32.Trojan.TrickBot.yara#L1-L46"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/trojan/Win32.Trojan.TrickBot.yara#L1-L46"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e10f16c70f1ff7cf11d3e25f06e4c5d9e20c51688582d2b51322f768a8e06d7e"
 		score = 75
 		quality = 90
@@ -5607,8 +5922,8 @@ rule REVERSINGLABS_Win32_Trojan_Bibiwiper : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/trojan/Win32.Trojan.BiBiWiper.yara#L1-L102"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/trojan/Win32.Trojan.BiBiWiper.yara#L1-L102"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d75954c05a8f82ad90a4adf6a2a3748928488ddebe40d8f8a790bfcde0b02a11"
 		score = 75
 		quality = 90
@@ -5705,8 +6020,8 @@ rule REVERSINGLABS_Win32_Trojan_Emotet : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2021-11-16"
 		modified = "2021-11-16"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/trojan/Win32.Trojan.Emotet.yara#L1-L182"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/trojan/Win32.Trojan.Emotet.yara#L1-L182"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "747d603c9849a66782c95050a4a634ffdb4ce2882adcfc5d63e1f1ea1651b25e"
 		score = 75
 		quality = 90
@@ -5851,8 +6166,8 @@ rule REVERSINGLABS_Linux_Trojan_Bibiwiper : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/trojan/Linux.Trojan.BiBiWiper.yara#L1-L76"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/trojan/Linux.Trojan.BiBiWiper.yara#L1-L76"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8f290141d5da660463dede6df571d774448e136e2993a0a4c706245464e1239e"
 		score = 75
 		quality = 90
@@ -5927,8 +6242,8 @@ rule REVERSINGLABS_Win32_Trojan_Hermeticwiper : TC_DETECTION MALICIOUS MALWARE F
 		date = "2022-02-24"
 		modified = "2022-02-24"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/trojan/Win32.Trojan.HermeticWiper.yara#L1-L50"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/trojan/Win32.Trojan.HermeticWiper.yara#L1-L50"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0fa519ce8285ffe4e49c2a301e8a0fd0516a05dc6b41ee0b010fdc76dd6e195e"
 		score = 75
 		quality = 90
@@ -5980,8 +6295,8 @@ rule REVERSINGLABS_Win32_Trojan_Dridex : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-09-16"
 		modified = "2020-09-16"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/trojan/Win32.Trojan.Dridex.yara#L1-L80"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/trojan/Win32.Trojan.Dridex.yara#L1-L80"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7eddc8f33846dfb61302b7d7fddd8dec59a1bde05b14135c14131a02e2c19600"
 		score = 75
 		quality = 90
@@ -6053,8 +6368,8 @@ rule REVERSINGLABS_Linux_Trojan_Acidrain : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2024-05-10"
 		modified = "2024-05-10"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/trojan/Linux.Trojan.AcidRain.yara#L1-L67"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/trojan/Linux.Trojan.AcidRain.yara#L1-L67"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5b47a0de8bda09d217f8a148e561f3da7ce4945f011f4a9b5dbbca88157d3080"
 		score = 75
 		quality = 90
@@ -6114,8 +6429,8 @@ rule REVERSINGLABS_Win32_Trojan_Pathwiper : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2025-08-26"
 		modified = "2025-08-26"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/trojan/Win32.Trojan.PathWiper.yara#L1-L280"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/trojan/Win32.Trojan.PathWiper.yara#L1-L280"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d439cb7c369405f3938d856e1ad92b47889d0f0cad45f718a8d0c86dd7f5a461"
 		score = 75
 		quality = 90
@@ -6375,8 +6690,8 @@ rule REVERSINGLABS_Win32_Trojan_Caddywiper : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2022-03-15"
 		modified = "2022-03-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/trojan/Win32.Trojan.CaddyWiper.yara#L1-L95"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/trojan/Win32.Trojan.CaddyWiper.yara#L1-L95"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "178ff4171c09866f6b303bdff234beff1116d268995ee4dc236332e472d645b1"
 		score = 75
 		quality = 90
@@ -6462,8 +6777,8 @@ rule REVERSINGLABS_Win32_Trojan_Isaacwiper : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2022-03-02"
 		modified = "2022-03-02"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/trojan/Win32.Trojan.IsaacWiper.yara#L1-L76"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/trojan/Win32.Trojan.IsaacWiper.yara#L1-L76"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c9fa43f44c33816a66f61255d101294da63df1afc5a27ed5817072040cd1eec5"
 		score = 75
 		quality = 90
@@ -6541,8 +6856,8 @@ rule REVERSINGLABS_Win32_Virus_Cmay : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/virus/Win32.Virus.Cmay.yara#L3-L73"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/virus/Win32.Virus.Cmay.yara#L3-L73"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f3bdf772eb80c632a913621732d12ae4a02bc7d3ba41f51711aa329be2ca6220"
 		score = 75
 		quality = 90
@@ -6616,8 +6931,8 @@ rule REVERSINGLABS_Win32_Virus_Awfull : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/virus/Win32.Virus.Awfull.yara#L3-L33"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/virus/Win32.Virus.Awfull.yara#L3-L33"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "84a4faee4cbbb3387ad25bd9230c6482b8db461bc008312bc782f23e3df2eae3"
 		score = 75
 		quality = 90
@@ -6650,12 +6965,12 @@ rule REVERSINGLABS_Linux_Virus_Vit : TC_DETECTION MALICIOUS MALWARE FILE
 		description = "Yara rule that detects Vit virus."
 		author = "ReversingLabs"
 		id = "4515fe43-4c5a-521d-82b7-273823f0c64e"
-		date = "2025-11-02"
-		date = "2025-11-02"
+		date = "2025-11-04"
+		date = "2025-11-04"
 		modified = "2023-06-07"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/virus/Linux.Virus.Vit.yara#L3-L36"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/virus/Linux.Virus.Vit.yara#L3-L36"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2fba7a081dfca85aee5c7f3b33414b799ed52ca6aa5bbf031da040aaa75acde9"
 		score = 40
 		quality = 90
@@ -6692,8 +7007,8 @@ rule REVERSINGLABS_Win32_Virus_Mocket : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/virus/Win32.Virus.Mocket.yara#L3-L58"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/virus/Win32.Virus.Mocket.yara#L3-L58"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "af16974396efe7a1a46aa39b812482dcc49d0fe95db6640c1703db479e7ea9dc"
 		score = 75
 		quality = 90
@@ -6753,8 +7068,8 @@ rule REVERSINGLABS_Win32_Virus_Negt : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/virus/Win32.Virus.Negt.yara#L3-L94"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/virus/Win32.Virus.Negt.yara#L3-L94"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "43057ef111fc505678606386c8d428653da391f4b65844d81479ca05e3517346"
 		score = 75
 		quality = 90
@@ -6845,8 +7160,8 @@ rule REVERSINGLABS_Win32_Virus_Elerad : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/virus/Win32.Virus.Elerad.yara#L3-L33"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/virus/Win32.Virus.Elerad.yara#L3-L33"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "930594bf99daf55ef02542ce7b393c1c23ead75946b3da3b555102a2e7142e33"
 		score = 75
 		quality = 90
@@ -6882,8 +7197,8 @@ rule REVERSINGLABS_Win32_Virus_Deadcode : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/virus/Win32.Virus.DeadCode.yara#L3-L76"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/virus/Win32.Virus.DeadCode.yara#L3-L76"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6ac2e48daaed222f0a19afd4d03a02834705e0e3762db3217f68569554171846"
 		score = 75
 		quality = 90
@@ -6954,8 +7269,8 @@ rule REVERSINGLABS_Win32_Virus_Greenp : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/virus/Win32.Virus.Greenp.yara#L3-L46"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/virus/Win32.Virus.Greenp.yara#L3-L46"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ca6df34ee2ad9d93e35b0d1a2d4765f681f3981ffe2786bbc822c3090212fd02"
 		score = 75
 		quality = 90
@@ -7003,8 +7318,8 @@ rule REVERSINGLABS_Win32_Downloader_Dlmarlboro : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-23"
 		modified = "2020-07-23"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/downloader/Win32.Downloader.dlMarlboro.yara#L1-L79"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/downloader/Win32.Downloader.dlMarlboro.yara#L1-L79"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "465a3b3a9686889001ac0b929d0349e44b6015eaeed3386361366def5013164a"
 		score = 75
 		quality = 90
@@ -7085,8 +7400,8 @@ rule REVERSINGLABS_Linux_Rootkit_Pumakit : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2025-08-26"
 		modified = "2025-08-26"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/rootkit/Linux.Rootkit.Pumakit.yara#L1-L161"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/rootkit/Linux.Rootkit.Pumakit.yara#L1-L161"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "437ed7db3f71106b3e30f11ccbd43e66b7b79fc92dc5372d9497a4d2c328b55c"
 		score = 75
 		quality = 90
@@ -7236,8 +7551,8 @@ rule REVERSINGLABS_Win32_PUA_Domaiq : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-28"
 		modified = "2020-07-28"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/pua/Win32.PUA.Domaiq.yara#L1-L169"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/pua/Win32.PUA.Domaiq.yara#L1-L169"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e291a639aa027a2257eec2853e40a222afabf23b32898326a1d5b48be823202c"
 		score = 75
 		quality = 90
@@ -7381,8 +7696,8 @@ rule REVERSINGLABS_Cert_Blocklist_05E2E6A4Cd09Ea54D665B075Fe22A256 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L27-L43"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L27-L43"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "43da21d9c7ae9bfcc7fe4ee69f9d46cbce1954785d56c1d424b36deb8afe592e"
 		score = 75
 		quality = 90
@@ -7405,8 +7720,8 @@ rule REVERSINGLABS_Cert_Blocklist_77019A082385E4B73F569569C9F87Bb8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L45-L61"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L45-L61"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8613986005bdd30d92e633fa2058be5c43f1c530b9dc6d80ec953f12f6d66ce7"
 		score = 75
 		quality = 90
@@ -7429,8 +7744,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F2Ef29Ca5F96E5777B82C62F34Fd3A6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L63-L79"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L63-L79"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e8f27c4a72f416a16acabb1de606fdde7dc694256809fdb952a25313dda0d34e"
 		score = 75
 		quality = 90
@@ -7453,8 +7768,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Cc1Db2Ad0A290A4Bfe7A5F336D6800C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L81-L97"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L81-L97"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c9f91edb525a02041bc20dff25ec58323f8fabd4d2a2eca63238ecb10ccef2a6"
 		score = 75
 		quality = 90
@@ -7477,8 +7792,8 @@ rule REVERSINGLABS_Cert_Blocklist_13C8351Aece71C731158980F575F4133 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L99-L115"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L99-L115"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f96723845adc8030b72c119311103d5c2cf136e79de226d31141d8b925ce8e75"
 		score = 75
 		quality = 90
@@ -7501,8 +7816,8 @@ rule REVERSINGLABS_Cert_Blocklist_4531954F6265304055F66Ce4F624F95B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L117-L133"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L117-L133"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "58d3a2a5e3f6730f329bddb171ad6332794fa95848825b892c3b8324f503ae89"
 		score = 75
 		quality = 90
@@ -7525,8 +7840,8 @@ rule REVERSINGLABS_Cert_Blocklist_0E808F231515Bc519Eea1A73Cdf3266F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L135-L151"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L135-L151"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "05e466e304ed7a8f5c1c93aac4a4b7019d6fb1e07aeb45d078b657f838d1f3bd"
 		score = 75
 		quality = 90
@@ -7549,8 +7864,8 @@ rule REVERSINGLABS_Cert_Blocklist_36Be4Ad457F062Fa77D87595B8Ccc8Cf : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L153-L169"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L153-L169"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d19a6f22a1e702a4da69c867195722adf8f1dd84539f2c584af428fe4b1caf79"
 		score = 75
 		quality = 90
@@ -7573,8 +7888,8 @@ rule REVERSINGLABS_Cert_Blocklist_75A38507Bf403B152125B8F5Ce1B97Ad : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L171-L187"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L171-L187"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "af21cee3ee92268c3aa0106a245e5a00c5ba892fca3e4fd2dc55e302ed5d470a"
 		score = 75
 		quality = 90
@@ -7597,8 +7912,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Effa8B216E24B16202940C1Bc2Fa8A5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L189-L205"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L189-L205"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b5282fc85bbbee50c5307fff923e9e477fed8c011288e2ebd61c4b3ee801bc62"
 		score = 75
 		quality = 90
@@ -7621,8 +7936,8 @@ rule REVERSINGLABS_Cert_Blocklist_57D7153A89Bbf4729Be87F3C927043Aa : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L207-L223"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L207-L223"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a8de7951bd25c8a9346ef341d8bf9c9147f9fa6913e952be40fb43d3d7a370c1"
 		score = 75
 		quality = 90
@@ -7645,8 +7960,8 @@ rule REVERSINGLABS_Cert_Blocklist_028E1Deccf93D38Ecf396118Dfe908B4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L225-L241"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L225-L241"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b07c797652ef19c7e0b23c3eddbbbf2700160d743d71a0005b950160474638d8"
 		score = 75
 		quality = 90
@@ -7669,8 +7984,8 @@ rule REVERSINGLABS_Cert_Blocklist_40575Df73Eaa1B6140C7Ef62C08Bf216 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L243-L259"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L243-L259"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7da8e98f38413e5cbb18e3c7771c530afb766dd9fbeb8fdd2264617aff24f920"
 		score = 75
 		quality = 90
@@ -7693,8 +8008,8 @@ rule REVERSINGLABS_Cert_Blocklist_049Ce8C47F1F0E650Cb086F0Cfa7Ca53 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L261-L277"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L261-L277"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9ae4a236e1252afc1db6fae4e388a53ebde7e724cc07c213d4bfc176cf0a0096"
 		score = 75
 		quality = 90
@@ -7717,8 +8032,8 @@ rule REVERSINGLABS_Cert_Blocklist_29F42680E653Cf8Fafd0E935553F7E86 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L279-L295"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L279-L295"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6c726e4c2933a6472d256a18ea5265660ff035d05036ab9cae3409ab5a7c7598"
 		score = 75
 		quality = 90
@@ -7741,8 +8056,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C15 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L297-L313"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L297-L313"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1ee88813270dddeeedd90edbce9be2ce74303a6799ee64b0e9bfaea7377d3b2d"
 		score = 75
 		quality = 90
@@ -7765,8 +8080,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C0F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L315-L331"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L315-L331"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0f8fda07dc362b7e04892446f1abe1e5f5717ee715824a2c1f6550096c366701"
 		score = 75
 		quality = 90
@@ -7789,8 +8104,8 @@ rule REVERSINGLABS_Cert_Blocklist_06A164Ec5978497741Ee6Cec9966871B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L333-L349"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L333-L349"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8a27015d94a3bd8543a8ca9202831ffc9c9e65f61bf26ed6825c3e746b6af0d4"
 		score = 75
 		quality = 90
@@ -7813,8 +8128,8 @@ rule REVERSINGLABS_Cert_Blocklist_1121Ed568764E75Be35574448Feadefcd3Bc : INFO FI
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L351-L367"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L351-L367"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3316a2536920c5aa9dd627cec7678e6fe33c722b4830dd740009c20dd013c9ab"
 		score = 75
 		quality = 90
@@ -7837,8 +8152,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Ed2450Ceac0F72E73Fda1727E66E654 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L369-L385"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L369-L385"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0e5af7795c825367d441c8abc2aa835fa83083eb8ee1f723c7d2dacff1ca88ff"
 		score = 75
 		quality = 90
@@ -7861,8 +8176,8 @@ rule REVERSINGLABS_Cert_Blocklist_32665079C5A5854A6833623Ca77Ff5Ac : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L387-L403"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L387-L403"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6b734ca733c5fbadcb490ffd4c19c951e0fc17dd9b660eca948b126038c42cdb"
 		score = 75
 		quality = 90
@@ -7885,8 +8200,8 @@ rule REVERSINGLABS_Cert_Blocklist_01A90094C83412C00Cf98Dd2Eb0D7042 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L405-L421"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L405-L421"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5a3de0e6de5cda39e40988f9e2324cbee3e059aff5ceaf7fd819de8bf7215808"
 		score = 75
 		quality = 90
@@ -7909,8 +8224,8 @@ rule REVERSINGLABS_Cert_Blocklist_55Efe24B9674855Baf16E67716479C71 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L423-L439"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L423-L439"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2cf7a76ae3c3a698564013ff545c74d0319face5aa19416c93bf10f45f84f8c9"
 		score = 75
 		quality = 90
@@ -7933,8 +8248,8 @@ rule REVERSINGLABS_Cert_Blocklist_094Bf19D509D3074913995160B195B6C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L441-L457"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L441-L457"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3c1ed012716f36876d9375838befb9821b87cafc6aca57a0f18392f80f5ba325"
 		score = 75
 		quality = 90
@@ -7957,8 +8272,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A77Cf3Ba49B64E6Cbe5Fb4A6A6Aacc6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L459-L475"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L459-L475"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3bebc4a36b57526505167d8f075d468e4775d66c81ce08644c506d9be94efba0"
 		score = 75
 		quality = 90
@@ -7981,8 +8296,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F4C22Da1107D20C1Eda04569D58E573 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L477-L493"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L477-L493"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fe19c4b21c3b70ec571461ca6d9c370a971c01f2d68e3c3916aa1fa0f13b20f8"
 		score = 75
 		quality = 90
@@ -8005,8 +8320,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Fe68D48634893D18De040D8F1C289D2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L495-L511"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L495-L511"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "41feebc8800a084ac369b5c5721b1362d371bd503b67823986bad2839157a4b0"
 		score = 75
 		quality = 90
@@ -8029,8 +8344,8 @@ rule REVERSINGLABS_Cert_Blocklist_6767Def972D6Ea702D8C8A53Af1832D3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L513-L529"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L513-L529"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "aa7f997449b4b8dcf488cfb7f45ee98ca540d39fb861f5b01ff4bb4aa1875b72"
 		score = 75
 		quality = 90
@@ -8053,8 +8368,8 @@ rule REVERSINGLABS_Cert_Blocklist_06477E3425F1448995Ced539789E6842 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L531-L547"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L531-L547"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c0bc7808bb6bcc8273a887203c1b47d1a49fcb7719863e6bc97b5c7404a254f7"
 		score = 75
 		quality = 90
@@ -8077,8 +8392,8 @@ rule REVERSINGLABS_Cert_Blocklist_0450A7C1C36951Da09C8Ad0E7F716Ff2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L549-L565"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L549-L565"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cb594607ceef1b8d79145ad3905fb2c38d2ed3f3e6c8a0a793fc2dc9d0a21855"
 		score = 75
 		quality = 90
@@ -8101,8 +8416,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F9Fbdab9B39645Cf3211F87Abb5Ddb7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L567-L583"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L567-L583"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ba5885c7769b5ead261815880033b0df50dc4f7684fdb37398ab01bfebda0e37"
 		score = 75
 		quality = 90
@@ -8125,8 +8440,8 @@ rule REVERSINGLABS_Cert_Blocklist_4211D2E4F0E87127319302C55B85Bcf2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L585-L601"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L585-L601"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "edf9bbface7fe943dfa4f5a6e8469802ccdbd3de9d3e6b8fabebb024c21bb9a9"
 		score = 75
 		quality = 90
@@ -8149,8 +8464,8 @@ rule REVERSINGLABS_Cert_Blocklist_07B44Cdbfffb78De05F4261672A67312 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L603-L619"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L603-L619"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c88a8543782fc49d8aa68f3fc8052bd3316d10118dfb2ef2eef5006de657b6f1"
 		score = 75
 		quality = 90
@@ -8173,8 +8488,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F8B9A1Ba5E60C754Dbb40Ddee7905E2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L621-L637"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L621-L637"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2a0d07d47cd41db5dc170a29607b6c1f2e3b7c0785f83b211f68f9cb9368e350"
 		score = 75
 		quality = 90
@@ -8197,8 +8512,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A389B95Ee736Dd13Bc0Ed743Fd74D2F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L639-L655"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L639-L655"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8b83e4aa47cea7cadf4b4a9f4e044478a62f4233e082fb52f9ed906d80a552aa"
 		score = 75
 		quality = 90
@@ -8221,8 +8536,8 @@ rule REVERSINGLABS_Cert_Blocklist_1A3Faaeb3A8B93B2394Fec36345996E6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L657-L673"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L657-L673"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a3bd9aaba8dbdb340b5d3013684584524eb08b11339985ba6ca0291b8c8bc692"
 		score = 75
 		quality = 90
@@ -8245,8 +8560,8 @@ rule REVERSINGLABS_Cert_Blocklist_1A35Acce5B0C77206B1C3Dc2A6A2417C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L675-L691"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L675-L691"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ce161fdd511e0efa042516ead09c6ab5f8dcf54f2087cdccbfed8e7cdfbd25b2"
 		score = 75
 		quality = 90
@@ -8269,8 +8584,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Eb40Ea11Eaac847B050De9B59E25Bdc : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L693-L709"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L693-L709"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d0e7ab78fb42c9a8f19cba8e6a8b15d584651a23f1088e1f311589d46145e963"
 		score = 75
 		quality = 90
@@ -8293,8 +8608,8 @@ rule REVERSINGLABS_Cert_Blocklist_6724340Ddbc7252F7Fb714B812A5C04D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L711-L727"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L711-L727"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bc72c2ca5f81198684233e23260831da5b9ef4e7ac5a25abbdb303eecc38bd53"
 		score = 75
 		quality = 90
@@ -8317,8 +8632,8 @@ rule REVERSINGLABS_Cert_Blocklist_0813Ee9B7B9D7C46001D6Bc8784Df1Dd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L729-L745"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L729-L745"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1a25a2f25fa8d5075113cbafb73e80e741268d6b2f9e629fd54ffca9e82409b0"
 		score = 75
 		quality = 90
@@ -8341,8 +8656,8 @@ rule REVERSINGLABS_Cert_Blocklist_530591C61B5E1212F659138B7Cea0A97 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L747-L763"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L747-L763"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0ef01e542d145475713bbd373bdcdae5f25bfd823a60e7d40fe9a6b6039c83e0"
 		score = 75
 		quality = 90
@@ -8365,8 +8680,8 @@ rule REVERSINGLABS_Cert_Blocklist_07270Ff9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L765-L781"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L765-L781"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8f0da7c330464184fa1d5bf8d51dd8ad2e8637710a36972dcab03629cb57e910"
 		score = 75
 		quality = 90
@@ -8389,8 +8704,8 @@ rule REVERSINGLABS_Cert_Blocklist_0727100D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L783-L799"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L783-L799"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a09f4004ed002b90d67a3baddde74832e6c7b70e8b330347ef169460750aa344"
 		score = 75
 		quality = 90
@@ -8413,8 +8728,8 @@ rule REVERSINGLABS_Cert_Blocklist_07271003 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L801-L817"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L801-L817"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "14c201b4fdda5b3553732a173a3d6705129c54f2a50d26997d63a77be8504285"
 		score = 75
 		quality = 90
@@ -8437,8 +8752,8 @@ rule REVERSINGLABS_Cert_Blocklist_013134Bf : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L819-L835"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L819-L835"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1ade100c310c22bce25bcc6687855bd4eb6364b64cf31514b2548509a16e4a36"
 		score = 75
 		quality = 90
@@ -8461,8 +8776,8 @@ rule REVERSINGLABS_Cert_Blocklist_01314476 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L837-L853"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L837-L853"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6f2f3f3ae009fbb9ebe589fc6b640be89c4a7b734eda515f182c7e9c9ffb4779"
 		score = 75
 		quality = 90
@@ -8485,8 +8800,8 @@ rule REVERSINGLABS_Cert_Blocklist_013169B0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L855-L871"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L855-L871"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "354421ebad7fd0b73c9ba63630c91d481901ca9ec39be3c6b66843221e4b5aad"
 		score = 75
 		quality = 90
@@ -8509,8 +8824,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C76Da9C910C4E2C9Efe15D058933C4C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L873-L889"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L873-L889"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "883e93bff42161ba68f69fb17f7e78377d7f3cb6b6cdf72cffb4166466f8bc7b"
 		score = 75
 		quality = 90
@@ -8533,8 +8848,8 @@ rule REVERSINGLABS_Cert_Blocklist_469C2Caf : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L891-L907"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L891-L907"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2490dbd74a5d3eede494d284f96af835c270d2fb0752b887aadbaf92bf34e6d4"
 		score = 75
 		quality = 90
@@ -8557,8 +8872,8 @@ rule REVERSINGLABS_Cert_Blocklist_469C3Cc9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L909-L925"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L909-L925"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7327b7cbeb616bc46c82975aed6b3ea1caafa74fd431e2d98ca55b00851e22c8"
 		score = 75
 		quality = 90
@@ -8581,8 +8896,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A82Bd1E144E8814D75B1A5527Bebf3E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L927-L943"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L927-L943"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2534e58ce1e5adbb10dbacb664d40cc32faec341bdb93b926cc85b666cc7b77e"
 		score = 75
 		quality = 90
@@ -8605,8 +8920,8 @@ rule REVERSINGLABS_Cert_Blocklist_469C2Cb0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L945-L961"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L945-L961"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "67ff84475cbe231f97daa3ce623689e7936db8e56be562778f8a4c1ebf7bf316"
 		score = 75
 		quality = 90
@@ -8629,8 +8944,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C0E636A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L963-L979"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L963-L979"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "20169cf9ce3f271a22d1376bcf0ff0914f43937738c9ed61fd8e40179405136b"
 		score = 75
 		quality = 90
@@ -8653,8 +8968,8 @@ rule REVERSINGLABS_Cert_Blocklist_072714A9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L981-L997"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L981-L997"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8bea4cfb60056446043ef90a7d01ecc52d82d9e7005a145a4daa61a522ecd2ae"
 		score = 75
 		quality = 90
@@ -8677,8 +8992,8 @@ rule REVERSINGLABS_Cert_Blocklist_00D8F35F4Eb7872B2Dab0692E315382Fb0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L999-L1017"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L999-L1017"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "463757c59c32859163ea80e694e1f39239c857124aad3895f22f83b47645910c"
 		score = 75
 		quality = 90
@@ -8701,8 +9016,8 @@ rule REVERSINGLABS_Cert_Blocklist_750E40Ff97F047Edf556C7084Eb1Abfd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1019-L1035"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1019-L1035"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "21c2468905514e1725a206814b0c61c576cf7f97f184bac857bca9283f49a957"
 		score = 75
 		quality = 90
@@ -8725,8 +9040,8 @@ rule REVERSINGLABS_Cert_Blocklist_1B5190F73724399C9254Cd424637996A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1037-L1053"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1037-L1053"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "08f287ccda93e03a7e796d5625ab35ef0de782d07e5db4e2264f612fc5ebaa21"
 		score = 75
 		quality = 90
@@ -8749,8 +9064,8 @@ rule REVERSINGLABS_Cert_Blocklist_00Ebaa11D62E2481081820 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1055-L1072"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1055-L1072"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2fafc6775ec88b5a1000afbc7234fbef6b03e9eaf866dae660dd2d749996cb5c"
 		score = 75
 		quality = 90
@@ -8773,8 +9088,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Aab11Dee52F1B19D056 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1074-L1089"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1074-L1089"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1f1215143dc828596e6d7eeff99983755b17eaeb3ab9d7643abdbb48e9957c78"
 		score = 75
 		quality = 90
@@ -8797,8 +9112,8 @@ rule REVERSINGLABS_Cert_Blocklist_6102B01900000000002F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1091-L1106"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1091-L1106"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6c42daa8b8730541bb422ac860ec4b0830e00fdb732e4bb503054dbcae1ff6d4"
 		score = 75
 		quality = 90
@@ -8821,8 +9136,8 @@ rule REVERSINGLABS_Cert_Blocklist_01E2B4F759811C64379Fca0Be76D2Dce : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1108-L1124"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1108-L1124"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0dff7a9f2e152c20427ea231449b942a040e964cb7dad90271d2865290535326"
 		score = 75
 		quality = 90
@@ -8845,8 +9160,8 @@ rule REVERSINGLABS_Cert_Blocklist_03E5A010B05C9287F823C2585F547B80 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1126-L1142"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1126-L1142"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1d57b640ee313ad4d53dc64ce4df3e4ed57976e7750cfd80d62bf9982d964d26"
 		score = 75
 		quality = 90
@@ -8869,8 +9184,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fe7Df6C4B9A33B83D04E23E98A77Cce : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1144-L1160"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1144-L1160"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "da5ed07def8d0c04ea58aacd90f9fa5588f868f6d0057b9148587f2f0b381f25"
 		score = 75
 		quality = 90
@@ -8893,8 +9208,8 @@ rule REVERSINGLABS_Cert_Blocklist_065569A3E261409128A40Affa90D6D10 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1162-L1178"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1162-L1178"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f8d68758704e41325e95ec69334aaf7fabe08a6d5557e0a81bac2f02d3ab5977"
 		score = 75
 		quality = 90
@@ -8917,8 +9232,8 @@ rule REVERSINGLABS_Cert_Blocklist_0979616733E062C544Df0Abd315E3B92 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1180-L1196"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1180-L1196"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "034b233d6b6dd82ad9fa1ec99db1effa3daaa5bb478d448133c479ac728117ad"
 		score = 75
 		quality = 90
@@ -8941,8 +9256,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D3250B27E0547C77307030491B42802 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1198-L1214"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1198-L1214"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "65f036921dfb9cbce3275aefb7111711e50874440096b2e3c3b55190cfc14ddb"
 		score = 75
 		quality = 90
@@ -8965,8 +9280,8 @@ rule REVERSINGLABS_Cert_Blocklist_00D1836Bd37C331A67 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1216-L1234"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1216-L1234"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8af1d10085c5be8924eb6e4ea3a9b8e936c7706d8ec43d42f24a9a293c7f9d27"
 		score = 75
 		quality = 90
@@ -8989,8 +9304,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Ca028D1A4De0Eb743135Edecf74D7Af : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1236-L1252"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1236-L1252"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "60b6351194e23153d425eaa0c25f840080a29abb5eb1bbcd41bb76a3d4130edd"
 		score = 75
 		quality = 90
@@ -9013,8 +9328,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dbb14Dcf973Eada14Ece7Ea79C895C11 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1254-L1270"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1254-L1270"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c73c83f5cb6d840b887e1aa41e96a29529f975434ac27a5aa57f2e14b342f63d"
 		score = 75
 		quality = 90
@@ -9037,8 +9352,8 @@ rule REVERSINGLABS_Cert_Blocklist_F8C2239De3977B8D4A3Dcbedc9031A51 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1272-L1288"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1272-L1288"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "aa4f39790bc58b0a50e05e7670abad654d7f3d73e500bd5f054fece4a979ebfa"
 		score = 75
 		quality = 90
@@ -9061,8 +9376,8 @@ rule REVERSINGLABS_Cert_Blocklist_Caad8222705D3Fb3430E114A31C8C6A4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1290-L1306"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1290-L1306"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "35c4f46322da4f5b9f938c1098c8e57effc8abfc03db865190c343df7b8990ea"
 		score = 75
 		quality = 90
@@ -9085,8 +9400,8 @@ rule REVERSINGLABS_Cert_Blocklist_B191812516E6618D49E6Ccf5E63Dc343 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1308-L1324"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1308-L1324"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "40c03e683b4b8e8a23ca84da7dfd3bd998d3708b27b7df7a22f25fb364c3a69b"
 		score = 75
 		quality = 90
@@ -9109,8 +9424,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Ba7Fb8Ee1Deff8F4A1525E1E0580057 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1326-L1342"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1326-L1342"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "324157b9fec2653cb8874c7a1a5b6e39b121992cd52856b8c4a2a8b7cee86a69"
 		score = 75
 		quality = 90
@@ -9133,8 +9448,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Df9F7Eb6Cdc5Ca243B33122E3941E25 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1344-L1360"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1344-L1360"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "703eccd5573fe42f03ec82887660d50e942156d840394746c90ba87d82507803"
 		score = 75
 		quality = 90
@@ -9157,8 +9472,8 @@ rule REVERSINGLABS_Cert_Blocklist_58A541D50F9E2Fab4380C6A2Ed433B82 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1362-L1378"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1362-L1378"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "69ddc58b6fec159d6eded8c78237a6a0626b1aedb58b0c9867b758fd09db46ad"
 		score = 75
 		quality = 90
@@ -9181,8 +9496,8 @@ rule REVERSINGLABS_Cert_Blocklist_5F273626859Ae4Bc4Becbbeb71E2Ab2D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1380-L1396"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1380-L1396"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c8be504f075041508f299b1df03d9cb9e58d9a89f49b7a926676033d18b108ba"
 		score = 75
 		quality = 90
@@ -9205,8 +9520,8 @@ rule REVERSINGLABS_Cert_Blocklist_B1Ad46Ce4Db160B348C24F66C9663178 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1398-L1414"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1398-L1414"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "59ce2b7a2e881853d07446b3dda74b296f2be09651364d0e131552cf76dab751"
 		score = 75
 		quality = 90
@@ -9229,8 +9544,8 @@ rule REVERSINGLABS_Cert_Blocklist_256541E204619033F8B09F9Eb7C88Ef8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1416-L1432"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1416-L1432"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e33cedf1dd24ac73f77461de0cef25cad57909be2a69469fec450ead7da85c65"
 		score = 75
 		quality = 90
@@ -9253,8 +9568,8 @@ rule REVERSINGLABS_Cert_Blocklist_00E8Cc18Cf100B6B27443Ef26319398734 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1434-L1452"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1434-L1452"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "68e9df056109cae41d981090c7a98ddc192a445647d7475569ddbe4118e570c5"
 		score = 75
 		quality = 90
@@ -9277,8 +9592,8 @@ rule REVERSINGLABS_Cert_Blocklist_62Af28A7657Ba8Ab10Fa8E2D47250C69 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1454-L1470"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1454-L1470"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c3c034cb4e2c65e2269fbfd9c045eb294badde60389ae62ed694ea4d61c5eb35"
 		score = 75
 		quality = 90
@@ -9301,8 +9616,8 @@ rule REVERSINGLABS_Cert_Blocklist_04C8Eca7243208A110Dea926C7Ad89Ce : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1472-L1488"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1472-L1488"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0012436e83704397026a8b2e500e5d61915e0f4c8ad4100176e200a975562e8f"
 		score = 75
 		quality = 90
@@ -9325,8 +9640,8 @@ rule REVERSINGLABS_Cert_Blocklist_157C3A4A6Bcf35Cf8453E6B6C0072E1D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1490-L1506"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1490-L1506"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2a68051ab6d0b967f08e44d91b9f13d75587ea0f16e2a5536ccf5898445e1a58"
 		score = 75
 		quality = 90
@@ -9349,8 +9664,8 @@ rule REVERSINGLABS_Cert_Blocklist_04422F12037Bc2032521Dbb6Ae02Ea0E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1508-L1524"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1508-L1524"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "381d749d24121d6634656fd33adcda5c3e500ee77a6333f525f351a2ee589e2c"
 		score = 75
 		quality = 90
@@ -9373,8 +9688,8 @@ rule REVERSINGLABS_Cert_Blocklist_65Eae6C98111Dc40Bf4F962Bf27227F2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1526-L1542"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1526-L1542"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "20c0f4e9783586e68ff363fe6a72398f6ea27aef5d25f98872d1203ce1a0c9bd"
 		score = 75
 		quality = 90
@@ -9397,8 +9712,8 @@ rule REVERSINGLABS_Cert_Blocklist_12D5A4B29Fe6156D4195Fba55Ae0D9A9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1544-L1560"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1544-L1560"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "860550745f6dbcd7dd0925d9b8f04e8e08e8b7c06343a4c070e131a815c42e12"
 		score = 75
 		quality = 90
@@ -9421,8 +9736,8 @@ rule REVERSINGLABS_Cert_Blocklist_0087D60D1E2B9374Eb7A735Dce4Bbdae56 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1562-L1580"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1562-L1580"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d6e0d22e926a237f1cc6b71c6f8ce01e497723032c9efba1e6af7327a786b608"
 		score = 75
 		quality = 90
@@ -9445,8 +9760,8 @@ rule REVERSINGLABS_Cert_Blocklist_0860C8A7Ed18C3F030A32722Fd2B220C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1582-L1598"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1582-L1598"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3c777fb157a6669bfdf3143e77f69265e09458a2b42b75b72680eb043da71e85"
 		score = 75
 		quality = 90
@@ -9469,8 +9784,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Fdadd0740572270203F8138692C4A83 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1600-L1616"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1600-L1616"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "18ce7ed721a454c5bb3cd6ab26df703b1e08b94b8c518055feffa38ad42afa50"
 		score = 75
 		quality = 90
@@ -9493,8 +9808,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Fc13D6220C629043A26F81B1Cad72D8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1618-L1634"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1618-L1634"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5572c278f6c9be62b2bba09ea610fd170438c6893ee5283ff4a5b3bb2852b07b"
 		score = 75
 		quality = 90
@@ -9517,8 +9832,8 @@ rule REVERSINGLABS_Cert_Blocklist_3457A918C6D3701B2Eaca6A92474A7Cc : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1636-L1652"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1636-L1652"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "70d4bece52a86bfe8958f6d4195b833cea609596e3b68bb90087c262501bd462"
 		score = 75
 		quality = 90
@@ -9541,8 +9856,8 @@ rule REVERSINGLABS_Cert_Blocklist_621Ed8265B0Ad872D9F4B4Ed6D560513 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1654-L1670"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1654-L1670"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c133d6eea5d27e597d0a656c7c930a5ca84adb46aa2fec66381b6b5c759e22aa"
 		score = 75
 		quality = 90
@@ -9565,8 +9880,8 @@ rule REVERSINGLABS_Cert_Blocklist_56E22B992B4C7F1Afeac1D63B492Bf54 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1672-L1688"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1672-L1688"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ef058c0ec352260fa3db0fc74331d1da3c9eb8d161cef7635632fd7c569198c6"
 		score = 75
 		quality = 90
@@ -9589,8 +9904,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Bc3Bae4118D46F3Fdd9Beeeab749Fee : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1690-L1706"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1690-L1706"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fcbda27f8bf4dca8aa32103bb344380c82f0c701c25766df94c182ef94805a12"
 		score = 75
 		quality = 90
@@ -9613,8 +9928,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F0449F7691E5B4C8E74E71Cae822179 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1708-L1724"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1708-L1724"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f8d3593b357f27240a4399e877ae9044f783bb944ad47ec9fe8bbecc63be864c"
 		score = 75
 		quality = 90
@@ -9637,8 +9952,8 @@ rule REVERSINGLABS_Cert_Blocklist_43Db4448D870D7Bdc275F36A01Fba36F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1726-L1742"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1726-L1742"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "951e35e2c3f1bd90a33f8b76b6ede5686ee9b9c97a4c71df5b9dff15956209c5"
 		score = 75
 		quality = 90
@@ -9661,8 +9976,8 @@ rule REVERSINGLABS_Cert_Blocklist_2880A7F7Ff2D334Aa08744A8754Fab2C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1744-L1760"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1744-L1760"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "03c7e1251c44e8824ae3b648a95cf34f4c56db65d76806306a062a343981d87f"
 		score = 75
 		quality = 90
@@ -9685,8 +10000,8 @@ rule REVERSINGLABS_Cert_Blocklist_0492F5C18E26Fa0Cd7E15067674Aff1C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1762-L1778"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1762-L1778"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d47d59d7680000d6c35181be2d9b034c2ecb7ca754a39c8e11750ddd7246b47c"
 		score = 75
 		quality = 90
@@ -9709,8 +10024,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Aa668Cd6A9De1Fdd476Ea8225326937 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1780-L1796"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1780-L1796"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "706e16995af40a6c9176dcbca07fb406f2efe4d47dbd9629d1a6b1ab1d09b045"
 		score = 75
 		quality = 90
@@ -9733,8 +10048,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Cb06Dccb482255728671Ea12Ac41620 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1798-L1814"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1798-L1814"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e0867ffe2ddd28282fe78b27b3b12ebac525b33a27dd242bc6f55bcd2e066a18"
 		score = 75
 		quality = 90
@@ -9757,8 +10072,8 @@ rule REVERSINGLABS_Cert_Blocklist_370C2467C41D6019Bbecd72E00C5D73D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1816-L1832"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1816-L1832"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2b99522b75ee83d85b30146cb292b5a8a46dc300fb43dd9d39d9ca96c9d32d9b"
 		score = 75
 		quality = 90
@@ -9781,8 +10096,8 @@ rule REVERSINGLABS_Cert_Blocklist_5067339614C5Cc219C489D40420F3Bf9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1834-L1850"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1834-L1850"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1716087285a093a3467583f79d7ae9bee641997227e6d4f95047905aedcc97c6"
 		score = 75
 		quality = 90
@@ -9805,8 +10120,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E32531Ae83992F0573120A5E78De271 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1852-L1868"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1852-L1868"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2b6d54ea8395c3666906b2e60c30b970c2c1b6f55ded874cbcc22dc79391fb34"
 		score = 75
 		quality = 90
@@ -9829,8 +10144,8 @@ rule REVERSINGLABS_Cert_Blocklist_6967A89Bcf6Efef160Aaeebbff376C0A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1870-L1886"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1870-L1886"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "deb7465e453aa5838f81e15e270abc958a65e1a6051a88a5910244edbe874451"
 		score = 75
 		quality = 90
@@ -9853,8 +10168,8 @@ rule REVERSINGLABS_Cert_Blocklist_7473D95405D2B0B3A8F28785Ce6E74Ca : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1888-L1904"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1888-L1904"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e15b990b13617017ca2d1f8caf03d8ff3785ca9b860bf11f81af5dadf17a9be5"
 		score = 75
 		quality = 90
@@ -9877,8 +10192,8 @@ rule REVERSINGLABS_Cert_Blocklist_04F380F97579F1702A85E0169Bbdfd78 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1906-L1922"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1906-L1922"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "73dc6e36fdaf5c80b33f20f2a9157805ce1d0218f3898104de16522ee9cfd51b"
 		score = 75
 		quality = 90
@@ -9901,8 +10216,8 @@ rule REVERSINGLABS_Cert_Blocklist_04D6B8Cc6Dce353Fcf3Ae8A532Be7255 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1924-L1940"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1924-L1940"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a316ad7f554428d02a850fb3bb04f349d30ecd2ccd4597e7a63461bf5e866e6f"
 		score = 75
 		quality = 90
@@ -9925,8 +10240,8 @@ rule REVERSINGLABS_Cert_Blocklist_191322A00200F793 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1942-L1958"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1942-L1958"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1b816785f86189817c124636e50a0f369ec85cfd898223c4ba43758a877f1cf3"
 		score = 75
 		quality = 90
@@ -9949,8 +10264,8 @@ rule REVERSINGLABS_Cert_Blocklist_451C9D0B413E6E8Df175 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1960-L1976"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1960-L1976"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7c94d87f79c9add4d7bf2a63d0774449319aa56cbc631dd9b0f19ed9bb9837d4"
 		score = 75
 		quality = 90
@@ -9973,8 +10288,8 @@ rule REVERSINGLABS_Cert_Blocklist_03943858218F35Adb7073A6027555621 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1978-L1994"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1978-L1994"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "93369d51b73591559494a48fafa5e4f7d46301ecaa379d8de70a70ac4d2d2728"
 		score = 75
 		quality = 90
@@ -9997,8 +10312,8 @@ rule REVERSINGLABS_Cert_Blocklist_09813Ee7318452C28A1F6426D1Cee12D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L1996-L2012"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L1996-L2012"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "89eb019192f822f9fe070403161d81e425fb8acdbc80e55fa516b5607eb8f8c7"
 		score = 75
 		quality = 90
@@ -10021,8 +10336,8 @@ rule REVERSINGLABS_Cert_Blocklist_476Bf24A4B1E9F4Bc2A61B152115E1Fe : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2014-L2030"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2014-L2030"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0ec0f44d2a7a53ad5653334378b631abde1834ebfcf72efcdcce353c6b9ae17d"
 		score = 75
 		quality = 90
@@ -10045,8 +10360,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Bd55818C5971B63Dc45Cf57Cbeb950B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2032-L2048"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2032-L2048"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5aa41a2d6a86a30559b36818602e1bdf2bfd38b799a4869c26c150052d6d788c"
 		score = 75
 		quality = 90
@@ -10069,8 +10384,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C0B2E9D2Ef909D15270D4Dd7Fa5A4A5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2050-L2066"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2050-L2066"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9c74eb025bb413503b97ffdba6f19eadecf3789ce3a5d5419f84e32e25c9b5b1"
 		score = 75
 		quality = 90
@@ -10093,8 +10408,8 @@ rule REVERSINGLABS_Cert_Blocklist_5E3D76Dc7E273E2F313Fc0775847A2A2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2068-L2084"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2068-L2084"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b943057fc3e97cfccadb4b8f61289a93b659aacf2a40217fcf519d4882e70708"
 		score = 75
 		quality = 90
@@ -10117,8 +10432,8 @@ rule REVERSINGLABS_Cert_Blocklist_47D5D5372Bcb1562B4C9F4C2Bdf13587 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2086-L2102"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2086-L2102"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fb4994647a2ed95c73625d90315c9b6deb6fb3b81b4aa6e847b0193f0a76650c"
 		score = 75
 		quality = 90
@@ -10141,8 +10456,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Ac10E68F1Ce519E84Ddcd28B11Fa542 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2104-L2120"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2104-L2120"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "dac3b6b7609ec1e82afe4f9c6c14e2d32b6f5d8d49c59d6c605f2a94d71bc107"
 		score = 75
 		quality = 90
@@ -10165,8 +10480,8 @@ rule REVERSINGLABS_Cert_Blocklist_31062E483E0106B18C982F0053185C36 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2122-L2138"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2122-L2138"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e45fc5b4d1b9f5cd35c56aad381e26e30675a9d99747cd318f3c77ea2af0e14a"
 		score = 75
 		quality = 90
@@ -10189,8 +10504,8 @@ rule REVERSINGLABS_Cert_Blocklist_20D0Ee42Fc901E6B3A8Fefe8C1E6087A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2140-L2156"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2140-L2156"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2225302de1e8fe9f2ad064e19b2b1d9faf90c7cafbebff6ddd0921bf57c5f9e6"
 		score = 75
 		quality = 90
@@ -10213,8 +10528,8 @@ rule REVERSINGLABS_Cert_Blocklist_127251B32B9A50Bd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2158-L2174"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2158-L2174"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8552ce9e9ab8d6b1025ab3c6e7b2485ef855236114c426475fde0b5f2e231ec9"
 		score = 75
 		quality = 90
@@ -10237,8 +10552,8 @@ rule REVERSINGLABS_Cert_Blocklist_48Cad4E6966E22D6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2176-L2192"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2176-L2192"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7733b8a97d9f3538db04309a2e3f9df6cb64930b0b6f7f241c3e629be2dd7804"
 		score = 75
 		quality = 90
@@ -10261,8 +10576,8 @@ rule REVERSINGLABS_Cert_Blocklist_5E15205F180442Cc6C3C0F03E1A33D9F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2194-L2210"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2194-L2210"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1ca238b5da4ff9940425c99f55542c931ccdf0ea3b0a2acbf00ffbbb54171ae0"
 		score = 75
 		quality = 90
@@ -10285,8 +10600,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C8E3B1613F73542F7106F272094Eb23 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2212-L2228"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2212-L2228"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "15c21b783409d904a0b4971dbdcbd0740083d13f3c633ee77c87df46d3aca748"
 		score = 75
 		quality = 90
@@ -10309,8 +10624,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Ce2Bd0Ad3Cfde9Ea73Eec7Ca30400Da : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2230-L2246"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2230-L2246"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a879ecd957acd29e8a5bad6c97cd10453ab857949680b522735bd77eb561d2ee"
 		score = 75
 		quality = 90
@@ -10333,8 +10648,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fbc30Db127A536C34D7A0Fa81B48193 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2248-L2264"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2248-L2264"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6b109b5636aa297a6e07f9d9213f7f07a7767b58442d03dc2f34f8a9b3eaba2b"
 		score = 75
 		quality = 90
@@ -10357,8 +10672,8 @@ rule REVERSINGLABS_Cert_Blocklist_08448Bd6Ee9105Ae31228Ea5Fe496F63 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2266-L2282"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2266-L2282"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9bc044b4fdf381274a2c31bc997dcdfd553595d92de7b33dc472353a00011711"
 		score = 75
 		quality = 90
@@ -10381,8 +10696,8 @@ rule REVERSINGLABS_Cert_Blocklist_02F17566Ef568Dc06C9A379Ea2F4Faea : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2284-L2300"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2284-L2300"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e3ec8a6de817354862880301e78a999f45f02c2fa8512bba6d27c9776f1a3417"
 		score = 75
 		quality = 90
@@ -10405,8 +10720,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D824Ba1F7F730319C50D64C9A7Ed507 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2302-L2318"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2302-L2318"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "407611603974c910d9a6a0ed71ecdf54ddcc59abb0f48c60846e61d6d4191933"
 		score = 75
 		quality = 90
@@ -10429,8 +10744,8 @@ rule REVERSINGLABS_Cert_Blocklist_77A64759F12766E363D779998C71Bdc9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2320-L2336"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2320-L2336"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2bf3d99ddec6b76da1ca60a9285767a5b34b84455db58195fc5d8fd8a22c9f8a"
 		score = 75
 		quality = 90
@@ -10453,8 +10768,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B0D17Ec1449B4B2D38Fcb0F20Fbcd3A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2338-L2354"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2338-L2354"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3121f2c49d0d4c396023924521f2c980045b6f07d082e49447429e9cd640e0ef"
 		score = 75
 		quality = 90
@@ -10477,8 +10792,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fe9404Dc73Cf1C2Ba1450B8398305557 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2356-L2374"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2356-L2374"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c0132d71de1384f6e534dd154eba88c4a51c43b7dfe984f3064ba4feffa4dd5a"
 		score = 75
 		quality = 90
@@ -10501,8 +10816,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Cb2D523A6Bf7A066642C578De1C9Be4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2376-L2392"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2376-L2392"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5a786b9ade5a59b8a1e0bbef1eb3dcb65404dcee19d572dc60f9ec9f45e4755b"
 		score = 75
 		quality = 90
@@ -10525,8 +10840,8 @@ rule REVERSINGLABS_Cert_Blocklist_3A6Ccabb1C62F3Be3Eb03869Fa43Dc4A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2394-L2410"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2394-L2410"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ccb603c8a5f4fb63876e78d763f80a97098c23aa10673c7b04a48026268f57d3"
 		score = 75
 		quality = 90
@@ -10549,8 +10864,8 @@ rule REVERSINGLABS_Cert_Blocklist_864196F01971Dbec7002B48642A7013A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2412-L2430"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2412-L2430"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a3173bb08e673caaa64ab22854840a135e891044b165bbc67733c951ec6aa991"
 		score = 75
 		quality = 90
@@ -10573,8 +10888,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Fda1E121B61Adeca936A6Aebe079303 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2432-L2448"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2432-L2448"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "70a04c83e79c98024bacf1688bb46d80c9b8491e25dd32d6d92bf3cf61c62e48"
 		score = 75
 		quality = 90
@@ -10597,8 +10912,8 @@ rule REVERSINGLABS_Cert_Blocklist_03866Deb183Abfbf4Ff458D4De7Bd73A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2450-L2466"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2450-L2466"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "90d09d0d2d01500e0670277d0e8de574feecf7443cf4d077912b1166a9c14c43"
 		score = 75
 		quality = 90
@@ -10621,8 +10936,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Be41B34127Ca9E6270830D2070Db426 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2468-L2484"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2468-L2484"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b66c4b9264be70d53838442a3112c4bacbdf2dda90840d71c3eb949e630b3f17"
 		score = 75
 		quality = 90
@@ -10645,8 +10960,8 @@ rule REVERSINGLABS_Cert_Blocklist_9B108B8A1Daa0D5581F59Fcee0447901 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2486-L2504"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2486-L2504"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "696e3da511f74f9cfb10b96130a36ae9f48c22f1e0deb76092db1262980ab3ac"
 		score = 75
 		quality = 90
@@ -10669,8 +10984,8 @@ rule REVERSINGLABS_Cert_Blocklist_5F8203C430Fc7Db4E61F6684F6829Ffc : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2506-L2522"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2506-L2522"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cd22d1beea12d1f6c50f69e76074c2582ce5567887056c43d4d6c87d33fce1bf"
 		score = 75
 		quality = 90
@@ -10693,8 +11008,8 @@ rule REVERSINGLABS_Cert_Blocklist_6B6Daef5Be29F20Ddce4B0F5E9Fa6Ea5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2524-L2540"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2524-L2540"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "edd2f302d2fac65f6a93372a24c3f80757f2b175af661032917366e9629c5491"
 		score = 75
 		quality = 90
@@ -10717,8 +11032,8 @@ rule REVERSINGLABS_Cert_Blocklist_57D6Dff1Ef96F01B9430666B2733Cc87 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2542-L2558"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2542-L2558"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "40d22137e9c5345859c5f000166da2a3117bcfcc19b4c5e81083cad80dfa6ee4"
 		score = 75
 		quality = 90
@@ -10741,8 +11056,8 @@ rule REVERSINGLABS_Cert_Blocklist_0166B65038D61E5435B48204Cae4795A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2560-L2576"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2560-L2576"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4e289eda4d5381250bcd6e36daade6f1e1803b6d16578d7eaee4454cef6981d0"
 		score = 75
 		quality = 90
@@ -10765,8 +11080,8 @@ rule REVERSINGLABS_Cert_Blocklist_784F226B45C3Bd8E4089243D747D1F59 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2578-L2594"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2578-L2594"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "df8ca35a07ec6815d1efb68fa6fbf8f80c57032ecb99d0b038da0604ceffe8cf"
 		score = 75
 		quality = 90
@@ -10789,8 +11104,8 @@ rule REVERSINGLABS_Cert_Blocklist_11690F05604445Fae0De539Eeeeec584 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2596-L2612"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2596-L2612"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b66257f562f698559910eb9576f8fdf0ce3a750cc0a96a27e2ec1a18872ad13f"
 		score = 75
 		quality = 90
@@ -10813,8 +11128,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aa146Bff4B832Bdbfe30B84580356763 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2614-L2632"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2614-L2632"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "37abe7a4fd773fd34f5d7dbe725ba4edcfb8ebb501dc41f386b8b0629161051f"
 		score = 75
 		quality = 90
@@ -10837,8 +11152,8 @@ rule REVERSINGLABS_Cert_Blocklist_E86F46B60142092Aae81B8F6Fa3D9C7C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2634-L2652"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2634-L2652"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6de16a44bc84fbf8f1d3d82526e1d7f8fd4ae3da6deaa471c77d2c8df47a14b0"
 		score = 75
 		quality = 90
@@ -10861,8 +11176,8 @@ rule REVERSINGLABS_Cert_Blocklist_1A0Fd2A4Ef4C2A36Ab9C5E8F792A35E2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2654-L2670"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2654-L2670"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8e768415998a6a92961986cb0a9d310514d928be93b3e5a9aaa9ec71bf5886ad"
 		score = 75
 		quality = 90
@@ -10885,8 +11200,8 @@ rule REVERSINGLABS_Cert_Blocklist_53Bb753B79A99E61A6E822Ac52460C70 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2672-L2688"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2672-L2688"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "24ff4f46fa6e85c25e130459f9b8d6907cf6cd51098e0cf45ec11d54d7de509b"
 		score = 75
 		quality = 90
@@ -10909,8 +11224,8 @@ rule REVERSINGLABS_Cert_Blocklist_83F68Fc6834Bf8Bd2C801A2D1F1Acc76 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2690-L2708"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2690-L2708"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "35552242f9f0a56b45e30e6f376877446f33e24690ff5d7b03dc776fab178afd"
 		score = 75
 		quality = 90
@@ -10933,8 +11248,8 @@ rule REVERSINGLABS_Cert_Blocklist_F385E765Acfb95605C9B35Ca4C32F80E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2710-L2728"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2710-L2728"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c73c8f1913d3423a52f5e77751813460ae9200eb3cb1cc6e2ec30f37f0da8152"
 		score = 75
 		quality = 90
@@ -10957,8 +11272,8 @@ rule REVERSINGLABS_Cert_Blocklist_F62C9C4Efc81Caf0D5A2608009D48018 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2730-L2748"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2730-L2748"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "08fcff795297c0608b1a1d71465279cbf76d4dff06de2a2262a58debbb2f9e0d"
 		score = 75
 		quality = 90
@@ -10981,8 +11296,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cc8D902Da36587C9B2113Cd76C3C3F8D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2750-L2768"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2750-L2768"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "25e524d23ccc1c06f602a086369ffd44b8c97b76c29f068764081339556b3465"
 		score = 75
 		quality = 90
@@ -11005,8 +11320,8 @@ rule REVERSINGLABS_Cert_Blocklist_328Bdcc0F679C4649147Fbb3Eb0E9Bc6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2770-L2786"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2770-L2786"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6d9e1f25ca252ca9dda7714c52a2e57fd3b5dca08cd2a45c9dec18a31d3bb342"
 		score = 75
 		quality = 90
@@ -11029,8 +11344,8 @@ rule REVERSINGLABS_Cert_Blocklist_5F78149Eb4F75Eb17404A8143Aaeaed7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2788-L2804"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2788-L2804"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0c7c9e8d2a9304e0407b8a1a29977312a9ba766a4052c6b874855fa187c85585"
 		score = 75
 		quality = 90
@@ -11053,8 +11368,8 @@ rule REVERSINGLABS_Cert_Blocklist_629D120Dd84F9C1688D4Da40366Fab7A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2806-L2822"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2806-L2822"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "187f6ef0de869500526d1b0d5c6f6762b0a939e06781e633a602834687c64023"
 		score = 75
 		quality = 90
@@ -11077,8 +11392,8 @@ rule REVERSINGLABS_Cert_Blocklist_039E5D0E3297F574Db99E1D9503853D9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2824-L2840"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2824-L2840"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2f150f60b7dce583fc68705f0b29a7c8684f1b69020275b2ec1ac6beeaa63952"
 		score = 75
 		quality = 90
@@ -11101,8 +11416,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bc32Bbe5Bbb4F06F490C50651Cd5Da50 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2842-L2860"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2842-L2860"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "104be481b7d4b1cb3c43c72314afc3641983838b5177c34a88d6da0d0e7b89c9"
 		score = 75
 		quality = 90
@@ -11125,8 +11440,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E1656Dfcaacfed7C2D2564355698Aa3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2862-L2878"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2862-L2878"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ba7cca8d71f571644cabd3d491cddefffd05ca7a838f262a343a01e4a09bb72a"
 		score = 75
 		quality = 90
@@ -11149,8 +11464,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Bf1D68E926E2Dd8966008C44F95Ea1C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2880-L2896"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2880-L2896"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "44b5aae8380e3590ebb6e2365e89b3827432e8330e5290dc8f8603a00bcf62f6"
 		score = 75
 		quality = 90
@@ -11173,8 +11488,8 @@ rule REVERSINGLABS_Cert_Blocklist_149C12083C145E28155510Cfc19Db0Fe : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2898-L2914"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2898-L2914"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f616fc470e223d65ac4c984394a38d566265ab37829ff566012de0a1527396c2"
 		score = 75
 		quality = 90
@@ -11197,8 +11512,8 @@ rule REVERSINGLABS_Cert_Blocklist_77E0117E8B2B8Faa84Bed961019D5Ef8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2916-L2932"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2916-L2932"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bea94b9da8c176f22a66fe7a4545dcc3a38f727a75a0bc7920d9aece8e24b9b7"
 		score = 75
 		quality = 90
@@ -11221,8 +11536,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F3Feb4Baf377Aea90A463C5Dee63884 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2934-L2950"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2934-L2950"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "56c37e758db33aa40e9a2c1c5a4eb14c2c370f614e838d86bf20c64f79e2a746"
 		score = 75
 		quality = 90
@@ -11245,8 +11560,8 @@ rule REVERSINGLABS_Cert_Blocklist_3D2580E89526F7852B570654Efd9A8Bf : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2952-L2968"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2952-L2968"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0f46fcfc8ee06756646899450daa254d3e5261bdc5c2339f20d01971608fff7b"
 		score = 75
 		quality = 90
@@ -11269,8 +11584,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fffe432A53Ff03B9223F88Be1B83D9D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2970-L2986"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2970-L2986"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e7dbe6b95877f9473661ccf26fa6e5142147609adfe0a9bb8b493875325710af"
 		score = 75
 		quality = 90
@@ -11293,8 +11608,8 @@ rule REVERSINGLABS_Cert_Blocklist_832E161Aea5206D815F973E5A1Feb3E7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L2988-L3006"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L2988-L3006"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "da908de031c78aa012809988e44dea564d32b88b65a2010925c1af85d578a68a"
 		score = 75
 		quality = 90
@@ -11317,8 +11632,8 @@ rule REVERSINGLABS_Cert_Blocklist_09Aecea45Bfd40Ce7D62D7D711916D7D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3008-L3024"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3008-L3024"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d1c6bfb10a244ba866c8aabdff6055388afa8096fd4bd77bb21f781794333e9b"
 		score = 75
 		quality = 90
@@ -11341,8 +11656,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Ff4Eda5Fa641E70162713426401F438 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3026-L3042"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3026-L3042"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "58f5e163d9807520497ba55e42c048020f6b7653ed71f3954e7ffb490f4de0e4"
 		score = 75
 		quality = 90
@@ -11365,8 +11680,8 @@ rule REVERSINGLABS_Cert_Blocklist_067Dffc5E3026Eb4C62971C98Ac8A900 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3044-L3060"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3044-L3060"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2b7c4cded14afd8ba3feabb6debaa1317917b811b44e22aa8a0b3ea00d689141"
 		score = 75
 		quality = 90
@@ -11389,8 +11704,8 @@ rule REVERSINGLABS_Cert_Blocklist_B1Da219688E51Fd0Bfac2C891D56Cbb8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3062-L3080"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3062-L3080"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "03549214940a8689213bd2eb891da1c1991627c81c8b7f26860141c397409d46"
 		score = 75
 		quality = 90
@@ -11413,8 +11728,8 @@ rule REVERSINGLABS_Cert_Blocklist_7289B0F9Bd641E3E352Dc3183F8De6Be : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3082-L3098"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3082-L3098"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "42b068e85b3aff5e6dd5ec4979f546dc5338ebf8719d86c0641ffb8353959af9"
 		score = 75
 		quality = 90
@@ -11437,8 +11752,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fd7B7A8678A67181A54Bc7499Eba44Da : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3100-L3118"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3100-L3118"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f1e26ea26890043be2c8b9c35ba2e6758b60fe173f00bf4c77cc5289ce0d5600"
 		score = 75
 		quality = 90
@@ -11461,8 +11776,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ebbdd6Cdeda40Ca64513280Ecd625C54 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3120-L3138"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3120-L3138"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1d419f2fe2a9bf744bdde48adc50e0bc48746f1576f96570385a2a1c9ba92d21"
 		score = 75
 		quality = 90
@@ -11485,8 +11800,8 @@ rule REVERSINGLABS_Cert_Blocklist_61Da676C1Dcfcf188276E2C70D68082E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3140-L3156"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3140-L3156"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4f8af4a5c9812e6559218e387e32bc02cb0adcd40d9d4963fefc929f6101ae9a"
 		score = 75
 		quality = 90
@@ -11509,8 +11824,8 @@ rule REVERSINGLABS_Cert_Blocklist_767436921B2698Bd18400A24B01341B6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3158-L3174"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3158-L3174"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "759bbbc5929463ad68d5dcd28b30401b9ff680f522172ed8d5d7dd3772e07587"
 		score = 75
 		quality = 90
@@ -11533,8 +11848,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E795531B3265510F935187Eca59920A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3176-L3192"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3176-L3192"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d597e88314f9f20283b40058dd74167d0d72f7518277a57f26c15e44b670b386"
 		score = 75
 		quality = 90
@@ -11557,8 +11872,8 @@ rule REVERSINGLABS_Cert_Blocklist_8F40B1485309A064A28B96Bfa3F55F36 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3194-L3212"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3194-L3212"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "58dd47bfd2acd698bc27fb03eb51e4b8598ef6c71f7193e3cc4eea63982855f0"
 		score = 75
 		quality = 90
@@ -11581,8 +11896,8 @@ rule REVERSINGLABS_Cert_Blocklist_B2120Facadbb92Cc0A176759604C6A0F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3214-L3232"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3214-L3232"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "08462b1bd3d45824aeea901a4db19365c28d8b8b0f594657df7a59250111729b"
 		score = 75
 		quality = 90
@@ -11605,8 +11920,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F407Eb50803845Cc43937823E1344C0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3234-L3250"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3234-L3250"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4d5a2b0619be902d8a437f204ae1b87222c73d3186930809b1f694bad429aea8"
 		score = 75
 		quality = 90
@@ -11629,8 +11944,8 @@ rule REVERSINGLABS_Cert_Blocklist_6922Bb5De88E4127E1Ac6969E6A199F5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3252-L3268"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3252-L3268"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "39dbaa232ea9125934b3682d780e3821d12e771f2b844d027d99a432fe249d9f"
 		score = 75
 		quality = 90
@@ -11653,8 +11968,8 @@ rule REVERSINGLABS_Cert_Blocklist_73065Efa163B7901Fa1Ccb0A54E80540 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3270-L3286"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3270-L3286"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e420c37c04aa676c266a4c2c228063239815c173a83c39d426c5a674648f1934"
 		score = 75
 		quality = 90
@@ -11677,8 +11992,8 @@ rule REVERSINGLABS_Cert_Blocklist_4842Afad00904Ed8C98811E652Ccb3B7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3288-L3304"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3288-L3304"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2b5c7c13369c7b89f1ea5474de3644a12bf6412cb3fa8ade5b66de280fb10cbf"
 		score = 75
 		quality = 90
@@ -11701,8 +12016,8 @@ rule REVERSINGLABS_Cert_Blocklist_5A59A686B4A904D0Fca07153Ea6Db6Cc : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3306-L3322"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3306-L3322"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7597b2ba870ec58ac0786a97fb92956406fe019c81f6176cc1a581988d3a9632"
 		score = 75
 		quality = 90
@@ -11725,8 +12040,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B6D8152F4A06Ba781C6677Eea5Ab74B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3324-L3340"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3324-L3340"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bd20cf8e4cab2117361dbe05ae2efe813e7f55667b1f3825cd893313d98dcb5f"
 		score = 75
 		quality = 90
@@ -11749,8 +12064,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Ad60Cea73E1Dd1A3E6C02D9B339C380 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3342-L3358"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3342-L3358"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fb83cf25be19e7cccd2c8369c3a37a90af72cb2f76db3619b8311d2a851335a8"
 		score = 75
 		quality = 90
@@ -11773,8 +12088,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Df2Dfed47C6Fd6542131847Cffbc102 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3360-L3376"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3360-L3376"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fc6adbfd45ff6ac465aecb3db862421f02170e977fc044017f3ddc306a9f7a37"
 		score = 75
 		quality = 90
@@ -11797,8 +12112,8 @@ rule REVERSINGLABS_Cert_Blocklist_74Fedf0F8398060Fa8378C6D174465C8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3378-L3394"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3378-L3394"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "406821c7990f05fdad91704f6418304f53dd4800bc4b41912177a1695858fade"
 		score = 75
 		quality = 90
@@ -11821,8 +12136,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Bd6A5Bba28E7C1Ca44880159Dace237 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3396-L3412"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3396-L3412"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f885c782148947d09133a3cc65319e02204c21d6c6d911b360840f25f37601dc"
 		score = 75
 		quality = 90
@@ -11845,8 +12160,8 @@ rule REVERSINGLABS_Cert_Blocklist_C04F8F1E00C69E96A51Bf14Aab1C6Ae0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3414-L3432"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3414-L3432"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c2b5ffa305b761b57dd91c0acea0d8f82bec6b7d3608be10a20ea63621f3f3e8"
 		score = 75
 		quality = 90
@@ -11869,8 +12184,8 @@ rule REVERSINGLABS_Cert_Blocklist_23F537Ce13C6Cccdfd3F8Ce81Fb981Cb : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3434-L3450"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3434-L3450"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d347bce3eddd0cac276a7504955f0342ae44fd93d238e514af5b1fdc208b68fc"
 		score = 75
 		quality = 90
@@ -11893,8 +12208,8 @@ rule REVERSINGLABS_Cert_Blocklist_73Ecfdbb99Aec176Ddfcf7958D120E1A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3452-L3468"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3452-L3468"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d911156707cef97acf79c096b5d4a4db166ddf05237168f1ecffb0c0a2ebd8fa"
 		score = 75
 		quality = 90
@@ -11917,8 +12232,8 @@ rule REVERSINGLABS_Cert_Blocklist_675129Bb174A5B05E330Cc09F8Bbd70A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3470-L3486"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3470-L3486"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d989ea5233e8a64bffa0e29645c3458ef1f5173158ced7814c3b473b92ef49f4"
 		score = 75
 		quality = 90
@@ -11941,8 +12256,8 @@ rule REVERSINGLABS_Cert_Blocklist_De13Fe2Dbb8F890287E1780Aff6Ffd22 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3488-L3504"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3488-L3504"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ebd983bcfa1e5d54af9d9e07d80d05f4752040eab92e63cd986db789fa07026f"
 		score = 75
 		quality = 90
@@ -11965,8 +12280,8 @@ rule REVERSINGLABS_Cert_Blocklist_Da000D18949C247D4Ddfc2585Cc8Bd0F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3506-L3524"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3506-L3524"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3453f13e633a2c233f78d0389c655bb5304e567407b3e0c5c47e5e7127c345ca"
 		score = 75
 		quality = 90
@@ -11989,8 +12304,8 @@ rule REVERSINGLABS_Cert_Blocklist_06E842D3Ea6249D783D6B55E29C060C7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3526-L3542"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3526-L3542"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9f71de0119527c8580f9e47e3fba07242814c5a537d727d4541fd7a802b0cb86"
 		score = 75
 		quality = 90
@@ -12013,8 +12328,8 @@ rule REVERSINGLABS_Cert_Blocklist_06473C3C19D9E1A9429B58B6Faec2967 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3544-L3560"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3544-L3560"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f9ca49ce65d213dce803806956c0ce1da0c4068bea173daae9cb06dab0a86268"
 		score = 75
 		quality = 90
@@ -12037,8 +12352,8 @@ rule REVERSINGLABS_Cert_Blocklist_39F56251Df2088223Cc03494084E6081 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3562-L3578"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3562-L3578"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c87850f91758a5bb3bdf6f6d7de9a3f53077d64cebdde541ac0742d3cea4f4e0"
 		score = 75
 		quality = 90
@@ -12061,8 +12376,8 @@ rule REVERSINGLABS_Cert_Blocklist_1362E56D34Dc7B501E17Fa1Ac3C3E3D9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3580-L3596"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3580-L3596"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0415c5a49076bab23dfc29ef2d6168b93d6bfde07a89ccb0368d2c967422407a"
 		score = 75
 		quality = 90
@@ -12085,8 +12400,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B83593Fc78D92Cfaa9Bdf3F97383964 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3598-L3614"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3598-L3614"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "775e41fc102cbaeb9374984380b0e073de2a0075b9a200f8ab644bd1369ba015"
 		score = 75
 		quality = 90
@@ -12109,8 +12424,8 @@ rule REVERSINGLABS_Cert_Blocklist_C7505E7464E00Ec1Dccd8D1B466D15Ff : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3616-L3634"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3616-L3634"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7c5c84cb9071eff6a1bd7062506b807466bb4a432d1ed073961898c6c08cc4bd"
 		score = 75
 		quality = 90
@@ -12133,8 +12448,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cbf91988Fb83511De1B3A7A520712E9C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3636-L3654"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3636-L3654"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5862a8ec43d2e545f36b815ada2bb31c4384a8161c6956a31f3bd517532923fd"
 		score = 75
 		quality = 90
@@ -12157,8 +12472,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ce3675Ae4Abfe688870Bcacb63060F4F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3656-L3674"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3656-L3674"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0c6f2ef55bef283a3f915fd8c1ced27c3c665f7f490caeea0f180c2d7fa2b2b5"
 		score = 75
 		quality = 90
@@ -12181,8 +12496,8 @@ rule REVERSINGLABS_Cert_Blocklist_9813229Efe0046D23542Cc7569D5A403 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3676-L3694"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3676-L3694"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0d8f0df83572b8d31f29cb76f44d524fd1ae0467d2d99af959e45694524d18e8"
 		score = 75
 		quality = 90
@@ -12205,8 +12520,8 @@ rule REVERSINGLABS_Cert_Blocklist_86E5A9B9E89E5075C475006D0Ca03832 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3696-L3714"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3696-L3714"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5ba0b0f1b104eb11023590b8ef2b9cc747372bc9310a754694d45d3b3ce293e9"
 		score = 75
 		quality = 90
@@ -12229,8 +12544,8 @@ rule REVERSINGLABS_Cert_Blocklist_075Dca9Ca84B93E8A89B775128F90302 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3716-L3732"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3716-L3732"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "32af21e71fb3475c50de4cd8a24fa0aec1ee67bc01c1a3720c12f9ce822833c3"
 		score = 75
 		quality = 90
@@ -12253,8 +12568,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ddce8Cdc91B5B649Bb4B45Ffbba6C6C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3734-L3750"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3734-L3750"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "622e6ed08ca26908539519f37cf493f8030100bd5e88cb05e851b7d56b0f4c0d"
 		score = 75
 		quality = 90
@@ -12277,8 +12592,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Bd614D5869Bb66C96B67E154D517384 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3752-L3770"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3752-L3770"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d9eea38a1340797cef129b12cf2bb46c444e6f312db7356260f0ac0d9e63183d"
 		score = 75
 		quality = 90
@@ -12301,8 +12616,8 @@ rule REVERSINGLABS_Cert_Blocklist_540Cea639D5D48669B7F2F64 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3772-L3788"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3772-L3788"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3d3774f10ff9949ea13a7892662438b84b3eb895fc986092649fa9b192170d48"
 		score = 75
 		quality = 90
@@ -12325,8 +12640,8 @@ rule REVERSINGLABS_Cert_Blocklist_03A7748A4355020A652466B5E02E07De : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3790-L3806"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3790-L3806"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6dc6d0fd2b702939847981ff31c2d8103227ccd0c19f999849ff89c64a90f92f"
 		score = 75
 		quality = 90
@@ -12349,8 +12664,8 @@ rule REVERSINGLABS_Cert_Blocklist_B881A72D4117Bbc38B81D3C65C792C1A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3808-L3826"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3808-L3826"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bad2a06090f077ebc635d21446b47c9f115fe477567afb3d5994043f5a7883b1"
 		score = 75
 		quality = 90
@@ -12373,8 +12688,8 @@ rule REVERSINGLABS_Cert_Blocklist_08653Ef2Ed9E6Ebb56Ffa7E93F963235 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3828-L3844"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3828-L3844"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5ae8d2fb03cd0f945c2f5eb86de4e5da4fbb1cdf233d8a808157304538ced872"
 		score = 75
 		quality = 90
@@ -12397,8 +12712,8 @@ rule REVERSINGLABS_Cert_Blocklist_9C4816D900A6Ecdbe54Adf72B19Ebcf5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3846-L3864"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3846-L3864"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "92e8130f444417d5bc3788721280338bbed33e3362104de0cf27bc7c1fc30d0e"
 		score = 75
 		quality = 90
@@ -12421,8 +12736,8 @@ rule REVERSINGLABS_Cert_Blocklist_269174F9Fe7C6Ed4E1D19B26C3F5B35F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3866-L3882"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3866-L3882"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "95c9720d6311c2fe7026b6cac092d59967479e6c9382eac1d26f7745efa92860"
 		score = 75
 		quality = 90
@@ -12445,8 +12760,8 @@ rule REVERSINGLABS_Cert_Blocklist_523Fb4036368Dc26192D68827F2D889B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3884-L3900"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3884-L3900"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f1886a046305637d335c493972560de56d8186bf99183aed5e2040b2e530fc22"
 		score = 75
 		quality = 90
@@ -12469,8 +12784,8 @@ rule REVERSINGLABS_Cert_Blocklist_84F842F6D33Cd2F25B88Dd1710E21137 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3902-L3920"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3902-L3920"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5aad8e95d1306626b63d767fce4706104330dd776b75c09cc404227863564307"
 		score = 75
 		quality = 90
@@ -12493,8 +12808,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Fbcaa289Ba925B4E247809B6B028202 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3922-L3938"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3922-L3938"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c41a4f9ccda54b9735313edf9042b831e6eaca149c089f74a823cee6719e1064"
 		score = 75
 		quality = 90
@@ -12517,8 +12832,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F2E8Effbb08C7Dbcc7A7F2D835457B5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3940-L3956"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3940-L3956"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0b446641617d435c3d312592957e19c3d391b0149eafcf9ac2da51e8d9080eb4"
 		score = 75
 		quality = 90
@@ -12541,8 +12856,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aeba4C39306Fdd022849867801645814 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3958-L3976"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3958-L3976"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "82c149f1d8ef93a0df2035690c5cdca935236687bc36a35a84c3d6610eb6902c"
 		score = 75
 		quality = 90
@@ -12565,8 +12880,8 @@ rule REVERSINGLABS_Cert_Blocklist_028D50Ae0C554B49148E82Db5B1C2699 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3978-L3994"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3978-L3994"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e3cc0066cad56d78a3f42e092befa3b0855b2ed33c8465c5ecbb19fec082d35e"
 		score = 75
 		quality = 90
@@ -12589,8 +12904,8 @@ rule REVERSINGLABS_Cert_Blocklist_684F478C7259Dde0Cfe2260112Ca9846 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L3996-L4012"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L3996-L4012"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "59654ba1df27029a04ef3b1a1bb54f6c15b727f2013923a11a729752b8829743"
 		score = 75
 		quality = 90
@@ -12613,8 +12928,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B7C32208A954A483Dd102E1Be094867 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4014-L4030"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4014-L4030"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "49e2208a7d2b5684283c1dfc9856f864d16b50f951f58e0252c97419819a46ec"
 		score = 75
 		quality = 90
@@ -12637,8 +12952,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E72Daf2B9A4449E946009E5084A8E76 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4032-L4048"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4032-L4048"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f1a7bf6c18e0ebf8aef53feb7d7789ce87c96e00962c64e07a37d968702d2fa5"
 		score = 75
 		quality = 90
@@ -12661,8 +12976,8 @@ rule REVERSINGLABS_Cert_Blocklist_11Edd343E21C36Ac985555D85C16135F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4050-L4066"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4050-L4066"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "17feeed4be074a30572eb12fc81dc15d1b06f2d3f7b4b4fb4443391c62ac4d9b"
 		score = 75
 		quality = 90
@@ -12685,8 +13000,8 @@ rule REVERSINGLABS_Cert_Blocklist_093Fe63D1A5F68F14Ecaac871A03F7A3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4068-L4084"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4068-L4084"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "333c58a9af2d94604b637ab0a7280b6688a89ff73e30a93a8daed040fab7f620"
 		score = 75
 		quality = 90
@@ -12709,8 +13024,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bb26B7B6634D5Db548C437B5085B01C1 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4086-L4104"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4086-L4104"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "58d574b196f84416eb04000205cd8f4817618003f2948bb0eb7d951c282ef6ff"
 		score = 75
 		quality = 90
@@ -12733,8 +13048,8 @@ rule REVERSINGLABS_Cert_Blocklist_29128A56E7B3Bfb230742591Ac8B4718 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4106-L4122"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4106-L4122"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5a89fec015e56ddddaed75be91a87288dcd27841937d26e3416187913c4f0b85"
 		score = 75
 		quality = 90
@@ -12757,8 +13072,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Bfbfdfef43608730Ee14779Ee3Ee2Cb : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4124-L4140"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4124-L4140"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f8f233b78e9d3558b0cd7978e3c5fa32645a3bb706c6fdec7f1e4195cf513f10"
 		score = 75
 		quality = 90
@@ -12781,8 +13096,8 @@ rule REVERSINGLABS_Cert_Blocklist_62205361A758B00572D417Cba014F007 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4142-L4158"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4142-L4158"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ebf28921c81191bcf6130baf6532122bb320cc916e38ab225f0acdcb57ea00f3"
 		score = 75
 		quality = 90
@@ -12805,8 +13120,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B47D18Dbea57Abd1563Ddf89F87A6C2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4160-L4176"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4160-L4176"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2e464f4e9bfe0c9510a78552acffb241d2435ea9bf3f5f2501353d7f8f280d78"
 		score = 75
 		quality = 90
@@ -12829,8 +13144,8 @@ rule REVERSINGLABS_Cert_Blocklist_Be41E2C7Bb2493044B9241Abb732599D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4178-L4196"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4178-L4196"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "eb5d94b80fd030d14dc26878895c61761825f3c77209ca0280e88dcd1800f9c2"
 		score = 75
 		quality = 90
@@ -12853,8 +13168,8 @@ rule REVERSINGLABS_Cert_Blocklist_15C5Af15Afecf1C900Cbab0Ca9165629 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4198-L4214"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4198-L4214"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5c54f32dbac271b2b60ec40bd052b5566a512cd2bcb4255057b21262806882d2"
 		score = 75
 		quality = 90
@@ -12877,8 +13192,8 @@ rule REVERSINGLABS_Cert_Blocklist_476De2F108D20B43Ba3Bae6F331Af8F1 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4216-L4232"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4216-L4232"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e5edf3e15b2139ba6cd85f2cfea63b53f7fa36a3fd7224a4a9ccbe5de6eb6f1d"
 		score = 75
 		quality = 90
@@ -12901,8 +13216,8 @@ rule REVERSINGLABS_Cert_Blocklist_08Ddcc67F8Cad6929607E4Cda29B3503 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4234-L4250"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4234-L4250"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4cd975312ca825b51f34f5c89184a56526877436224c1e7407d715b28ebfd9d5"
 		score = 75
 		quality = 90
@@ -12925,8 +13240,8 @@ rule REVERSINGLABS_Cert_Blocklist_052242Ace583Adf2A3B96Adcb04D0812 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4252-L4268"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4252-L4268"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e1593a2bf375912e411d5f19d9e232c6b87f0897bb6f1c0b0539380b34b05af5"
 		score = 75
 		quality = 90
@@ -12949,8 +13264,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bebef5C533Ce92Efc402Fab8605C43Ec : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4270-L4288"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4270-L4288"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "daa57ad622799467c60693060e6c9eea18bdf0bb26f178e8b03453aab486ccf4"
 		score = 75
 		quality = 90
@@ -12973,8 +13288,8 @@ rule REVERSINGLABS_Cert_Blocklist_1D3F39F481Fe067F8A9289Bb49E05A04 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4290-L4306"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4290-L4306"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2fdf8b59d302d2ce81a1e9a5715138adc1ec45bd86871c4c2e46412407e329f9"
 		score = 75
 		quality = 90
@@ -12997,8 +13312,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Be35D025E65Cc7A4Ee01F72 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4308-L4324"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4308-L4324"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "dad7ab834a67d36c0b63e45922aea566dc0aaf922be2b74161616b3caea83fdc"
 		score = 75
 		quality = 90
@@ -13021,8 +13336,8 @@ rule REVERSINGLABS_Cert_Blocklist_351Fe2Efdc0Ac56A0C822Cf8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4326-L4342"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4326-L4342"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "46b87c3531e01ba150f056ec3270564426363ef8c58256eeedbcab247c7625e4"
 		score = 75
 		quality = 90
@@ -13045,8 +13360,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Cfbb4C69008821Aaacecde97Ee149Ab : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4344-L4362"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4344-L4362"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d74b13eeb5d0a57c5dd3257480230c504a68a8422e77a46bb2e101abb2c7f282"
 		score = 75
 		quality = 90
@@ -13069,8 +13384,8 @@ rule REVERSINGLABS_Cert_Blocklist_C04F5D17Af872Cb2C37E3367Fe761D0D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4364-L4382"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4364-L4382"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4a4d60aa3722a710fe23d5e11c55a28bfe721bb4e797b041d58f62a994487799"
 		score = 75
 		quality = 90
@@ -13093,8 +13408,8 @@ rule REVERSINGLABS_Cert_Blocklist_02C5351936Abe405Ac760228A40387E8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4384-L4400"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4384-L4400"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5a990f8d1a3f467cdafa0f625bc162745d9201e15ce43fdc93cd6b1730572e89"
 		score = 75
 		quality = 90
@@ -13117,8 +13432,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Ecd829Adcc55D9D6Afe30Dc371Ebda6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4402-L4420"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4402-L4420"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "02955f4df7deccab52cdd82fd04d5012db7440f85c87d750fa9f81ff85e2dab0"
 		score = 75
 		quality = 90
@@ -13141,8 +13456,8 @@ rule REVERSINGLABS_Cert_Blocklist_B0167124Ca59149E64D292Eb4B142014 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4422-L4440"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4422-L4440"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "10d980d4a71dab4679376f5a6d6a6999e0b59af4f25587a7b8d1ef52a7808cc9"
 		score = 75
 		quality = 90
@@ -13165,8 +13480,8 @@ rule REVERSINGLABS_Cert_Blocklist_112613B7B5F696Cf377680F6463Fcc8C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4442-L4458"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4442-L4458"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "50fd35617e059a5fe9d9e0fdb4b880c20e406357bbb2d037f9e6e9db47b8e49f"
 		score = 75
 		quality = 90
@@ -13189,8 +13504,8 @@ rule REVERSINGLABS_Cert_Blocklist_B3F906E5E6B2Cf61C5E51Be79B4E8777 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4460-L4478"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4460-L4478"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "037e154854c1128fb73d2221c2b7d7211d977492378614fcf4fde959207e34b3"
 		score = 75
 		quality = 90
@@ -13213,8 +13528,8 @@ rule REVERSINGLABS_Cert_Blocklist_566Ac16A57B132D3F64Dced14De790Ee : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4480-L4496"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4480-L4496"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "48f4d334614f6c413907d51f4d6312554b13c4f5a3c03070ceba48baa13a8247"
 		score = 75
 		quality = 90
@@ -13237,8 +13552,8 @@ rule REVERSINGLABS_Cert_Blocklist_D2Caf7908Aaebfa1A8F3E2136Fece024 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4498-L4516"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4498-L4516"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cf4d17274ef36d61e78578d34634bf6e5fb0fb857a9a92184916b0f3b8484568"
 		score = 75
 		quality = 90
@@ -13261,8 +13576,8 @@ rule REVERSINGLABS_Cert_Blocklist_E04A344B397F752A45B128A594A3D6B5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4518-L4536"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4518-L4536"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0489577c6050f0c5d1dad5bda8c4f3c895902b932cd0324087712ccb83f14680"
 		score = 75
 		quality = 90
@@ -13285,8 +13600,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Bcaed3Ef678F2F9Bf38D09E149B8D70 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4538-L4554"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4538-L4554"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "dbf85cbd1d92823287749dac312f95576900753f60a694347b31b1e3aaa288a8"
 		score = 75
 		quality = 90
@@ -13309,8 +13624,8 @@ rule REVERSINGLABS_Cert_Blocklist_56D576A062491Ea0A5877Ced418203A1 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4556-L4572"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4556-L4572"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "19bd6834b432f3dc8786b449241082b359275559a112a8ef4a51efe185b256dc"
 		score = 75
 		quality = 90
@@ -13333,8 +13648,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fcba260Df7Da602Ecf4D4D6Fc89D5Dd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4574-L4590"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4574-L4590"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4e9a3e516342820248ebf9b3605b8ce2dbf1d9b4255a5b74f7369dd2f1cdd9d8"
 		score = 75
 		quality = 90
@@ -13357,8 +13672,8 @@ rule REVERSINGLABS_Cert_Blocklist_4152169F22454Ed604D03555B7Afb175 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4592-L4608"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4592-L4608"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fbb2124b934c270739f564317526d5b23b996364372426485d7c994a83293866"
 		score = 75
 		quality = 90
@@ -13381,8 +13696,8 @@ rule REVERSINGLABS_Cert_Blocklist_01C88Ccbd219500139D1Af138A9E898E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4610-L4626"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4610-L4626"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d1acb0a7d6e20158797e77c066be42548cee9293fa94f24f936a95977ac16d91"
 		score = 75
 		quality = 90
@@ -13405,8 +13720,8 @@ rule REVERSINGLABS_Cert_Blocklist_41D05676E0D31908Be4Dead3486Aeae3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4628-L4644"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4628-L4644"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c4905f02c74df6d05b3f9a6fe2c4f5f32a02bb10da4db929314be043be76d703"
 		score = 75
 		quality = 90
@@ -13429,8 +13744,8 @@ rule REVERSINGLABS_Cert_Blocklist_8Cff807Edaf368A60E4106906D8Df319 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4646-L4664"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4646-L4664"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6fc98519faf218d90bb4e01821e6014e009c0b525cfd3c906a64ef82bc20beda"
 		score = 75
 		quality = 90
@@ -13453,8 +13768,8 @@ rule REVERSINGLABS_Cert_Blocklist_A3E62Be1572293Ad618F58A8Aa32857F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4666-L4684"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4666-L4684"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f849898465bc651f19f6f1b54315c061466d8c5860ecf1a07f54c8c8292f6a95"
 		score = 75
 		quality = 90
@@ -13477,8 +13792,8 @@ rule REVERSINGLABS_Cert_Blocklist_672D4428450Afcc24Fc60969A5063A3E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4686-L4702"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4686-L4702"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8f5927e96109184bad7de4513994fd1021fe1cc5977e60fa72d808df95cb4516"
 		score = 75
 		quality = 90
@@ -13501,8 +13816,8 @@ rule REVERSINGLABS_Cert_Blocklist_Df479E14A70C7970A4De3Dd3E4Bb0318 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4704-L4722"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4704-L4722"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "35b1f04cf5d5d1d89db537bf75737e3af5945e594f4d4231e9ae3e7fba52fc0d"
 		score = 75
 		quality = 90
@@ -13525,8 +13840,8 @@ rule REVERSINGLABS_Cert_Blocklist_2924785Fd7990B2D510675176Dae2Bed : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4724-L4740"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4724-L4740"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e308ca5f24ed5811e947289caf9aa820a16b08ea183c7aa9826f8a726fb5c3cf"
 		score = 75
 		quality = 90
@@ -13549,8 +13864,8 @@ rule REVERSINGLABS_Cert_Blocklist_F4D2Def53Bccb0Dd2B7D54E4853A2Fc5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4742-L4760"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4742-L4760"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9991f44b8e984bd79269c44999481258d94bec9c21b154b63c6c30ae52344b3c"
 		score = 75
 		quality = 90
@@ -13573,8 +13888,8 @@ rule REVERSINGLABS_Cert_Blocklist_03Bf9Ef4Cf037A2385649026C3Da9D3E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4762-L4778"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4762-L4778"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "14196bad586b1349e6e8a1eb5621ce0d8d346ff8021c8ef80804de1533fd40d9"
 		score = 75
 		quality = 90
@@ -13597,8 +13912,8 @@ rule REVERSINGLABS_Cert_Blocklist_790177A54209D55560A55Db97C5900D6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4780-L4796"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4780-L4796"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "07c8e21fe604b481beebae784eb49e32bebee70e749581a55313bfbc757752e2"
 		score = 75
 		quality = 90
@@ -13621,8 +13936,8 @@ rule REVERSINGLABS_Cert_Blocklist_048F7B5F67D8E2B3030F75Eb7Be2713D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4798-L4814"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4798-L4814"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6d1b47f3c9d7b90a5470f83a848adeebff2cf9341a1eb41ca8b45d08b469b17f"
 		score = 75
 		quality = 90
@@ -13645,8 +13960,8 @@ rule REVERSINGLABS_Cert_Blocklist_082023879112289Bf351D297Cc8Efcfc : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4816-L4832"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4816-L4832"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "58bec160445765ce45a26bf9d96ba6cfe61eee31e0953009d40a7ec64920c677"
 		score = 75
 		quality = 90
@@ -13669,8 +13984,8 @@ rule REVERSINGLABS_Cert_Blocklist_0D53690631Dd186C56Be9026Eb931Ae2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4834-L4850"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4834-L4850"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3d0a80c062800f935fa3837755e8a91245e01a4e2450a05fecab5564cb62c15c"
 		score = 75
 		quality = 90
@@ -13693,8 +14008,8 @@ rule REVERSINGLABS_Cert_Blocklist_32119925A6Ce4710Aecc4006C28E749F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4852-L4868"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4852-L4868"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ca812cdfbb7ca984fae1e16159eb0eeb1e65767fcc6aa07eeb84966853146f9d"
 		score = 75
 		quality = 90
@@ -13717,8 +14032,8 @@ rule REVERSINGLABS_Cert_Blocklist_2C90Eaf4De3Afc03Ba924C719435C2A3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4870-L4888"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4870-L4888"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5bb78a5e39f9d023cf63edabdc83d4965fc79f6f04f9fea9bcf2a53223fbd4ca"
 		score = 75
 		quality = 90
@@ -13741,8 +14056,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aff762E907F0644E76Ed8A7485Fb12A1 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4890-L4908"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4890-L4908"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ad05389e0eb30cb894b03842d213b8c956f66357a913c73d8d8b79f8336bf980"
 		score = 75
 		quality = 90
@@ -13765,8 +14080,8 @@ rule REVERSINGLABS_Cert_Blocklist_D8530214Ca0F512946496B5164C61201 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4910-L4928"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4910-L4928"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "377962915586c9f5a5737c24b698c96efc2e819e52ee16109c405f9af2d57e7f"
 		score = 75
 		quality = 90
@@ -13789,8 +14104,8 @@ rule REVERSINGLABS_Cert_Blocklist_661Ba8F3C9D1B348413484E9A49502F7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4930-L4948"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4930-L4948"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4840b311c1e2c0ae14bb2cf6fa8d96ab1a434ceac861db540697f3aed1a6833f"
 		score = 75
 		quality = 90
@@ -13813,8 +14128,8 @@ rule REVERSINGLABS_Cert_Blocklist_51Aead5A9Ab2D841B449Fa82De3A8A00 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4950-L4966"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4950-L4966"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e53095aab9d6c2745125e8cd933334ebc2e51a9725714d31a46baa74b8e42ed9"
 		score = 75
 		quality = 90
@@ -13837,8 +14152,8 @@ rule REVERSINGLABS_Cert_Blocklist_03B630F9645531F8868Dae8Ac0F8Cfe6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4968-L4984"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4968-L4984"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6d2f4346760bf52a438c4c996e92a2641bebfd536248776383d7c8394e094e6a"
 		score = 75
 		quality = 90
@@ -13861,8 +14176,8 @@ rule REVERSINGLABS_Cert_Blocklist_6F8373Cf89F1B49138F4328118487F9E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L4986-L5002"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L4986-L5002"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f926c2f73d47d463721a0cad48d9866192df55d71867941a40cba7e0b7725102"
 		score = 75
 		quality = 90
@@ -13885,8 +14200,8 @@ rule REVERSINGLABS_Cert_Blocklist_E38259Cf24Cc702Ce441B683Ad578911 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5004-L5022"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5004-L5022"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2428df14a18f4aed1a3db85c1fb43a847fae8a922c6dc948f3bc514dc4cae09c"
 		score = 75
 		quality = 90
@@ -13909,8 +14224,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bdc81Bc76090Dae0Eee2E1Eb744A4F9A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5024-L5042"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5024-L5042"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4fc3e57bedb6fb7c96e6a1ee2ad2aec3860716ac714d52ea58b86be4bbda4660"
 		score = 75
 		quality = 90
@@ -13933,8 +14248,8 @@ rule REVERSINGLABS_Cert_Blocklist_B2E730B0526F36Faf7D093D48D6D9997 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5044-L5062"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5044-L5062"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f74cc94428d7739abf6ee76f6cbd53aa47cea815a014de0d786fe53b15f66201"
 		score = 75
 		quality = 90
@@ -13957,8 +14272,8 @@ rule REVERSINGLABS_Cert_Blocklist_7156Ec47Ef01Ab8359Ef4304E5Af1A05 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5064-L5080"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5064-L5080"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7bb093287dd309ce12859eca9a9fc98095b3d52ec860626fe6e743bace262fde"
 		score = 75
 		quality = 90
@@ -13981,8 +14296,8 @@ rule REVERSINGLABS_Cert_Blocklist_13794371C052Ec0559E9B492Abb25C26 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5082-L5098"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5082-L5098"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7383d1fb1fa6e49f8fa9e1eecfe3fcedb8a11702fbd3700630a11b12da29fedf"
 		score = 75
 		quality = 90
@@ -14005,8 +14320,8 @@ rule REVERSINGLABS_Cert_Blocklist_5C7E78F53C31D6Aa5B45De14B47Eb5C4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5100-L5116"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5100-L5116"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7521abc5c93f0336af4fab95268962aa3d3fb48fed6a8ba7fdb98e373158b327"
 		score = 75
 		quality = 90
@@ -14029,8 +14344,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dadf44E4046372313Ee97B8E394C4079 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5118-L5136"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5118-L5136"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "170533935b91776ec2413106c55ed4a01c33f32a469a855824cac796f2e132a0"
 		score = 75
 		quality = 90
@@ -14053,8 +14368,8 @@ rule REVERSINGLABS_Cert_Blocklist_F8C2E08438Bb0E9Adc955E4B493E5821 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5138-L5156"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5138-L5156"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5dbe554032c945c46ffd61ef1e0deb59d396a70dd63994bf44c65d849ec8220a"
 		score = 75
 		quality = 90
@@ -14077,8 +14392,8 @@ rule REVERSINGLABS_Cert_Blocklist_70E1Ebd170Db8102D8C28E58392E5632 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5158-L5174"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5158-L5174"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e1738eddc1da0876a373ee7f35bff155d56c1b98a23cb117c0e7a966f8fa3c92"
 		score = 75
 		quality = 90
@@ -14101,8 +14416,8 @@ rule REVERSINGLABS_Cert_Blocklist_09C89De6F64A7Fdf657E69353C5Fdd44 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5176-L5192"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5176-L5192"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1cb57cd68cda91754307d2e4d94ea011975bbfff0f15134081a5aa11870b0db1"
 		score = 75
 		quality = 90
@@ -14125,8 +14440,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ffff2Ce862378B26440Df49Ca9175B70 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5194-L5212"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5194-L5212"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8ed7b0643b07ce4954f570157e1534ee1ed647717cce00fe7f2b572c9b5d0042"
 		score = 75
 		quality = 90
@@ -14149,8 +14464,8 @@ rule REVERSINGLABS_Cert_Blocklist_3223B4616C2687C04865Bee8321726A8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5214-L5230"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5214-L5230"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fcb0a14866b3612c5ec5a7db7a3333e20a4605695b3d019eef84de85d7b3ea4d"
 		score = 75
 		quality = 90
@@ -14173,8 +14488,8 @@ rule REVERSINGLABS_Cert_Blocklist_7709D2Df39E9A4F7Db2F3Cbc29B49743 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5232-L5248"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5232-L5248"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c9ade45e0f9fb737a08ffa94d1fff89471a1cbcbacc139730fab88e382226d0b"
 		score = 75
 		quality = 90
@@ -14197,8 +14512,8 @@ rule REVERSINGLABS_Cert_Blocklist_E29690E14518874D2Dcf00234Ae94F1F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5250-L5268"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5250-L5268"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ef84815798b213dc49a142e3076cc6dd680dccabe72643fc86234024a46468f9"
 		score = 75
 		quality = 90
@@ -14221,8 +14536,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cfac705C7E6845904F99995324F7562C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5270-L5288"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5270-L5288"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "68bcfe60c2e7154f427c20d0471ede99e55c8200149a4438d5a2a75982fcd419"
 		score = 75
 		quality = 90
@@ -14245,8 +14560,8 @@ rule REVERSINGLABS_Cert_Blocklist_A7989F8Be0C82D35A19E7B3Dd4Be30E5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5290-L5308"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5290-L5308"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a50129908a471e6692bcf663abd5ef52861d4a46fdf528f39efe816ee6150edf"
 		score = 75
 		quality = 90
@@ -14269,8 +14584,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fa13Ae98E17Ae23Fcfe7Ae873D0C120 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5310-L5326"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5310-L5326"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "415f39f82b6a45acd196ccf246ec660806a8d66c61df8c7d2850e5b244118d04"
 		score = 75
 		quality = 90
@@ -14293,8 +14608,8 @@ rule REVERSINGLABS_Cert_Blocklist_3696883055975D571199C6B5D48F3Cd5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5328-L5344"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5328-L5344"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d6f77b9ca928167341a35b83e353886d4db8dfcecf45cde0f0f93d65059b5200"
 		score = 75
 		quality = 90
@@ -14317,8 +14632,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ee678930D5Bdfaa2Ab0172Fa4C10Ae07 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5346-L5364"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5346-L5364"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f1e254450fdbe94172a4fa2d2727c3ade5ae436cf4c0c1153a15e9a2f64f2452"
 		score = 75
 		quality = 90
@@ -14341,8 +14656,8 @@ rule REVERSINGLABS_Cert_Blocklist_D7C432E8D4Edef515Bfb9D1C214Ff0F5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5366-L5384"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5366-L5384"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "63741513f3ab2f51ecd66dc973239c9dc194b86504fe26b2dd4a7f31299e5497"
 		score = 75
 		quality = 90
@@ -14365,8 +14680,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B440A47E8Ce3Dd202271E5C7A666C78 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5386-L5402"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5386-L5402"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "eb4387d58e391c356ed774d8c13bb4bbb2befed585bb44674459d3ef519aec58"
 		score = 75
 		quality = 90
@@ -14389,8 +14704,8 @@ rule REVERSINGLABS_Cert_Blocklist_B82C6553B2186C219797621Aaa233Edb : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5404-L5422"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5404-L5422"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "72e3e1740a4adc4315d2dd9c9f7b8cee2d89c3006014dec663b70d3419f43ca3"
 		score = 75
 		quality = 90
@@ -14413,8 +14728,8 @@ rule REVERSINGLABS_Cert_Blocklist_F360F7Ad0Ed065Fec0B44F98E04481A0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5424-L5442"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5424-L5442"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2a25f1121f492dec461e570ff56acb0e3957cdf9100002f2ff0b6c3d3b35fee5"
 		score = 75
 		quality = 90
@@ -14437,8 +14752,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fe41941464B9992A69B7317418Ae8Eb7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5444-L5462"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5444-L5462"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bd5131f2b44deec6a7a68577b80ef4d066c331da2976539ce52ac6cff8d5560e"
 		score = 75
 		quality = 90
@@ -14461,8 +14776,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C14B611A44A1Bae0E8C7581651845B6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5464-L5480"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5464-L5480"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7f6028181e33e4ba8264ee367169e7259e19ff49dcae9a337a4ba78c06b459e6"
 		score = 75
 		quality = 90
@@ -14485,8 +14800,8 @@ rule REVERSINGLABS_Cert_Blocklist_690910Dc89D7857C3500Fb74Bed2B08D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5482-L5498"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5482-L5498"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3c5da6238279296854eb95ecaed802f453e80c6bceb71c3fa587df0f7d40cf96"
 		score = 75
 		quality = 90
@@ -14509,8 +14824,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fd41E6Bd7428D3008C8A05F68C9Ac6F2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5500-L5518"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5500-L5518"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e387664dc9aa746e127b4efb2ef43675f8fb6df66e99d33ef765e8fa306a4f18"
 		score = 75
 		quality = 90
@@ -14533,8 +14848,8 @@ rule REVERSINGLABS_Cert_Blocklist_C7079866C0E48B01246Ba0C148E70D4D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5520-L5538"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5520-L5538"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cc144760e0ca21fd98b55ac222db540900def61f54e9644f8cab5f711ec7bf24"
 		score = 75
 		quality = 90
@@ -14557,8 +14872,8 @@ rule REVERSINGLABS_Cert_Blocklist_D591Da22F33C800A7024Aecff2Cd6C6D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5540-L5558"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5540-L5558"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "30e421d5ea3c5693c5c9bd0e3dd997ceda9755d17e3fb16d2a8e6c4a327ae32f"
 		score = 75
 		quality = 90
@@ -14581,8 +14896,8 @@ rule REVERSINGLABS_Cert_Blocklist_B36E0F2053Caee9C3B966F7Be0B40Fc3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5560-L5578"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5560-L5578"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2444c78aefdb9e8c8004598a318db016d7e781ede6da2ba3ee85316456c3e77b"
 		score = 75
 		quality = 90
@@ -14605,8 +14920,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B320A2F46C99C1Ba1357Bee : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5580-L5596"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5580-L5596"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "12797f80bce9d64c6c07e185aa309a0c4f910835745a7f2cc1874fb1211624d8"
 		score = 75
 		quality = 90
@@ -14629,8 +14944,8 @@ rule REVERSINGLABS_Cert_Blocklist_08D4352185317271C1Cec9D05C279Af7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5598-L5614"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5598-L5614"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b240962ab23729b241413ed1e53ac6541bf6b8a673c57522efd0cfe0c7eb9dd4"
 		score = 75
 		quality = 90
@@ -14653,8 +14968,8 @@ rule REVERSINGLABS_Cert_Blocklist_B514E4C5309Ef9F27Add05Bedd4339A0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5616-L5634"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5616-L5634"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "665b280218528bbe3d5c65d043266469e5288587ed9d85d01797bef7ce132a6f"
 		score = 75
 		quality = 90
@@ -14677,8 +14992,8 @@ rule REVERSINGLABS_Cert_Blocklist_13C7B92282Aae782Bfb00Baf879935F4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5636-L5652"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5636-L5652"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d4edbb446a51e5153ba88d6757d5fb610303eac3fd4bdd3b987b508dc618d2dc"
 		score = 75
 		quality = 90
@@ -14701,8 +15016,8 @@ rule REVERSINGLABS_Cert_Blocklist_D627F1000D12485995514Bfbdefc55D9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5654-L5672"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5654-L5672"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7ca590d71997879d17054a936238dd5273a52f3438d1b231a75927abfb118ffd"
 		score = 75
 		quality = 90
@@ -14725,8 +15040,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Fb6Bae8834Edd8D3D58818Edc86D7D7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5674-L5690"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5674-L5690"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a8cec0479bfd53f34e291d56538187c05375e80d20af7f0af08f0db8e1d6ed22"
 		score = 75
 		quality = 90
@@ -14749,8 +15064,8 @@ rule REVERSINGLABS_Cert_Blocklist_E5Ad42C509A7C24605530D35832C091E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5692-L5710"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5692-L5710"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2d57d1c171734d0da167ce7eba47aecd88cd15063488d79659804c6c2fae00a2"
 		score = 75
 		quality = 90
@@ -14773,8 +15088,8 @@ rule REVERSINGLABS_Cert_Blocklist_8E3D89C682F7C0Dad70110Cb7B7C8263 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5712-L5730"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5712-L5730"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a0f42c5492469e7f132b000aead2d674fed4ea9c0e168579fd55a6c89b45ae4d"
 		score = 75
 		quality = 90
@@ -14797,8 +15112,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ef2D35F2Ae82A767A16Be582Ab0D1Ba0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5732-L5750"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5732-L5750"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0709290aeb18bcb855518e150c2768c24ab311f5c727cdc4c40145b879ff88b6"
 		score = 75
 		quality = 90
@@ -14821,8 +15136,8 @@ rule REVERSINGLABS_Cert_Blocklist_039668034826Df47E6207Ec9Daed57C3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5752-L5768"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5752-L5768"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "792860feec6e599ba22ae3869ef132cf5b7be2e0572e23503e293444fd7c382d"
 		score = 75
 		quality = 90
@@ -14845,8 +15160,8 @@ rule REVERSINGLABS_Cert_Blocklist_07Bb6A9D1C642C5973C16D5353B17Ca4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5770-L5786"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5770-L5786"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b98dcd4f0ebe870a9dad55cac5b0db81be6062216337b75a74a0aff8436df57f"
 		score = 75
 		quality = 90
@@ -14869,8 +15184,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A1Dc99E4D5264C45A5090F93242A30A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5788-L5804"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5788-L5804"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1985c9c4f4a93c3088eaec3031df93cf87a9d7ee36b94322330caf3c21982f3c"
 		score = 75
 		quality = 90
@@ -14893,8 +15208,8 @@ rule REVERSINGLABS_Cert_Blocklist_018093Cfad72Cdf402Eecbe18B33Ec71 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5806-L5822"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5806-L5822"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ac398ef89e691158742598777c320832a750a7410904448778afc7ef3c63c255"
 		score = 75
 		quality = 90
@@ -14917,8 +15232,8 @@ rule REVERSINGLABS_Cert_Blocklist_569E03988Af60D80Ce60728940850D9B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5824-L5842"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5824-L5842"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3ea894d9e088c2123f9ec87cbf097e2275fae18cad26e926641fe64921808b1e"
 		score = 75
 		quality = 90
@@ -14941,8 +15256,8 @@ rule REVERSINGLABS_Cert_Blocklist_418F6D959A8A0F82Bef07Ceba3603E52 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5844-L5862"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5844-L5862"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6c13c5e85d6e053319193d1d94f216eeec64405c86d15971419078a1ce6c8ac9"
 		score = 75
 		quality = 90
@@ -14965,8 +15280,8 @@ rule REVERSINGLABS_Cert_Blocklist_5378C5Bbeba0D3309A35Bb47F63037F7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5864-L5882"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5864-L5882"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a96acf93ca6da4d3bf5177b51996825cd3ea70443577622deccdd11fde579c31"
 		score = 75
 		quality = 90
@@ -14989,8 +15304,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Bab6A2Aa84B495D9E554A4C42C0126D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5884-L5900"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5884-L5900"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "79b6df421c78fd3e2f05a60f7d875e02519297a0278614c9f63dff8b1b2a2d18"
 		score = 75
 		quality = 90
@@ -15013,8 +15328,8 @@ rule REVERSINGLABS_Cert_Blocklist_6314001C3235Cd59Bcc3F5278C518804 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5902-L5918"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5902-L5918"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4320f3884c0f7e4939e8988a4e83b8028a5e01fb425ae4faa2273134db835813"
 		score = 75
 		quality = 90
@@ -15037,8 +15352,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ed8Ade5D73B73Dade6943D557Ff87E5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5920-L5936"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5920-L5936"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7796b6e7da900be8634e7f1e51cda1275ab1e7c2709af7ecaa8777ab0b518494"
 		score = 75
 		quality = 90
@@ -15061,8 +15376,8 @@ rule REVERSINGLABS_Cert_Blocklist_0292C7D574132Ba5C0441D1C7Ffcb805 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5938-L5954"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5938-L5954"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d2bcf72f4c5829d161bc40e820eb0b1a85deaa49b749422d5429e27b7fb2b1fe"
 		score = 75
 		quality = 90
@@ -15085,8 +15400,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F23F001458716D435Cca1A55D660Ec5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5956-L5972"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5956-L5972"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bacfb4b7900ab57d23474e0422bd74fff113296b8db37e8eae3bd456443d28d6"
 		score = 75
 		quality = 90
@@ -15109,8 +15424,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E0Ccbdfb4777E10Ea6221B90Dc350C2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5974-L5990"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5974-L5990"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "08a1ff7cc3a7680fdbb3235a7b46709cd4ba530a9afeab4344671db9fe893cc4"
 		score = 75
 		quality = 90
@@ -15133,8 +15448,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ed1847A2Ae5D71Def1E833Fddd33D38 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L5992-L6008"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L5992-L6008"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0ec5eb8ff1f630284fabfba5c58dd563d471343ace718f79dad08cfe75c3070d"
 		score = 75
 		quality = 90
@@ -15157,8 +15472,8 @@ rule REVERSINGLABS_Cert_Blocklist_97Df46Acb26B7C81A13Cc467B47688C8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6010-L6028"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6010-L6028"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6f6e0e175caee83eaec2dacedaf564b642195a8815cfd0d4564f581070b0c545"
 		score = 75
 		quality = 90
@@ -15181,8 +15496,8 @@ rule REVERSINGLABS_Cert_Blocklist_186D49Fac34Ce99775B8E7Ffbf50679D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6030-L6046"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6030-L6046"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0444a5052ee384451ebd85918bbc6bf6d6a75334899a63a8b5828ef06cb9c7ca"
 		score = 75
 		quality = 90
@@ -15205,8 +15520,8 @@ rule REVERSINGLABS_Cert_Blocklist_B1Aea98Bf0Ce789B6C952310F14Edde0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6048-L6066"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6048-L6066"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6e78750d6aca91e9e6d8f2651a5682ccdab5cd20ee3a74e1f8582eb7bc45d614"
 		score = 75
 		quality = 90
@@ -15229,8 +15544,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Dcd0699Da08915Dde6D044Cb474157C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6068-L6084"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6068-L6084"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e1a3f27b8b9b642fe1ca73ec54d225f4470b53d0d06f2eea55ad1ad43ec67b39"
 		score = 75
 		quality = 90
@@ -15253,8 +15568,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B03Cabe6A0481F17A2Dbeb9Aefad425 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6086-L6102"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6086-L6102"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6986e7bd90842647ec6a168c30dca2d5ae8ae5b1c1014f966dd596a78859ac6e"
 		score = 75
 		quality = 90
@@ -15277,8 +15592,8 @@ rule REVERSINGLABS_Cert_Blocklist_64Cd303Fa289790Afa03C403E9240002 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6104-L6120"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6104-L6120"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f51556a8a12affbd7f7633bf8daa50e6332fa3d3448ea08853cf8ed28e593680"
 		score = 75
 		quality = 90
@@ -15301,8 +15616,8 @@ rule REVERSINGLABS_Cert_Blocklist_07Cef66A71C35Bc3Aed6D100C6493863 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6122-L6138"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6122-L6138"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e741fc13fe4d03b145ed1d86e738b415a7260eae5b0908c6991c9ea9896f14cf"
 		score = 75
 		quality = 90
@@ -15325,8 +15640,8 @@ rule REVERSINGLABS_Cert_Blocklist_Be77Fe5C58B7A360Add6A3Fced4E8334 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6140-L6158"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6140-L6158"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cea0d217206562c0045843405802d3b2fad01bdb2a4cfb52057625b43f5f8eee"
 		score = 75
 		quality = 90
@@ -15349,8 +15664,8 @@ rule REVERSINGLABS_Cert_Blocklist_F097E59809Ae2E771B7B9Ae5Fc3408D7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6160-L6178"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6160-L6178"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9e23ff26d3e1ea181e48fc23383e3717804858bc517a31ec508fa0753730c78e"
 		score = 75
 		quality = 90
@@ -15373,8 +15688,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Cf1Ed2A6Ff4Bee621Efdf725Ea174B7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6180-L6196"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6180-L6196"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7030c122905105c72833cfcb41692bd9a67cf456e3309afce0b8f9e65c6aa5c1"
 		score = 75
 		quality = 90
@@ -15397,8 +15712,8 @@ rule REVERSINGLABS_Cert_Blocklist_1249Aa2Ada4967969B71Ce63Bf187C38 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6198-L6214"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6198-L6214"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f84568cfe6304af0307a34bfed6dd346a74e714005b5e6f22a354b14f853ec65"
 		score = 75
 		quality = 90
@@ -15421,8 +15736,8 @@ rule REVERSINGLABS_Cert_Blocklist_D59A05955A4A421500F9561Ce983Aac4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6216-L6234"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6216-L6234"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b7ed87a03f20872669369cc3cad4eae40ba597f06222194bd67262c094083ec1"
 		score = 75
 		quality = 90
@@ -15445,8 +15760,8 @@ rule REVERSINGLABS_Cert_Blocklist_539015999E304A5952985A994F9C3A53 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6236-L6252"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6236-L6252"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "feeb1710bd5b048c689a2e45575529624cd1622dcc73db8fe7de6c133fdc5698"
 		score = 75
 		quality = 90
@@ -15469,8 +15784,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B1926A5E8Ae50A0Efa504F005F93869 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6254-L6270"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6254-L6270"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1cbdf39a873c83d2b55723215fb4930a3ce23b6cab2d71a6cd5f16b2721e30f9"
 		score = 75
 		quality = 90
@@ -15493,8 +15808,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A23B660E7322E54D7Bd0E5Acc890966 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6272-L6288"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6272-L6288"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "17996dd0ec81623dbd4eeea98f9bbe37c11c911ca840833ecb9301bb0a9ddb52"
 		score = 75
 		quality = 90
@@ -15517,8 +15832,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Cfa5050C819C4Acbb8Fa75979688Dff : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6290-L6308"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6290-L6308"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cffc234be78446191dd5f5990db9f17c7e28eeaa3e16f1eb8ad4ed1e58fdc25e"
 		score = 75
 		quality = 90
@@ -15541,8 +15856,8 @@ rule REVERSINGLABS_Cert_Blocklist_044E05Bb1A01A1Cbb50Cfb6Cd24E5D6B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6310-L6326"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6310-L6326"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "40c80d3b6bedb0b3454e14501745a6e82b6ea9ac202748867a2e937fb79c6f6c"
 		score = 75
 		quality = 90
@@ -15565,8 +15880,8 @@ rule REVERSINGLABS_Cert_Blocklist_B7F19B13De9Bee8A52Ff365Ced6F67Fa : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6328-L6346"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6328-L6346"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a8d2a92b44cdd7b123907a6a77ba0fc9fde4961f9ac846b36f1e87730a1efae6"
 		score = 75
 		quality = 90
@@ -15589,8 +15904,8 @@ rule REVERSINGLABS_Cert_Blocklist_B61B8E71514059Adc604Da05C283E514 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6348-L6366"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6348-L6366"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1255cef74082c9cad41ac8e7d62e740f69e6ba44171bb45655a68ee5db204e57"
 		score = 75
 		quality = 90
@@ -15613,8 +15928,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ece6Cbf67Dc41635A5E5D075F286Af23 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6368-L6386"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6368-L6386"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f560e6f4a65eaac8db1d8accb0748de17048e66ccf989468e6350a3ec1d70dc8"
 		score = 75
 		quality = 90
@@ -15637,8 +15952,8 @@ rule REVERSINGLABS_Cert_Blocklist_014A98D697B44F43Ded21F18Eb6Ad0Ba : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6388-L6404"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6388-L6404"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9f1cc61b944974696113912bc1d1a0b45b9911fa4d6de382a48c0d22d2d20953"
 		score = 75
 		quality = 90
@@ -15661,8 +15976,8 @@ rule REVERSINGLABS_Cert_Blocklist_063A7D09107Eddd8Aa1F733634C6591B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6406-L6422"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6406-L6422"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "19f11e1d9ce95eb4bc75387a0118c230388a13cd07b02e00ea1d65cdcc0b2bd7"
 		score = 75
 		quality = 90
@@ -15685,8 +16000,8 @@ rule REVERSINGLABS_Cert_Blocklist_1E74Cfe7De8C5F57840A61034414Ca9F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6424-L6442"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6424-L6442"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d82220d908283f1707ec15882503b02cb8dc80095279a9e7d6cbdd113c25d8ae"
 		score = 75
 		quality = 90
@@ -15709,8 +16024,8 @@ rule REVERSINGLABS_Cert_Blocklist_75Cf729F8A740Bbdef183A1C4D86A02F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6444-L6460"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6444-L6460"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "691fadaa653ecd29e60f2db39b7c5154d7c85f388f72eccd0a4b5fe42eaee0dd"
 		score = 75
 		quality = 90
@@ -15733,8 +16048,8 @@ rule REVERSINGLABS_Cert_Blocklist_2F64677254D3844Efdac2922123D05D1 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6462-L6478"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6462-L6478"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f9f1f629e03563ece0fe5186b199e2f030dce7f58fb259de1aeb7387c76fa902"
 		score = 75
 		quality = 90
@@ -15757,8 +16072,8 @@ rule REVERSINGLABS_Cert_Blocklist_32Fbf8Cfa43Dca3F85Efabe96Dfefa49 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6480-L6496"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6480-L6496"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "73d80e6a0dc2316524a55a9627792b9b4488d238ef529f1767de182956b0865e"
 		score = 75
 		quality = 90
@@ -15781,8 +16096,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ef9D0Cf071D463Cd63D13083046A7B8D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6498-L6516"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6498-L6516"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2923979811504f78a79a2480600285a2697845e51870a44ed231a81e79807121"
 		score = 75
 		quality = 90
@@ -15805,8 +16120,8 @@ rule REVERSINGLABS_Cert_Blocklist_115Cf1353A0E33E19099A4867A4C750A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6518-L6536"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6518-L6536"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2a3353c655531b113dc019a86288310881e3bbcb6c03670a805f22b185e09e6c"
 		score = 75
 		quality = 90
@@ -15829,8 +16144,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Cf3778Bb11115A884E192A7Cb807599 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6538-L6556"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6538-L6556"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4242ef4a30bb09463ec5a6df9367915788a2aa782df6c463bcf966d2aad63c1d"
 		score = 75
 		quality = 90
@@ -15853,8 +16168,8 @@ rule REVERSINGLABS_Cert_Blocklist_82Cb93593B658100Cdd7A00C874287F2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6558-L6576"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6558-L6576"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c77881e0365c9fc398097d0b6e077330a5f0fcbb53279bfde96b3c01df914c55"
 		score = 75
 		quality = 90
@@ -15877,8 +16192,8 @@ rule REVERSINGLABS_Cert_Blocklist_9A8Bcfd05F86B15D0C99F50Cf414Bd00 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6578-L6596"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6578-L6596"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "803d70dddeff51b753b577ea196b12570847c6875ae676a2d12cf1ca9323be34"
 		score = 75
 		quality = 90
@@ -15901,8 +16216,8 @@ rule REVERSINGLABS_Cert_Blocklist_95E5793F2Abe0B4Ec9Be54Fd24F76Ae5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6598-L6616"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6598-L6616"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bd198665ae952e11c91adc329908e3cd55a55365875200cd81d2f71fd092f1fe"
 		score = 75
 		quality = 90
@@ -15925,8 +16240,8 @@ rule REVERSINGLABS_Cert_Blocklist_133565779808C3B79D8E3F70A9C3Ffac : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6618-L6634"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6618-L6634"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b9fb2e3cc150b0278e67c673f7c01174c30b2cc4458c9c5e573661071795b793"
 		score = 75
 		quality = 90
@@ -15949,8 +16264,8 @@ rule REVERSINGLABS_Cert_Blocklist_7E0Ccda0Ef37Acef6C2Ebe4538627E5C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6636-L6654"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6636-L6654"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f13f9b70a2a3187522e4fff45a8a425863ad6242f82592aa9319c8d5fddeeefa"
 		score = 75
 		quality = 90
@@ -15973,8 +16288,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bad35Fd70025D46C56B89E32B1A3954C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6656-L6674"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6656-L6674"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1020250fc5030e50bc1e7d0f0c5a77e462a53f47bfcc4383c682b34fed567492"
 		score = 75
 		quality = 90
@@ -15997,8 +16312,8 @@ rule REVERSINGLABS_Cert_Blocklist_7B91468122273Aa32B7Cfc80C331Ea13 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6676-L6692"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6676-L6692"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "49d6fd8b325df4bc688275a09cee35e1040172eb6f3680aa2b6f0f3640c0782e"
 		score = 75
 		quality = 90
@@ -16021,8 +16336,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E267B5D14Cdf1F645C1Ec545Cec3Aee : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6694-L6710"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6694-L6710"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e36ae57d715a71aa7d26dd003d647dfa7ab16d64e5411b6c49831544fc482645"
 		score = 75
 		quality = 90
@@ -16045,8 +16360,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ae6D3C0269Ef6497E14379C51A8507Ba : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6712-L6730"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6712-L6730"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "23570962c80bddce28a3dee9d4d864cf3cf64018eec6fbcbdd3ca2658c9f660f"
 		score = 75
 		quality = 90
@@ -16069,8 +16384,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fd8C468Cc1B45C9Cfb41Cbd8C835Cc9E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6732-L6750"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6732-L6750"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "230d33f0d1d31d4cb76bf3b13f109d3cc9ace846daef145e1dc7666b33c8a42a"
 		score = 75
 		quality = 90
@@ -16093,8 +16408,8 @@ rule REVERSINGLABS_Cert_Blocklist_7C061Baa3118327255161F6A7Fa4E21D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6752-L6770"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6752-L6770"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4193fce69af03b3521a3cc442b762c52f8585b44fa6b0bd78b9ace171b807ed4"
 		score = 75
 		quality = 90
@@ -16117,8 +16432,8 @@ rule REVERSINGLABS_Cert_Blocklist_04332C16724Ffeda5868D22Af56Aea43 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6772-L6788"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6772-L6788"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6b62d5c7a3c6e3096797cd2f515d86045fa77682638bda44175d05c5b6c5bbc0"
 		score = 75
 		quality = 90
@@ -16141,8 +16456,8 @@ rule REVERSINGLABS_Cert_Blocklist_030012F134E64347669F3256C7D050C5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6790-L6806"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6790-L6806"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1a55856bfa4c632b2b0404686dc7ba5e7238b619dd4d2eb68c3d291bc86e52c4"
 		score = 75
 		quality = 90
@@ -16165,8 +16480,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fa3Dcac19B884B44Ef4F81541184D6B0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6808-L6826"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6808-L6826"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "324de84cb8c2f5402c9326749e3456e11312828df2523954fd84f7fb3298fdf3"
 		score = 75
 		quality = 90
@@ -16189,8 +16504,8 @@ rule REVERSINGLABS_Cert_Blocklist_0E6F4Cb8B06E01C3Bd296Ace3A95F814 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6828-L6844"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6828-L6844"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f3184a9d1fe2a1cf2dcc04d26c284aa9a651d2f00aa28642d7f951550a050138"
 		score = 75
 		quality = 90
@@ -16213,8 +16528,8 @@ rule REVERSINGLABS_Cert_Blocklist_085B70224253486624Fc36Fa658A1E32 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6846-L6862"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6846-L6862"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "50ff48a421a109f8c6bf92032691d9b673945bc591005004ff17dc18c97d4aea"
 		score = 75
 		quality = 90
@@ -16237,8 +16552,8 @@ rule REVERSINGLABS_Cert_Blocklist_51Cd5393514F7Ace2B407C3Dbfb09D8D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6864-L6880"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6864-L6880"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4cd08b9113a7c1f4f2d438ac59ad0be503daded3a08b8c8e8ce3e0dfdddf259e"
 		score = 75
 		quality = 90
@@ -16261,8 +16576,8 @@ rule REVERSINGLABS_Cert_Blocklist_B72179C027B9037Ee220E81Ab18Fe56D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6882-L6900"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6882-L6900"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1416768011ff824307d112bdeecce1ad50d1f673e92bef8fddbbeb58ff98b1b1"
 		score = 75
 		quality = 90
@@ -16285,8 +16600,8 @@ rule REVERSINGLABS_Cert_Blocklist_07B74C70C4Aa092648B7F0D1A8A3A28F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6902-L6918"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6902-L6918"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "97759fa2e519936115f0493e251f9abc0cce3ada437776a5a370388512235491"
 		score = 75
 		quality = 90
@@ -16309,8 +16624,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C8Def294478B7D59Ee95C61Fae3D965 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6920-L6936"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6920-L6936"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3b7b10afa5f0212bd494ba8fe32bef18f2bbd77c8ab2ad498b9557a0575cc177"
 		score = 75
 		quality = 90
@@ -16333,8 +16648,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D36Cbb64Bc9Add17Ba71737D3Ecceca : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6938-L6954"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6938-L6954"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5874860582ed5be6908dca38e6ecae831eeeb0c2b768e8065ada9fd5ac2bda89"
 		score = 75
 		quality = 90
@@ -16357,8 +16672,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ad255D4Ebefa751F3782587396C08629 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6956-L6974"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6956-L6974"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "43f44cbedf37094416628c9df23767be3b036519f93222812597777a146ecb24"
 		score = 75
 		quality = 90
@@ -16381,8 +16696,8 @@ rule REVERSINGLABS_Cert_Blocklist_262Ca7Ae19D688138E75932832B18F9D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6976-L6992"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6976-L6992"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a5bb946c6199cd47a087ac26f0a996261318d1830191ea7c0e7797ff03984558"
 		score = 75
 		quality = 90
@@ -16405,8 +16720,8 @@ rule REVERSINGLABS_Cert_Blocklist_59A57E8Ba3Dcf2B6F59981Fda14B03 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L6994-L7010"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L6994-L7010"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6e77c7d0bd7e5e9bc8880cc6ffc3f5f4f738e3dde22c270ad7a6f6672a99de53"
 		score = 75
 		quality = 90
@@ -16429,8 +16744,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aebe117A13B8Bca21685Df48C74F584D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7012-L7030"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7012-L7030"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e7fbc1f32adec39c94dc046933e152cd6d3946da4a168306484b7b6bc7f26fb6"
 		score = 75
 		quality = 90
@@ -16453,8 +16768,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Dcd19A94535F034Ee36Af4676740633 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7032-L7048"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7032-L7048"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7079d4f1973ad4de21e1f88282c94b11c4d63f8bad12b35ef76a481e154d9da3"
 		score = 75
 		quality = 90
@@ -16477,8 +16792,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ca4822E6905Aa4Fca9E28523F04F14A3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7050-L7068"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7050-L7068"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9633f3494e9ece3a698d47c5ba2b7ee7f82cee4be36ac418c969c36285c4963c"
 		score = 75
 		quality = 90
@@ -16501,8 +16816,8 @@ rule REVERSINGLABS_Cert_Blocklist_24C1Ef800F275Ab2780280C595De3464 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7070-L7086"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7070-L7086"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7536ec92f388234bea3b33bee4af52e0e0ce9cd86b1c8321a503f70bfe5faa76"
 		score = 75
 		quality = 90
@@ -16525,8 +16840,8 @@ rule REVERSINGLABS_Cert_Blocklist_6401831B46588B9D872B02076C3A7B00 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7088-L7104"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7088-L7104"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cb84b27391fa0260061bc5444039967e83f2134f7b56f9cccf6a421d4a65a577"
 		score = 75
 		quality = 90
@@ -16549,8 +16864,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A01A91Cce63Ede5Eaa3Dac4883Aea05 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7106-L7122"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7106-L7122"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "58a26b44e485814fa645bfa490f3442745884026bb7a70327d4f51645ad3f69c"
 		score = 75
 		quality = 90
@@ -16573,8 +16888,8 @@ rule REVERSINGLABS_Cert_Blocklist_54Cd7Ae1C27F1421136Ed25088F4979A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7124-L7140"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7124-L7140"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c7cd84a225216ff1464a147c2572de2b0a2f69f7a315cdebef5ad2bab843b72a"
 		score = 75
 		quality = 90
@@ -16597,8 +16912,8 @@ rule REVERSINGLABS_Cert_Blocklist_F2D693Aad63E6920782A0027Dfc97D91 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7142-L7160"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7142-L7160"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8f29e65b39608518d16f708faef68db37b6e179c567819dccb6681adcec262e3"
 		score = 75
 		quality = 90
@@ -16621,8 +16936,8 @@ rule REVERSINGLABS_Cert_Blocklist_F8E8F6C92Ba666B0688A8Cacce9Acccf : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7162-L7180"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7162-L7180"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "aa419bc044be55d4c94481998be4e9c0310416740084eb8376842cf5416d78bf"
 		score = 75
 		quality = 90
@@ -16645,8 +16960,8 @@ rule REVERSINGLABS_Cert_Blocklist_E3D5089D4B8F01Aadce2731062Fb0Cce : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7182-L7200"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7182-L7200"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7f10b86f156ccac695f480661dfea8bcc455477afd9575230c2f8510327d1996"
 		score = 75
 		quality = 90
@@ -16669,8 +16984,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Ed801843Fa001B8Add52D3A97B25931 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7202-L7218"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7202-L7218"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b7c9424520afe16bd4769e1be84163ac37b8fb37433931f2e362d90cacc01093"
 		score = 75
 		quality = 90
@@ -16693,8 +17008,8 @@ rule REVERSINGLABS_Cert_Blocklist_D9E834182Dec62C654E775E809Ac1D1B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7220-L7238"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7220-L7238"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3d8075e34fa3dc221bc2abc2630a93f32efbdde6df270a77b1d6b64d8ce56133"
 		score = 75
 		quality = 90
@@ -16717,8 +17032,8 @@ rule REVERSINGLABS_Cert_Blocklist_801689896Ed339237464A41A2900A969 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7240-L7258"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7240-L7258"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a371092cbf5a1a0c8051ba2b4c9dd758d829a2f0c21c86d1920164a0ae7751e6"
 		score = 75
 		quality = 90
@@ -16741,8 +17056,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Fd3661533Eef209153C9Afec3Ba4D8A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7260-L7276"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7260-L7276"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ce6c07b8ae54db03e4fa2739856a8d3dc2051c051a10c3c73501dad4296dde97"
 		score = 75
 		quality = 90
@@ -16765,8 +17080,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ced87Bd70B092Cb93B182Fac32655F6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7278-L7294"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7278-L7294"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4e2c967b9502d9009c61831f019ba19367b866e898ca1246a1099d75ad0eb4d5"
 		score = 75
 		quality = 90
@@ -16789,8 +17104,8 @@ rule REVERSINGLABS_Cert_Blocklist_047801D5B55C800B48411Fd8C320Ca5B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7296-L7312"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7296-L7312"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ef26b4e3c658f53f3048d10bd1b7a2a198cd402e1b7c60e84adadb4f236ccb5d"
 		score = 75
 		quality = 90
@@ -16813,8 +17128,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F0Ed5318848703405D40F7C62D0F39A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7314-L7330"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7314-L7330"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "484932ddfe614fd5ab22361ab281cda62803c98279f938aa5237237fae6a95d6"
 		score = 75
 		quality = 90
@@ -16837,8 +17152,8 @@ rule REVERSINGLABS_Cert_Blocklist_4E7545C9Fc5938F5198Ab9F1749Ca31C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7332-L7348"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7332-L7348"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f6be57eb6744ad6d239a0a2cc1ec8c39c9dfd4e4eeb3be9e699516c259f617f0"
 		score = 75
 		quality = 90
@@ -16861,8 +17176,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Ddd3796A427B42F2E52D7C7Af0Ca54F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7350-L7366"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7350-L7366"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "804ab8c44e5d97d8e14f852d61094e90d1e3ace66316781e9e79ab46fc7db8e7"
 		score = 75
 		quality = 90
@@ -16885,8 +17200,8 @@ rule REVERSINGLABS_Cert_Blocklist_03B27D7F4Ee21A462A064A17Eef70D6C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7368-L7384"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7368-L7384"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b303751e354c346f73368de94b66a960dd12efa0730d2ab14af743810669ac81"
 		score = 75
 		quality = 90
@@ -16909,8 +17224,8 @@ rule REVERSINGLABS_Cert_Blocklist_B0A308Fc2E71Ac4Ac40677B9C27Ccbad : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7386-L7404"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7386-L7404"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "21fd7625399c939b6d03100b731709616d206a3811197af2b86991be9d89b4eb"
 		score = 75
 		quality = 90
@@ -16933,8 +17248,8 @@ rule REVERSINGLABS_Cert_Blocklist_61B11Ef9726Ab2E78132E01Bd791B336 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7406-L7422"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7406-L7422"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1a8e72f31039a5a5602d0314f017a2596a23e4a796dc66167dfefc0c9790e3e3"
 		score = 75
 		quality = 90
@@ -16957,8 +17272,8 @@ rule REVERSINGLABS_Cert_Blocklist_8Fe807310D98357A59382090634B93F0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7424-L7442"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7424-L7442"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0ec56bd4783c854efef863050ff729fd99efa98b7b19e04e56a080ee3e75cd90"
 		score = 75
 		quality = 90
@@ -16981,8 +17296,8 @@ rule REVERSINGLABS_Cert_Blocklist_B97F66Bb221772Dc07Ef1D4Bed8F6085 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7444-L7462"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7444-L7462"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "794dc27ff9b2588d3f2c31cdb83e53616c604aa41da7d8c895034e1cf9da5dd8"
 		score = 75
 		quality = 90
@@ -17005,8 +17320,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fed006Fbf85Cd1C6Ba6B4345B198E1E6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7464-L7482"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7464-L7482"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0360c6760f1018f9388ef5639ab2306879134f33da12677f954fa31b8a71aa16"
 		score = 75
 		quality = 90
@@ -17029,8 +17344,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aa28C9Bd16D9D304F18Af223B27Bfa1E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7484-L7502"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7484-L7502"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "feaa8d645eea46c7cbbba4ba86c92184df7515a50f1f905ab818c59079a0c96a"
 		score = 75
 		quality = 90
@@ -17053,8 +17368,8 @@ rule REVERSINGLABS_Cert_Blocklist_19Beff8A6C129663E5E8C18953Dc1F67 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7504-L7520"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7504-L7520"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0ec031c781ebad7447cfc53ce791aacc8f24e38f039c84e2ee547de64729ae76"
 		score = 75
 		quality = 90
@@ -17077,8 +17392,8 @@ rule REVERSINGLABS_Cert_Blocklist_029685Cda1C8233D2409A31206F78F9F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7522-L7538"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7522-L7538"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d541ce73e5039541ea221f27cc4d033f0c477e41a148206c26cc39ae07c4caaa"
 		score = 75
 		quality = 90
@@ -17101,8 +17416,8 @@ rule REVERSINGLABS_Cert_Blocklist_D609B6C95428954A999A8A99D4F198Af : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7540-L7558"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7540-L7558"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a124f80d599051ecd7c17e6818d181ea018db14c9f0514bbcc5b677ba3656d65"
 		score = 75
 		quality = 90
@@ -17125,8 +17440,8 @@ rule REVERSINGLABS_Cert_Blocklist_D3356318924C8C42959Bf1D1574E6482 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7560-L7578"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7560-L7578"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a672054a776d0715fc888578bcb559d24ef54b4c523f7d49a39ded2586c3140a"
 		score = 75
 		quality = 90
@@ -17149,8 +17464,8 @@ rule REVERSINGLABS_Cert_Blocklist_31D852F5Fca1A5966B5Ed08A14825C54 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7580-L7596"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7580-L7596"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8c98b856d53e6862e94042bb133f5739bddcec2e208e43961b23e244584c6ee4"
 		score = 75
 		quality = 90
@@ -17173,8 +17488,8 @@ rule REVERSINGLABS_Cert_Blocklist_17D99Cc2F5B29522D422332E681F3E18 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7598-L7614"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7598-L7614"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "55cc1634cdc5209d68b98fdb0d9e97e0a34346cdcb10f243d13217cda01195f1"
 		score = 75
 		quality = 90
@@ -17197,8 +17512,8 @@ rule REVERSINGLABS_Cert_Blocklist_6A568F85De2061F67Ded98707D4988Df : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7616-L7632"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7616-L7632"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "793be308a4df55c3b325e1ee3185159c4155f6dfabc311216d3763bd43680bd4"
 		score = 75
 		quality = 90
@@ -17221,8 +17536,8 @@ rule REVERSINGLABS_Cert_Blocklist_038Fc745523B41B40D653B83Aa381B80 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7634-L7650"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7634-L7650"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "016ca6dcb5c7c56c80e4486b84d97fb3869a959ef3e8392e4376a0a0de06092f"
 		score = 75
 		quality = 90
@@ -17245,8 +17560,8 @@ rule REVERSINGLABS_Cert_Blocklist_30Af0D0E6D8201A5369664C5Ebbb010F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7652-L7668"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7652-L7668"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "018e5a0fbeeaded2569b83e2f91230e0055a5ffa2059b7a064a5c2eda55ed2de"
 		score = 75
 		quality = 90
@@ -17269,8 +17584,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ac0A7B9420B369Af3Ddb748385B981 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7670-L7688"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7670-L7688"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2bc31eaa64be487cb85873a64b7462d90d1c28839def070ce5db7ae555383421"
 		score = 75
 		quality = 90
@@ -17293,8 +17608,8 @@ rule REVERSINGLABS_Cert_Blocklist_C167F04B338B1E8747B92C2197403C43 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7690-L7708"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7690-L7708"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8e0a11efc739baefe23a3d77e4eefc9dc23c74821c91fc219822dbc5dbb468b1"
 		score = 75
 		quality = 90
@@ -17317,8 +17632,8 @@ rule REVERSINGLABS_Cert_Blocklist_9272607Cfc982B782A5D36C4B78F5E7B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7710-L7728"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7710-L7728"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2b1d6f27fb513542589a5c9011e501a9d298282bba6882eac0fc7bf3e6ebb291"
 		score = 75
 		quality = 90
@@ -17341,8 +17656,8 @@ rule REVERSINGLABS_Cert_Blocklist_45Eb9187A2505D8E6C842E6D366Ad0C8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7730-L7746"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7730-L7746"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4ae755e814ae2488d4bd6b8136ab6d78e4809a2ddacb7f88cf1d2b64c1488898"
 		score = 75
 		quality = 90
@@ -17365,8 +17680,8 @@ rule REVERSINGLABS_Cert_Blocklist_56Fff139Df5Ae7E788E5D72196Dd563A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7748-L7764"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7748-L7764"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4b58c83901605d8b43519f1bc2d4ac8dc10c794f027681378b2bee2a8ff81604"
 		score = 75
 		quality = 90
@@ -17389,8 +17704,8 @@ rule REVERSINGLABS_Cert_Blocklist_E161F76Da3B5E4623892C8E6Fda1Ea3D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7766-L7784"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7766-L7784"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "883545593b48aa11c11f7fa1a1f77c62321ea86067f1ed108dcd00c8c6cd3495"
 		score = 75
 		quality = 90
@@ -17413,8 +17728,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Ae5B177Ac3A7Ce2Aadf1C891B574924 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7786-L7804"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7786-L7804"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "03ac299459a1aaf2e4a2e62884cd321e16100fee78b4b0e271acdd8a4e32525c"
 		score = 75
 		quality = 90
@@ -17437,8 +17752,8 @@ rule REVERSINGLABS_Cert_Blocklist_A03Ea3A4Fa772B17037A0B80F1F968Aa : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7806-L7824"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7806-L7824"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e2044c6ddb80f3add13dfc3b623d0460ce8e9a66c5a98582f80d906edbbbd829"
 		score = 75
 		quality = 90
@@ -17461,8 +17776,8 @@ rule REVERSINGLABS_Cert_Blocklist_333Ca7D100B139B0D9C1A97Cb458E226 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7826-L7842"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7826-L7842"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b3a31a54132fd8ca2c11b7806503207a4197f16af78693387bac56879b5e1448"
 		score = 75
 		quality = 90
@@ -17485,8 +17800,8 @@ rule REVERSINGLABS_Cert_Blocklist_9245D1511923F541844Faa3C6Bfebcbe : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7844-L7862"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7844-L7862"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b965e897b42c39841e663cc144cf6e4a81fc9bcb64ce3a15a7ca021e95866b08"
 		score = 75
 		quality = 90
@@ -17509,8 +17824,8 @@ rule REVERSINGLABS_Cert_Blocklist_2888Cf0F953A4A3640Ee4Cfc6304D9D4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7864-L7880"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7864-L7880"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a9ee8534d89b8ac8705bb1777718513a28e4531ed398f482f46a72f2760af161"
 		score = 75
 		quality = 90
@@ -17533,8 +17848,8 @@ rule REVERSINGLABS_Cert_Blocklist_C8Edcfe8Be174C2F204D858C5B91Dea5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7882-L7900"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7882-L7900"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b3e6927abfce69548374bfd430a3ae3a1c5a8d05f0f40e43091b4d12025c5b1a"
 		score = 75
 		quality = 90
@@ -17557,8 +17872,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Faf8705A3Eaef9340800Cc4Fd38597C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7902-L7920"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7902-L7920"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "66a340f169e401705ba229d2d4548cef1a57bf1d2d320b108d12b2049b063b92"
 		score = 75
 		quality = 90
@@ -17581,8 +17896,8 @@ rule REVERSINGLABS_Cert_Blocklist_0940Fa9A4080F35052B2077333769C2F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7922-L7938"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7922-L7938"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "45636ea33751fea61572539fe6f28bccd05df9b6b9e7f2d77bb738f7c69c53a2"
 		score = 75
 		quality = 90
@@ -17605,8 +17920,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ea720222D92Dc8D48E3B3C3B0Fc360A6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7940-L7958"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7940-L7958"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c60e1ccf178f03f930a3bc41e9a92be20df0362f067ed1fcfc7c93627a056d75"
 		score = 75
 		quality = 90
@@ -17629,8 +17944,8 @@ rule REVERSINGLABS_Cert_Blocklist_4743E140C05B33F0449023946Bd05Acb : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7960-L7976"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7960-L7976"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "69ce1512d7df4926ee2b470b18fbe51a2aa81e07b37b2536617d6353045e0d19"
 		score = 75
 		quality = 90
@@ -17653,8 +17968,8 @@ rule REVERSINGLABS_Cert_Blocklist_A496Bc774575C31Abec861B68C36Dcb6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7978-L7996"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7978-L7996"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f82214f982c9972e547f77966c44e935e9de701cc9108ceca34a4fede850d243"
 		score = 75
 		quality = 90
@@ -17677,8 +17992,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A55C15F733Bf1633E9Ffae8A6E3B37D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L7998-L8014"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L7998-L8014"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "89ca9f1c5cf0b029748528d8c5bb65f89ee05877bfdc13b4ce3d2d3e7feafb5d"
 		score = 75
 		quality = 90
@@ -17701,8 +18016,8 @@ rule REVERSINGLABS_Cert_Blocklist_C650Ae531100A91389A7F030228B3095 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8016-L8034"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8016-L8034"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "186b66283491cfebcaade57b1010ce4304c08ddb131153984210c2c7025961aa"
 		score = 75
 		quality = 90
@@ -17725,8 +18040,8 @@ rule REVERSINGLABS_Cert_Blocklist_3990362C34015Ce4C23Ecc3377Fd3C06 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8036-L8052"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8036-L8052"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0625800fcb166b56cab2e16d0d757983a6f880b68627ed8c3c38419dd9a32999"
 		score = 75
 		quality = 90
@@ -17749,8 +18064,8 @@ rule REVERSINGLABS_Cert_Blocklist_121Fca3Cfa4Bd011669F5Cc4E053Aa3F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8054-L8070"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8054-L8070"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1edd5be3f970202be15080cd7ef19c0cce7fcba73cb6120d7cb7d518e877cf85"
 		score = 75
 		quality = 90
@@ -17773,8 +18088,8 @@ rule REVERSINGLABS_Cert_Blocklist_D338F8A490E37E6C2Be80A0E349929Fa : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8072-L8090"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8072-L8090"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "39d9695803e96508b5ad12a7d9f8b65d13288dbe94b21a4952e096dd576e11ce"
 		score = 75
 		quality = 90
@@ -17797,8 +18112,8 @@ rule REVERSINGLABS_Cert_Blocklist_2C1Ee9B583310B5E34A1Ee6945A34B26 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8092-L8108"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8092-L8108"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7752e49e8848863d78c5de03c3d194498765d80da00a84c5164c7a9010d13474"
 		score = 75
 		quality = 90
@@ -17821,8 +18136,8 @@ rule REVERSINGLABS_Cert_Blocklist_D875B3E3F2Db6C3Eb426E24946066111 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8110-L8128"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8110-L8128"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9e181271d46c828b9ec266331e077b3b4891a193c71173447da383fad91ae878"
 		score = 75
 		quality = 90
@@ -17845,8 +18160,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ad0A958Cdf188Bed43154A54Bf23Afba : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8130-L8148"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8130-L8148"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "07e53e59f90aa3cd3a98dbca2627672606f6c6f8f3bda8456e32122463729c4b"
 		score = 75
 		quality = 90
@@ -17869,8 +18184,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Cee26C125B8C188F316C3Fa78D9C2F1 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8150-L8166"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8150-L8166"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5c64f8e40c31822ce8d2e34f96ccc977085e429f0c068a5f6b44099117837de1"
 		score = 75
 		quality = 90
@@ -17893,8 +18208,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C687A0022C36F89E253F91D1F6954E2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8168-L8184"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8168-L8184"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "287c0c7a25e33e0e7def6efa23dbd2efba7c4ac3aa8f5deb8568a60a95e08bbe"
 		score = 75
 		quality = 90
@@ -17917,8 +18232,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ca646B4275406Df639Cf603756F63D77 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8186-L8204"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8186-L8204"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a690e3f6a656835984e47d999271fe441a5fbf424208da8d5b3c9ddcef47b70e"
 		score = 75
 		quality = 90
@@ -17941,8 +18256,8 @@ rule REVERSINGLABS_Cert_Blocklist_Addbec454B5479Cabd940A72Df4500Af : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8206-L8224"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8206-L8224"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "799629791646c524d170b900339b87474aed73b7156a8c4dd20f7c13cbe97929"
 		score = 75
 		quality = 90
@@ -17965,8 +18280,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ac307E5257Bb814B818D3633B630326F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8226-L8244"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8226-L8244"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "10819bd2194fface6db812f8c6770c306c183386d2d9ba97467a5b55fd997194"
 		score = 75
 		quality = 90
@@ -17989,8 +18304,8 @@ rule REVERSINGLABS_Cert_Blocklist_0D83E7F47189Cdbfc7Fa3E5F58882329 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8246-L8262"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8246-L8262"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b344f9fd6d8378b7d77a34b14c5f37eea253f3d13a8eb0777925f195fb3cf502"
 		score = 75
 		quality = 90
@@ -18013,8 +18328,8 @@ rule REVERSINGLABS_Cert_Blocklist_58Aa64564A50E8B2D6E31D5Cd6250Fde : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8264-L8280"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8264-L8280"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f6b50ebf707b67650fe832d81c6fe8d2411cd83432ef94432d181db0c29aa48b"
 		score = 75
 		quality = 90
@@ -18037,8 +18352,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Aa0Ae245B487C8926C88Ee6D736D1Ca : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8282-L8298"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8282-L8298"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5a362175600552983ae838ca18aa378dc748b8b68bd8b67a9387794d983ed1a2"
 		score = 75
 		quality = 90
@@ -18061,8 +18376,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Aec3D3F752A38617C1D7A677D0B5591 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8300-L8316"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8300-L8316"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b299833a19944ca6943ba9c974ec95369c57cd61acc8b2e1b5310edd077762c2"
 		score = 75
 		quality = 90
@@ -18085,8 +18400,8 @@ rule REVERSINGLABS_Cert_Blocklist_A7E1Dc5352C3852C5523030F57F2425C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8318-L8336"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8318-L8336"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "79c42c9a4eeeb69a62a16590e2b0b63818785509a40d543c7efe27ec6baaa19e"
 		score = 75
 		quality = 90
@@ -18109,8 +18424,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bbd4Dc3768A51Aa2B3059C1Bad569276 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8338-L8356"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8338-L8356"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f336570834e0663c6e589fa22b3541f4f79c40ff945dd91f1fd1258a96adeceb"
 		score = 75
 		quality = 90
@@ -18133,8 +18448,8 @@ rule REVERSINGLABS_Cert_Blocklist_08622B9Dd9D78E67678Ecc21E026522E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8358-L8374"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8358-L8374"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "09507b09b035195b74434f56041588f67245fa097183228dffc612bb4901825b"
 		score = 75
 		quality = 90
@@ -18157,8 +18472,8 @@ rule REVERSINGLABS_Cert_Blocklist_E69A6De0074Ece38C2F30F0D4A808456 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8376-L8394"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8376-L8394"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "21d8641d2394120847044f0e6f4d868095a1e30c0b594a3d045877ab9b3808a1"
 		score = 75
 		quality = 90
@@ -18181,8 +18496,8 @@ rule REVERSINGLABS_Cert_Blocklist_8385684419Ab26A3F2640B1496E1Fe94 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8396-L8414"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8396-L8414"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "24f75badc335160a8053a4c7e8bbd8ddbd3266c3a18059a937d5989df97ae9d9"
 		score = 75
 		quality = 90
@@ -18205,8 +18520,8 @@ rule REVERSINGLABS_Cert_Blocklist_21E3Cae5B77C41528658Ada08509C392 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8416-L8432"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8416-L8432"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2e24ed0bd0bf3c36cae4bf106a2c17386bfb58b76372068be9745c2d501f30fc"
 		score = 75
 		quality = 90
@@ -18229,8 +18544,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Abd2Eef14D480Dfea9Ca9Fdd823Cf03 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8434-L8450"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8434-L8450"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2dfc220c44d3dda28a253e5115ae9a087b6ddbf1a7ca1e9bcae5bd9ac5b2e1a0"
 		score = 75
 		quality = 90
@@ -18253,8 +18568,8 @@ rule REVERSINGLABS_Cert_Blocklist_86909B91F07F9316984D888D1E28Ab76 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8452-L8470"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8452-L8470"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "abd84492ed008125688a53e20d51780fa0b8c2309dcf751ff76a03d6f337beaa"
 		score = 75
 		quality = 90
@@ -18277,8 +18592,8 @@ rule REVERSINGLABS_Cert_Blocklist_D1B8F1Fe56381Befdb2E73Ffef2A4B28 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8472-L8490"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8472-L8490"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c118cb46914e7a6df8dd33dd14d5f9cf2692d98311503ec850cc66f02c20839e"
 		score = 75
 		quality = 90
@@ -18301,8 +18616,8 @@ rule REVERSINGLABS_Cert_Blocklist_D4Ef1Ab6Ab5D3Cb35E4Efb7984Def7A2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8492-L8510"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8492-L8510"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ecc2f6bfda1a0afd016f0a5183c0d1cdfe5d5e06c893a7d9a3d7cb7f9bc4bf16"
 		score = 75
 		quality = 90
@@ -18325,8 +18640,8 @@ rule REVERSINGLABS_Cert_Blocklist_066276Af2F2C7E246D3B1Cab1B4Aa42E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8512-L8528"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8512-L8528"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "30d4fa2cbc75d3a6258cdf0374159f25ea152c39784f8b7e9c461978df865dc0"
 		score = 75
 		quality = 90
@@ -18349,8 +18664,8 @@ rule REVERSINGLABS_Cert_Blocklist_65Cd323C2483668B90A44A711D2A6B98 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8530-L8546"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8530-L8546"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "653aff6f3913f1bf51e90e7a835dbb5441457175797cefdddd234a6c2c0f11ad"
 		score = 75
 		quality = 90
@@ -18373,8 +18688,8 @@ rule REVERSINGLABS_Cert_Blocklist_5A17D5De74Fd8F09Df596Df3123139Bb : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8548-L8564"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8548-L8564"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7ed62740fe191d961ad32b2a79463cc9cbce557ea757e413860f7b4974904c03"
 		score = 75
 		quality = 90
@@ -18397,8 +18712,8 @@ rule REVERSINGLABS_Cert_Blocklist_15Da61D7E1A631803431561674Fb9B90 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8566-L8582"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8566-L8582"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "75d2c3b47fe9c863812f2c98fc565af9050b909a03528e2ea4a96542a3ec0c0d"
 		score = 75
 		quality = 90
@@ -18421,8 +18736,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Ab21306B11Ff280A93Fc445876988Ab : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8584-L8600"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8584-L8600"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0cda954aa807336a6737716d0fa43d696376c240ab7be9d8477baf8800604bf1"
 		score = 75
 		quality = 90
@@ -18445,8 +18760,8 @@ rule REVERSINGLABS_Cert_Blocklist_634E16E38F12E9A71Aca08E4C6B2Dbb9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8602-L8618"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8602-L8618"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "08950f276e5cf3fe4b5f7421ba671dfd72585aac3bbed7868fdb0e5aa90ec10e"
 		score = 75
 		quality = 90
@@ -18469,8 +18784,8 @@ rule REVERSINGLABS_Cert_Blocklist_289051A83F350A2C600187C99B6C0A73 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8620-L8636"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8620-L8636"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cd5d6f95f0cfdbf8d37ea78d061ce00512b6cb7c899152b1640673494d539dd1"
 		score = 75
 		quality = 90
@@ -18493,8 +18808,8 @@ rule REVERSINGLABS_Cert_Blocklist_818631110B5D14331Dac7E6Ad998B902 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8638-L8656"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8638-L8656"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5e0de3848adf933632c2eb8cf5ead61d6470237386ba8b48d57a278d99dba324"
 		score = 75
 		quality = 90
@@ -18517,8 +18832,8 @@ rule REVERSINGLABS_Cert_Blocklist_277Cd16De5D61B9398B645Afe41C09C7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8658-L8674"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8658-L8674"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "696467d699dec060b205f36f53dbe157b241823757d72798b35235d6530fd193"
 		score = 75
 		quality = 90
@@ -18541,8 +18856,8 @@ rule REVERSINGLABS_Cert_Blocklist_D0Eda76C13D30C97015708790Bb94214 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8676-L8694"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8676-L8694"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2112ebfb7c9ebbbccb20cefcd23bb49142da770feb16ee8eef5eb27646226785"
 		score = 75
 		quality = 90
@@ -18565,8 +18880,8 @@ rule REVERSINGLABS_Cert_Blocklist_6333Ed618F88A05B4D82Ad7Bf66Cb0Fa : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8696-L8712"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8696-L8712"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b088ac4b74a8cf3dddb67c8de2b7c3c5f537287a0454c0030c0eb4069c465c7d"
 		score = 75
 		quality = 90
@@ -18589,8 +18904,8 @@ rule REVERSINGLABS_Cert_Blocklist_3B777165B125Bccc181D0Bac3F5B55B3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8714-L8730"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8714-L8730"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "80aff3d6f45f5847d5d39b170b9d0e70168d02569ca6d86a2c39150399d290fc"
 		score = 75
 		quality = 90
@@ -18613,8 +18928,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B37Ac3479283B6F9D75Ddf0F8742D06 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8732-L8748"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8732-L8748"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b7abd389ac31cd970e6611c7c303714fdd658f45d4857ad524f5e8368edbb875"
 		score = 75
 		quality = 90
@@ -18637,8 +18952,8 @@ rule REVERSINGLABS_Cert_Blocklist_3112C69D460C781Fd649C71E61Bfec82 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8750-L8766"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8750-L8766"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ed31b0a24d18a451163867f0f49df12af3ca0768f250ac8ce66d41405393130d"
 		score = 75
 		quality = 90
@@ -18661,8 +18976,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A5B4F67Ad8B22Afc2Debe6Ce5F8F679 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8768-L8784"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8768-L8784"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "938efb7ee19970484aded5cd46b2ff730f8882706bec3f062bdebde3cc9a4799"
 		score = 75
 		quality = 90
@@ -18685,8 +19000,8 @@ rule REVERSINGLABS_Cert_Blocklist_Df45B36C9D0Bd248C3F9494E7Ca822 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8786-L8804"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8786-L8804"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9c03522376b0d807cd36a0641e474d770bc3b4f8221f26d232878d2d320d072b"
 		score = 75
 		quality = 90
@@ -18709,8 +19024,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Ae3C4Eccecda2127D43Be390A850Dda : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8806-L8822"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8806-L8822"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8a2ff4f7a5ac996127778b1670e79291bddcb5dee6e7da2b540fd254537ee27e"
 		score = 75
 		quality = 90
@@ -18733,8 +19048,8 @@ rule REVERSINGLABS_Cert_Blocklist_2E36360538624C9B1Afd78A2Fb756028 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8824-L8840"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8824-L8840"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9cbb50c7d383048fd506506fa9ee8bf7c6d82feaf21bcde4008ab99b82e234a7"
 		score = 75
 		quality = 90
@@ -18757,8 +19072,8 @@ rule REVERSINGLABS_Cert_Blocklist_Addb899F8229Fd53E6435E08Bbd3A733 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8842-L8860"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8842-L8860"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ecb8e31b8c56b92cef601618e0adc2f6d88999318805b92389693aa9e8050d18"
 		score = 75
 		quality = 90
@@ -18781,8 +19096,8 @@ rule REVERSINGLABS_Cert_Blocklist_C1A1Db95D7Bf80290Aa6E82D8F8F996A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8862-L8880"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8862-L8880"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "84c7c0e53facadcdfd752e9cf3811fbfd6aac4bef4109acf430a67b6dcd37bfc"
 		score = 75
 		quality = 90
@@ -18805,8 +19120,8 @@ rule REVERSINGLABS_Cert_Blocklist_C667Ffe3A5B0A5Ae7Cf3A9E41682E91B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8882-L8900"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8882-L8900"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "be2cd688f2d7c458ee764bd7a7250e0116328702db5585b444d631f05cdc701b"
 		score = 75
 		quality = 90
@@ -18829,8 +19144,8 @@ rule REVERSINGLABS_Cert_Blocklist_E0A83917660D05Cf476374659D3C7B85 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8902-L8920"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8902-L8920"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f60753ecb775d664e07e78611568799eaf06fb4742bcef3bf0c28202daf98c50"
 		score = 75
 		quality = 90
@@ -18853,8 +19168,8 @@ rule REVERSINGLABS_Cert_Blocklist_Afc5522898143Aafaab7Fd52304Cf00C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8922-L8940"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8922-L8940"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bfcf2fbbd9be97202eeb44c0f81f0a0713d4d30c466f2b170231c7f9df0e9e6d"
 		score = 75
 		quality = 90
@@ -18877,8 +19192,8 @@ rule REVERSINGLABS_Cert_Blocklist_8B3333D32B2C2A1D33B41Ba5Db9D4D2D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8942-L8960"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8942-L8960"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cdb3f1983ed17df22d17c6321bc2ead2c391d70fdca4a9f6f4784f62196b85d0"
 		score = 75
 		quality = 90
@@ -18901,8 +19216,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fbb1198Bd8Bddb0D693Eb72A8613Fe3F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8962-L8980"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8962-L8980"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2e004116d0f8df5a625b190127655926336fc74b4cce4ae40cd516a135e5d719"
 		score = 75
 		quality = 90
@@ -18925,8 +19240,8 @@ rule REVERSINGLABS_Cert_Blocklist_846F77D9919Fc4405Aefe1701309Bd67 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L8982-L9000"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L8982-L9000"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6739049a61183d506daf9aaf44a3b15cbf2234c6af307ec95bc07fa3d8501105"
 		score = 75
 		quality = 90
@@ -18949,8 +19264,8 @@ rule REVERSINGLABS_Cert_Blocklist_0939C2Bad859C0432E8E98A6C0162C02 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9002-L9018"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9002-L9018"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3c48241e52e58600bfa0385742831dba59d9cbd959cd6853fe8e030f5df79c23"
 		score = 75
 		quality = 90
@@ -18973,8 +19288,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Fba0E19919Ac50D700Ba60250D02C8B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9020-L9036"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9020-L9036"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8c803111df930056bdc3ef7560f07bf4d255b93286d01ecc55f790e72565ba5d"
 		score = 75
 		quality = 90
@@ -18997,8 +19312,8 @@ rule REVERSINGLABS_Cert_Blocklist_A758504E7971869D0Aec2775Fffa03D5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9038-L9056"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9038-L9056"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "dcb1ac4c7dcbebd0a432515da82e4a97be6c6c2a54f9d642aa8c1a2bcbdce5de"
 		score = 75
 		quality = 90
@@ -19021,8 +19336,8 @@ rule REVERSINGLABS_Cert_Blocklist_37A67Cf754Ee5Ae284B4Cf8B9D651604 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9058-L9074"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9058-L9074"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "22cb71eebbb212a4436847c11c7ca9cefaf118086b024014c12498a6a5953af5"
 		score = 75
 		quality = 90
@@ -19045,8 +19360,8 @@ rule REVERSINGLABS_Cert_Blocklist_119Acead668Bad57A48B4F42F294F8F0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9076-L9092"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9076-L9092"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "61c49c60fc4fd5d654a6376fcee43e986a5351f085a5652a3c8888774557e053"
 		score = 75
 		quality = 90
@@ -19069,8 +19384,8 @@ rule REVERSINGLABS_Cert_Blocklist_7A6D30A6Eb2Fa0C3369283725704Ac4C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9094-L9110"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9094-L9110"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "788abb53ed7974d87c1b1bdbe31dcd3e852ea64745d94780d78d1217ee0206fe"
 		score = 75
 		quality = 90
@@ -19093,8 +19408,8 @@ rule REVERSINGLABS_Cert_Blocklist_670C3494206B9F0C18714Fdcffaaa42F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9112-L9128"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9112-L9128"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3b1e244b5f543a05beb2475020aa20dfc723f4dce3a5a0a963db1672d3295721"
 		score = 75
 		quality = 90
@@ -19117,8 +19432,8 @@ rule REVERSINGLABS_Cert_Blocklist_0E8Aa328Af207Ce8Bcae1Dc15C626188 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9130-L9146"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9130-L9146"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4022abb8efbda944e35ff529c5b3b3c9f6370127a945f3eec1310149bb5d06e4"
 		score = 75
 		quality = 90
@@ -19141,8 +19456,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cfad6Be1D823B4Eacb803B720F525A7D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9148-L9166"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9148-L9166"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d8005774e6011d8198039a6588834cd0b13dd728103b63c3ea8b6e0dc3878f05"
 		score = 75
 		quality = 90
@@ -19165,8 +19480,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Ebcb54B7E0E6410B28610De0743D4Dd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9168-L9184"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9168-L9184"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c9444ff9e13192bf300afac12554bc4cc2defb37bb5b57906b6163db378c515a"
 		score = 75
 		quality = 90
@@ -19189,8 +19504,8 @@ rule REVERSINGLABS_Cert_Blocklist_01106Cc293772Ca905A2B6Eff02Bf0F5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9186-L9202"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9186-L9202"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "81e19c06de4546a2cee974230ef7aa15291f20f2e6b6f89c9b12107c26836b5e"
 		score = 75
 		quality = 90
@@ -19213,8 +19528,8 @@ rule REVERSINGLABS_Cert_Blocklist_05Bb162F6Efe852B7Bd4712Fd737A61E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9204-L9220"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9204-L9220"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d2fcbce0826c1478338827376d2c7869e5b38dc6d5e737a2f986600c6f71b1e6"
 		score = 75
 		quality = 90
@@ -19237,8 +19552,8 @@ rule REVERSINGLABS_Cert_Blocklist_6171990Ba1C8E71049Ebb296A35Bd160 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9222-L9238"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9222-L9238"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e922bb850b7c5c70db80e6a2b99310eac48d3b10b94a7259899facd681916bfa"
 		score = 75
 		quality = 90
@@ -19261,8 +19576,8 @@ rule REVERSINGLABS_Cert_Blocklist_2114Ca3Bd2Afd63D7Fa29D744992B043 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9240-L9256"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9240-L9256"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "241fe5a9f233fa36a665d22b38fd360bee21bc9832c15ac9c9d9b17adc3bb306"
 		score = 75
 		quality = 90
@@ -19285,8 +19600,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Aaa62208A3A78Bfac1443007D031E61 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9258-L9274"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9258-L9274"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7ba7f69514230fe636efc0a12fb9ac489a5a80ca1f5bcdb050dd30ee8f69659c"
 		score = 75
 		quality = 90
@@ -19309,8 +19624,8 @@ rule REVERSINGLABS_Cert_Blocklist_09450B8F73Ea43E39D2Cdd56049Dbe40 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9276-L9292"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9276-L9292"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "22b344b8befc00b0154d225603c81c6058399770f54cb6a09d0f7908c5c8188c"
 		score = 75
 		quality = 90
@@ -19333,8 +19648,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Efd9Bd4B4281C6522D96011Df46C9C4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9294-L9310"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9294-L9310"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8f8a5e3457c05c5e70e33041c5b0b971cf8f19313d47055fd760ed17d94c8794"
 		score = 75
 		quality = 90
@@ -19357,8 +19672,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Dd7D4A785990584D8C0837659173272 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9312-L9328"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9312-L9328"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d18a479f07f2bdb890437e2bcb0213abdfb0eb684cdaf17c5eb0583039f2edb4"
 		score = 75
 		quality = 90
@@ -19381,8 +19696,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C59D46580F039Af2C4Ab6Ba0Ffed197 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9330-L9346"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9330-L9346"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "32eea2a436f386ef44a00ef72be8be7d4070b02f84ba71c7ee1ca407fddce8ec"
 		score = 75
 		quality = 90
@@ -19405,8 +19720,8 @@ rule REVERSINGLABS_Cert_Blocklist_0448Ec8D26597F99912138500Cc41C1B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9348-L9364"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9348-L9364"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "001556c31cfb0d94978adc48dc0d24c83666512348c65508975cc9e1a119aeae"
 		score = 75
 		quality = 90
@@ -19429,8 +19744,8 @@ rule REVERSINGLABS_Cert_Blocklist_0108Cbaee60728F5Bf06E45A56D6F170 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9366-L9382"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9366-L9382"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "52027548e20c819e73ea5e9afd87faaca4498bc39e54dd30ad99a24e3ace57fd"
 		score = 75
 		quality = 90
@@ -19453,8 +19768,8 @@ rule REVERSINGLABS_Cert_Blocklist_038D56A12153E8B5C74C69Bff65Cbe3F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9384-L9400"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9384-L9400"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ed3a81231f93f9d2ae462481503ba37072c3800dd1379baae11737f093a27af1"
 		score = 75
 		quality = 90
@@ -19477,8 +19792,8 @@ rule REVERSINGLABS_Cert_Blocklist_060D94E2Ccae84536654D9Daf39Fef1E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9402-L9418"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9402-L9418"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "49000f3a3ce1ad9aef87162d7527b8f062e0aa12276b82c7335f0ccc14b7d38a"
 		score = 75
 		quality = 90
@@ -19501,8 +19816,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Bc9B800F480691Bd6B60963466B0C75 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9420-L9436"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9420-L9436"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6a498fd30c611976e9aad2f9b85b13c3c29246582cdfefc800615db88e40dac2"
 		score = 75
 		quality = 90
@@ -19525,8 +19840,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C4324Ff41F0A7B16Ffcc93Dffa8Fa99 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9438-L9454"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9438-L9454"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d3ce83fb0497c533a5474d46300c341677ec243686723783798bfbaec4f6e369"
 		score = 75
 		quality = 90
@@ -19549,8 +19864,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B980Fc8783E4F158E41829Ab21Bab81 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9456-L9472"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9456-L9472"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b0f43caec1cfc5b2d1512d7fcf0bcf1e02fc81764b4376b081f38c4de328eab2"
 		score = 75
 		quality = 90
@@ -19573,8 +19888,8 @@ rule REVERSINGLABS_Cert_Blocklist_D8F515715Aeffef0A0E4E37F16C254Fa : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9474-L9492"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9474-L9492"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3c7d57a655f76a6e5ef6b0e770db7c91d0830b6b0b37caef5ef9e3e78ad1fd75"
 		score = 75
 		quality = 90
@@ -19597,8 +19912,8 @@ rule REVERSINGLABS_Cert_Blocklist_D79739187C585E453C00Afc11D77B523 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9494-L9512"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9494-L9512"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6d6db87227d7be559afa67c4f2b65b01f26741fdf337d920241a633bb036426f"
 		score = 75
 		quality = 90
@@ -19621,8 +19936,8 @@ rule REVERSINGLABS_Cert_Blocklist_961Cecb0227845317549E9343A980E91 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9514-L9532"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9514-L9532"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c74512e95e2d6aedecb1dbd30fac6fde40d1e9520c89b785519694d9bc9ba854"
 		score = 75
 		quality = 90
@@ -19645,8 +19960,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Ef6392B2993A6F67578299659467Ea8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9534-L9550"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9534-L9550"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f6b454a575ea7635d5edebffe3c9c83e95312ee33245e733987532348258733e"
 		score = 75
 		quality = 90
@@ -19669,8 +19984,8 @@ rule REVERSINGLABS_Cert_Blocklist_A918455C0D4Da7Ca474F41F11A7Cf38C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9552-L9570"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9552-L9570"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ea30d85c057f9363ce29d4c024097c50a8752dd2095481181322fe5d5c92bb4b"
 		score = 75
 		quality = 90
@@ -19693,8 +20008,8 @@ rule REVERSINGLABS_Cert_Blocklist_936Bc256D2057Ca9B9Ec3034C3Ed0Ee6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9572-L9590"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9572-L9590"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7e90c29bcfe4632e70b61a0cf2ab48a3de986bd5c6c730f64a363f4f3d79a3f4"
 		score = 75
 		quality = 90
@@ -19717,8 +20032,8 @@ rule REVERSINGLABS_Cert_Blocklist_Afe8Fee94B41422E01E4897Bcd52D0A4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9592-L9610"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9592-L9610"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "02c55b182bc9843334baed9c0a7cca2c88cd1de00ca9b47b10ec79b7a5acf9bb"
 		score = 75
 		quality = 90
@@ -19741,8 +20056,8 @@ rule REVERSINGLABS_Cert_Blocklist_718E89Ddb33257Ea77Ba74Be7F2Baf1D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9612-L9628"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9612-L9628"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2f0defa1e1d905d937677e96f2a0955d9737f6976596932cc093fdecfea3fdb0"
 		score = 75
 		quality = 90
@@ -19765,8 +20080,8 @@ rule REVERSINGLABS_Cert_Blocklist_4D3E38F4Aebbc32257450726B29Be117 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9630-L9646"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9630-L9646"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f618547942fcd9b3d1104cb5bedeecec8596fa7cc34bca838b6120085b305d73"
 		score = 75
 		quality = 90
@@ -19789,8 +20104,8 @@ rule REVERSINGLABS_Cert_Blocklist_8F4C49Dae1F1Ff0Ebe9104C6F73242Bd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9648-L9666"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9648-L9666"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a8c99cc30b791a76fe3cd48184bf95ee47abb30bd200128efd2f5295ee18f7b1"
 		score = 75
 		quality = 90
@@ -19813,8 +20128,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ac3C05F1Cb9453De8E7110F589Fb32C0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9668-L9686"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9668-L9686"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6328fd5dbb497c69ddc9151f85754669760b709ecbff3e8f320a40a62ca0dd2c"
 		score = 75
 		quality = 90
@@ -19837,8 +20152,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fbb96A90B6718810311767Ca25Ab1E48 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9688-L9706"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9688-L9706"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "431e3364a42b272d9b71b92dee44cc185ef034a45a0b72bbda82cf7e9b29c355"
 		score = 75
 		quality = 90
@@ -19861,8 +20176,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cfd38423Aef875A10B16644D058297E2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9708-L9726"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9708-L9726"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a2f67cbf31c9db2891892c31a7ed4ce7eccd834bfb10ae70f58e46f8e68e7c17"
 		score = 75
 		quality = 90
@@ -19885,8 +20200,8 @@ rule REVERSINGLABS_Cert_Blocklist_E6C05C5A2222Bf92818324A3A7374Ad3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9728-L9746"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9728-L9746"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bea8fea49144abc109e33a5964bb8e113aa61b4cd70c72a43183cb0840429571"
 		score = 75
 		quality = 90
@@ -19909,8 +20224,8 @@ rule REVERSINGLABS_Cert_Blocklist_75Ce08Bdbad44123299Dbe9D7C1D20De : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9748-L9764"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9748-L9764"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8ba66ab55f9a6755e11a7f39152aa26917271c7f6bc5ffdb42d07ad791fb47d7"
 		score = 75
 		quality = 90
@@ -19933,8 +20248,8 @@ rule REVERSINGLABS_Cert_Blocklist_333705C20B56E57F60B5Eb191Eef0D90 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9766-L9782"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9766-L9782"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "30eeec467b837f6b1759cd0fd6a8bc2e8942f2400df170c671287f4159652479"
 		score = 75
 		quality = 90
@@ -19957,8 +20272,8 @@ rule REVERSINGLABS_Cert_Blocklist_A2A0Ba281262Acce7A00119E25564386 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9784-L9802"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9784-L9802"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f5e3c16f6caaf5f3152d90dc48895d0bbcdb296c368beeebb96157f03a8ded40"
 		score = 75
 		quality = 90
@@ -19981,8 +20296,8 @@ rule REVERSINGLABS_Cert_Blocklist_338483Cc174C16Ebc454A3803Ffd4217 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9804-L9820"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9804-L9820"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7d7dd55eaab15cf458e5e57f0e5fbebdcc9313aee05394310a5cf9d9b4def153"
 		score = 75
 		quality = 90
@@ -20005,8 +20320,8 @@ rule REVERSINGLABS_Cert_Blocklist_Be89936C26Cd0D845074F6B7B47F480C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9822-L9840"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9822-L9840"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "348df24620bfe6322c410cb593f5caad67492b0b5af234ee89b0411beb4b48f9"
 		score = 75
 		quality = 90
@@ -20029,8 +20344,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F20A5155E53Ce20Bb644F646Ed6A2Fd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9842-L9858"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9842-L9858"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "70d57f2c24d4ae6f17339bfb998589a3b10f5dd4b19ac8a5bc99e082145c4ed0"
 		score = 75
 		quality = 90
@@ -20053,8 +20368,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ea734E1Dfb6E69Ed2Bc55E513Bf95B5E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9860-L9878"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9860-L9878"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a18d1c1e5e22c1aa041a4b2d23d2aefcbedbd3517a079d578e1a143ecadb4533"
 		score = 75
 		quality = 90
@@ -20077,8 +20392,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ba67B0De51Ebb9B1179804E75357Ab26 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9880-L9898"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9880-L9898"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "69b9012fc4ab9636d159de49ff452f054030c1157cf70a95512b2a0748dad7c0"
 		score = 75
 		quality = 90
@@ -20101,8 +20416,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cff2B275Ba8A1Dde83Ac7Ff858399A62 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9900-L9918"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9900-L9918"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d37e1d94048339a86b8fa173d3ab753fc5e79329b73df9fda5815cd622c57745"
 		score = 75
 		quality = 90
@@ -20125,8 +20440,8 @@ rule REVERSINGLABS_Cert_Blocklist_D22E026C5B5966F1Cf6Ef00A7C06682E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9920-L9938"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9920-L9938"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "33a05d46b40ffdf49bfa5facca41ebdf6bedcabc1cb1f5b9bf2d043ad1c869b0"
 		score = 75
 		quality = 90
@@ -20149,8 +20464,8 @@ rule REVERSINGLABS_Cert_Blocklist_3054F940C931Bad7B238A24376C6A5Cc : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9940-L9956"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9940-L9956"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "21c8e8f10d1e4b9eb917c86ac868de2afcd5776a9c1d59149df1d07d8c3e14b9"
 		score = 75
 		quality = 90
@@ -20173,8 +20488,8 @@ rule REVERSINGLABS_Cert_Blocklist_A617E23D6Ca8F34E2F7413Cd299Fc72B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9958-L9976"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9958-L9976"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f307a0b598f0876c003aa43db50e024698b6f93931e626c085f98553c14ec2ae"
 		score = 75
 		quality = 90
@@ -20197,8 +20512,8 @@ rule REVERSINGLABS_Cert_Blocklist_387Eeb89B8Bf626Bbf4C7C9F5B998B40 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9978-L9994"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9978-L9994"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2377eeb5316d25752443735e78d0ad7de398a2677f5a0fd45fd6e6c87720d49b"
 		score = 75
 		quality = 90
@@ -20221,8 +20536,8 @@ rule REVERSINGLABS_Cert_Blocklist_292Eb1133507F42E6F36C5549C189D5E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L9996-L10012"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L9996-L10012"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bc3ef217455b74900cae114d25b02325d2bef25c11873342df1dd2369cbce76a"
 		score = 75
 		quality = 90
@@ -20245,8 +20560,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Fbf16A33D26390A15F046C310030Cf0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10014-L10030"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10014-L10030"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "24bee3563e0867ef6702e7f57bbce7075f766410650ae5ce1e2e8c7b14a3eaca"
 		score = 75
 		quality = 90
@@ -20269,8 +20584,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F007898Afcba5F8Af8Ae65D01803617 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10032-L10048"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10032-L10048"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "27610bb3bf069991803611474abf44a3bf82fc9283d0412a1c24ae46a3f5352e"
 		score = 75
 		quality = 90
@@ -20293,8 +20608,8 @@ rule REVERSINGLABS_Cert_Blocklist_E55Be88Ddbd93C423220468D430905Dd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10050-L10068"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10050-L10068"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "05b2f297454e7080591b85991b224193eb89fc5074eb3c2e484ceadad2de4cb7"
 		score = 75
 		quality = 90
@@ -20317,8 +20632,8 @@ rule REVERSINGLABS_Cert_Blocklist_06Bcb74291D96096577Bdb1E165Dce85 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10070-L10086"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10070-L10086"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "00b7ff8f3cbc04c48c71433c384d7a7884b856f261850e33ea4413a12cf5a1b5"
 		score = 75
 		quality = 90
@@ -20341,8 +20656,8 @@ rule REVERSINGLABS_Cert_Blocklist_C8442A8185082Ef1Ed7Dc3Fff2176Aa7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10088-L10106"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10088-L10106"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "74b1b48f0179187ea7bb8ef4663bf13da47f5c6405ecc5589706184564c05727"
 		score = 75
 		quality = 90
@@ -20365,8 +20680,8 @@ rule REVERSINGLABS_Cert_Blocklist_0406C4A1521A38C8D0C4Aa214388E4Dc : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10108-L10124"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10108-L10124"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f6780751ae553771eb57201a8672847a24512e6279b6a4fd843d8ee2f326860a"
 		score = 75
 		quality = 90
@@ -20389,8 +20704,8 @@ rule REVERSINGLABS_Cert_Blocklist_12705Fb66Bc22C68372A1C4E5Fa662E2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10126-L10142"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10126-L10142"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f10316a26e2d34400b7c2e403eab18ab6c1cc94b35f0ac8a3f490d101d29dc8d"
 		score = 75
 		quality = 90
@@ -20413,8 +20728,8 @@ rule REVERSINGLABS_Cert_Blocklist_3B0914E2982Be8980Aa23F49848555E5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10144-L10160"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10144-L10160"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ea7d9fa7817751fef775765b54be5dd4d00c15ca50ac10fb40fb46cc3634c7b0"
 		score = 75
 		quality = 90
@@ -20437,8 +20752,8 @@ rule REVERSINGLABS_Cert_Blocklist_029Bf7E1Cb09Fe277564Bd27C267De5A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10162-L10178"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10162-L10178"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3f64372d11d61c669580d90cdf2201e7f2904fb3d73d27be2ff1559c9c37614a"
 		score = 75
 		quality = 90
@@ -20461,8 +20776,8 @@ rule REVERSINGLABS_Cert_Blocklist_D3Aee8Abb9948844A3Ac1C04Cc7E6Bdf : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10180-L10198"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10180-L10198"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3f3f1d5c871d2b73627d4281ac5bcd08799fb47f94155e82795d97c87de35e40"
 		score = 75
 		quality = 90
@@ -20485,8 +20800,8 @@ rule REVERSINGLABS_Cert_Blocklist_734819463C1195Bd6E135Ce4D5Bf49Bc : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10200-L10216"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10200-L10216"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a63c05cca23b61ba6eabda2b60c617b966a2669fd3a0da30354792e5c1ae2140"
 		score = 75
 		quality = 90
@@ -20509,8 +20824,8 @@ rule REVERSINGLABS_Cert_Blocklist_Db95B22362D46A73C39E0Ac924883C5B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10218-L10236"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10218-L10236"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "895983bcb7f3a0c5ce54504f4a2ff8d652137434b8951380d756de6556d0844e"
 		score = 75
 		quality = 90
@@ -20533,8 +20848,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C48732873Ac8Ccebaf8F0E1E8329Cec : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10238-L10254"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10238-L10254"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7c9476a4119e013c8bb3c14b607090d592feaa5f2fc0f78d810555681d4a3733"
 		score = 75
 		quality = 90
@@ -20557,8 +20872,8 @@ rule REVERSINGLABS_Cert_Blocklist_C51F4Cf4D82Bc920421E1Ad93E39D490 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10256-L10274"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10256-L10274"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cef717e7fe3eb0fb958d405caaf98fa51b22b150ccbf1286d3b4634e9df81ade"
 		score = 75
 		quality = 90
@@ -20581,8 +20896,8 @@ rule REVERSINGLABS_Cert_Blocklist_C96086F1894E6420D2B4Bdeea834C4D7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10276-L10294"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10276-L10294"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "949bbd41ad4c83a05c1f004786cd296e2af80a3a559955ec90a4675cdfa04258"
 		score = 75
 		quality = 90
@@ -20605,8 +20920,8 @@ rule REVERSINGLABS_Cert_Blocklist_06Fa27A121Cc82230C3013Ee634B6C62 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10296-L10312"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10296-L10312"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "23ac7a97e7632536ed27cf9078b6bc1a734f1e991a20a228734b45117582f367"
 		score = 75
 		quality = 90
@@ -20629,8 +20944,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Dd3B2F7957Ba99F4B04Fcdbe03B7Aac : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10314-L10332"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10314-L10332"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d4f1b75dddd47fe8a19bd8e794b4930bdcaf54d63db57422db0a9b631d4f488d"
 		score = 75
 		quality = 90
@@ -20653,8 +20968,8 @@ rule REVERSINGLABS_Cert_Blocklist_061051Ff2A8Afab10347A6F1Ff08Ecb6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10334-L10350"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10334-L10350"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "db3ac3ee326c60e9abc94a2fb53d801637f044e7ab72d69e53958799e48747b7"
 		score = 75
 		quality = 90
@@ -20677,8 +20992,8 @@ rule REVERSINGLABS_Cert_Blocklist_Eda2429083Bfafb04E6E7Bdda1B08834 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10352-L10370"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10352-L10370"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4f7d5c6929fe364c8868fddb28dd7bbf7cdcf3896d57836466af1a538190d11c"
 		score = 75
 		quality = 90
@@ -20701,8 +21016,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A590154B5980E566314122987Dea548 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10372-L10388"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10372-L10388"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d5fdf2bc61fadf3e73bcf1695c48ebc465e614cdd2310f9e5f40648d9615afc4"
 		score = 75
 		quality = 90
@@ -20725,8 +21040,8 @@ rule REVERSINGLABS_Cert_Blocklist_69A72F5591Ad78A0825Fbb9402Ab9543 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10390-L10406"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10390-L10406"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "72ca07b7722f9506c5c42b5e58c5ce9b3a7d607164a5f265015769f2831cd588"
 		score = 75
 		quality = 90
@@ -20749,8 +21064,8 @@ rule REVERSINGLABS_Cert_Blocklist_0883Db137021B51F3A2A08A76A4Bc066 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10408-L10424"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10408-L10424"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5e3c8654169830790665992f5d7669d0ca6c1c8048580b3ae70331ad2a763a6c"
 		score = 75
 		quality = 90
@@ -20773,8 +21088,8 @@ rule REVERSINGLABS_Cert_Blocklist_2B921Aaaba777B5A99507196C6F1C46C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10426-L10442"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10426-L10442"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a00eb9837f7700d83862dff2077d85c68c24621d7aacf857b42587dc37976465"
 		score = 75
 		quality = 90
@@ -20797,8 +21112,8 @@ rule REVERSINGLABS_Cert_Blocklist_0332D5C942869Bdcabf5A8266197Cd14 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10444-L10460"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10444-L10460"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "726ac44dd8109fcd0a9120f6c0673b8ecf7d5b3a4bb81976f48402e21502201a"
 		score = 75
 		quality = 90
@@ -20821,8 +21136,8 @@ rule REVERSINGLABS_Cert_Blocklist_4679C5398A279318365Fd77A84445699 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10462-L10478"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10462-L10478"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bdb68be92b3ba6b5eaa6e8e963529c0b9213942ba2552c687496ad5d12d5b472"
 		score = 75
 		quality = 90
@@ -20845,8 +21160,8 @@ rule REVERSINGLABS_Cert_Blocklist_101D6A5A29D9A77807553Ceac669D853 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10480-L10496"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10480-L10496"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bce92750f71477ecfa7b8213724344708066c0e6133a47cd6758bbd9f8f9da5f"
 		score = 75
 		quality = 90
@@ -20869,8 +21184,8 @@ rule REVERSINGLABS_Cert_Blocklist_6000F8C02B0A15B1E53B8399845Faddf : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10498-L10514"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10498-L10514"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "00ceb241555154cab97ef616042dbd966f3a8fae257e142dfe6bad9559bd1724"
 		score = 75
 		quality = 90
@@ -20893,8 +21208,8 @@ rule REVERSINGLABS_Cert_Blocklist_121070Be1E782F206985543Bc7Bc58B6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10516-L10532"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10516-L10532"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a5d603cf64c8a16fa12daf9c6b5d0850e6145fb39b38442ed724ec0f849b8be9"
 		score = 75
 		quality = 90
@@ -20917,8 +21232,8 @@ rule REVERSINGLABS_Cert_Blocklist_5226A724Cfa0B4Bc0164Ecda3F02A3Dc : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10534-L10550"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10534-L10550"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0ba1155b30761f48674aaa82a70a06fea30cced6518f089f3f9f173a4eb06a09"
 		score = 75
 		quality = 90
@@ -20941,8 +21256,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A7Be7722B65A866Ebcd3Bd7F8F10825 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10552-L10568"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10552-L10568"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c4aa22241ef72d454db4ec0fb0933abfa7b1d8d1029b45410475832cda4a2af4"
 		score = 75
 		quality = 90
@@ -20965,8 +21280,8 @@ rule REVERSINGLABS_Cert_Blocklist_05634456Dbedb3556Ca8415E64815C5D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10570-L10586"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10570-L10586"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f5941c74821c0cd76633393d0346a9de2c7bccc666dc20b34c5b4d733faefc8f"
 		score = 75
 		quality = 90
@@ -20989,8 +21304,8 @@ rule REVERSINGLABS_Cert_Blocklist_2E07A8D6E3B25Ae010C8Ed2C4Ab0Fb37 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10588-L10604"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10588-L10604"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bad2144c9cde02a75fa968e3c24178f3ba73b0addb2b4967f24733b933e0eeb6"
 		score = 75
 		quality = 90
@@ -21013,8 +21328,8 @@ rule REVERSINGLABS_Cert_Blocklist_30B4Eeebd88Fd205Acc8577Bbaed8655 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10606-L10622"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10606-L10622"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "673ec5a1cacb9a7be101a4a533baf5a1eab4e6dd8721c69e56636701c5303c72"
 		score = 75
 		quality = 90
@@ -21037,8 +21352,8 @@ rule REVERSINGLABS_Cert_Blocklist_B3391A6C1B3C6836533959E2384Ab4Ca : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10624-L10642"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10624-L10642"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "38e38acfbfbf63b7179d2f8656f70224afa9269a7bdecd10ccbbbd92a6a216d3"
 		score = 75
 		quality = 90
@@ -21061,8 +21376,8 @@ rule REVERSINGLABS_Cert_Blocklist_05D50A0E09Bb9A836Ffb90A3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10644-L10660"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10644-L10660"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1bd1960cd6dd8bf83472dc2b1809b84ceb3db68a5e6c3ba68f28ad922230b2ed"
 		score = 75
 		quality = 90
@@ -21085,8 +21400,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A2787Fbb4627C91611573E323584113 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10662-L10678"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10662-L10678"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "efa352beafb56b95a89554bc8929f8e01a4da46eef1f6cf8a1487a2a06bc1b3e"
 		score = 75
 		quality = 90
@@ -21109,8 +21424,8 @@ rule REVERSINGLABS_Cert_Blocklist_1D36C4F439D651503589318F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10680-L10696"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10680-L10696"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "73dc3c01041d50100a8d5519afe1a80f470c30175f9ad1bf76ac287ac199a959"
 		score = 75
 		quality = 90
@@ -21133,8 +21448,8 @@ rule REVERSINGLABS_Cert_Blocklist_26F855A25890B749578F13E4B9459768 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10698-L10714"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10698-L10714"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "35bfa39ef8f03d10af884f288278ea6ad3aff31cbae111057c2b619c6dc0a752"
 		score = 75
 		quality = 90
@@ -21157,8 +21472,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F1Ae2239Bb96C5Aef49D0Ae50266912 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10716-L10732"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10716-L10732"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4f88df4fc2f4cd89aa177ce09caab3e2660267ae883f7ab54c22a9ba1657bad0"
 		score = 75
 		quality = 90
@@ -21181,8 +21496,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Deea179F5757Fe529043577762419Df : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10734-L10750"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10734-L10750"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "67c3d3496caf54ca0b1afc4d1dcc902e2f3632ac6708f85e163d427b567d098f"
 		score = 75
 		quality = 90
@@ -21205,8 +21520,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B1F9Ec88D185631Ab032Dbfd5166C0D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10752-L10768"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10752-L10768"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "dec9d43c6911deb5f35c45692bfd6ef47f85d955f5e59041e58a1f0d2fc306e3"
 		score = 75
 		quality = 90
@@ -21229,8 +21544,8 @@ rule REVERSINGLABS_Cert_Blocklist_58Af00Ce542760Fc116B41Fa92E18589 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10770-L10786"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10770-L10786"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0ff773d252e5e0402171ae15d7ab43bcfd313eb8c326ed5f128a89ec43386a52"
 		score = 75
 		quality = 90
@@ -21253,8 +21568,8 @@ rule REVERSINGLABS_Cert_Blocklist_25Ba18A267D6D8E08Ebc6E2457D58D1E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10788-L10804"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10788-L10804"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "174fe170c26a8197486e7b390d9fce4da61fb68ee5dc9486d43dbeb3cf659c3a"
 		score = 75
 		quality = 90
@@ -21277,8 +21592,8 @@ rule REVERSINGLABS_Cert_Blocklist_12Df5Ff3460979Cec1288D874A9Fbf83 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10806-L10822"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10806-L10822"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3d4b5e56962d04bc35451eeab4c1870c8653c9afcbb28dc6bad7cfb1711e9df1"
 		score = 75
 		quality = 90
@@ -21301,8 +21616,8 @@ rule REVERSINGLABS_Cert_Blocklist_Df2547B2Cab5689A81D61De80Eaaa3A2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10824-L10842"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10824-L10842"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cde89ae5b77ff6833fe642bdd74e81763ef068e31c07e7881906e4e4a5939942"
 		score = 75
 		quality = 90
@@ -21325,8 +21640,8 @@ rule REVERSINGLABS_Cert_Blocklist_28B691272719B1Ee : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10844-L10860"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10844-L10860"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0bd973f415b7cfa0858c705c4486da9f181c7259af01d1cff486fb6b8e8e775b"
 		score = 75
 		quality = 90
@@ -21349,8 +21664,8 @@ rule REVERSINGLABS_Cert_Blocklist_1C897216E58E83Cbe74Ad03284E1Fb82 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10862-L10878"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10862-L10878"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6b3b2708d3a442fa6425e60ae900c94fc22fbfdb47f290ff56e9d349d99fd85f"
 		score = 75
 		quality = 90
@@ -21373,8 +21688,8 @@ rule REVERSINGLABS_Cert_Blocklist_5A364C4957D93406F76321C2316F42F0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10880-L10896"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10880-L10896"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fe3a2b906debb3f03e6a403829fca02c751754e9a02442a962c66defb84aed83"
 		score = 75
 		quality = 90
@@ -21397,8 +21712,8 @@ rule REVERSINGLABS_Cert_Blocklist_E7E7F7180666546Ce7A8Da32119F5Ce1 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10898-L10916"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10898-L10916"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "940f6508208998593f309ffeeeda20ab475d427c952a14871b6e58e17d2a4c85"
 		score = 75
 		quality = 90
@@ -21421,8 +21736,8 @@ rule REVERSINGLABS_Cert_Blocklist_062B2827500C5Df35A83F661B3Af5Dd3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10918-L10934"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10918-L10934"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4edc263b08b21428b5f2f4f14f9582c0f96f79cb49fbba563c103bf8bb2037a6"
 		score = 75
 		quality = 90
@@ -21445,8 +21760,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Bf27695Fd20B588F2B2F173B6Caf2Ba : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10936-L10952"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10936-L10952"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "94d8739761b6a8ee91550be47432b046609b076aab6e57996de123a0fcaba73e"
 		score = 75
 		quality = 90
@@ -21469,8 +21784,8 @@ rule REVERSINGLABS_Cert_Blocklist_1B248C8508042D36Bbd5D92D189C61D8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10954-L10970"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10954-L10970"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2c063d0878a8bf6cd637e1dac2cb9164beb52c951e01858a7c3c9c4c1a853f54"
 		score = 75
 		quality = 90
@@ -21493,8 +21808,8 @@ rule REVERSINGLABS_Cert_Blocklist_032660Ee1D49Ad35086027473E2614E5E724 : INFO FI
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10972-L10988"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10972-L10988"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8d1435d2fa70db12cde2f9098e35ca1737f5aac36bac91329b28f03aad090e90"
 		score = 75
 		quality = 90
@@ -21517,8 +21832,8 @@ rule REVERSINGLABS_Cert_Blocklist_043052956E1E6Dbd5F6Ae3D8B82Cad2A2Ed8 : INFO FI
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L10990-L11006"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L10990-L11006"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c29fb109c741437a3739f1c42aadace8f612ef1e3ea90e3e2bdd8a92c85e766a"
 		score = 75
 		quality = 90
@@ -21541,8 +21856,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dbc03Ca7E6Ae6Db6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11008-L11026"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11008-L11026"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0077b9c46ddd98a4929878ba4ba9476ed7fb1d7bf6e30c3ae0f950445d01e8f3"
 		score = 75
 		quality = 90
@@ -21565,8 +21880,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D27332C3Cb3A382A4Fd232C5C66A2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11028-L11044"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11028-L11044"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c1c50015db7f97b530819b40e2578463a6021bfff8e2582858a4c3fbd1a9b9bc"
 		score = 75
 		quality = 90
@@ -21589,8 +21904,8 @@ rule REVERSINGLABS_Cert_Blocklist_82D224323Efa65060B641F51Fadfef02 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11046-L11064"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11046-L11064"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9d361c91ed24b6c20a7b35957e26f208ce8e0a3d79c5a6fed6278acd826ccf49"
 		score = 75
 		quality = 90
@@ -21613,8 +21928,8 @@ rule REVERSINGLABS_Cert_Blocklist_890570B6B0E2868A53Be3F8F904A88Ee : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11066-L11084"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11066-L11084"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fb7af8ec09da2fecaaaed8c7770966f11ef8a44a131553a9d1412387db2fb7ea"
 		score = 75
 		quality = 90
@@ -21637,8 +21952,8 @@ rule REVERSINGLABS_Cert_Blocklist_2642Fe865F7566Ce3123A5142C207094 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11086-L11102"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11086-L11102"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1ad4adf8b05a6cc065d289e6963480d37a92712a318744a30a16aad22380f238"
 		score = 75
 		quality = 90
@@ -21661,8 +21976,8 @@ rule REVERSINGLABS_Cert_Blocklist_4A2E337Fff23E5B2A1321Ffde56D1759 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11104-L11120"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11104-L11120"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bc2df95ddf1ef3d5f83d14852e1cf6cbf4b71bfbe88fc97c2a4553e8581ddf47"
 		score = 75
 		quality = 90
@@ -21685,8 +22000,8 @@ rule REVERSINGLABS_Cert_Blocklist_92D9B92F8Cf7A1Ba8B2C025Be730C300 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11122-L11140"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11122-L11140"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2a0be6157e589705ad19756971bd865edad2d54760d03c2e6f47a461b402ad68"
 		score = 75
 		quality = 90
@@ -21709,8 +22024,8 @@ rule REVERSINGLABS_Cert_Blocklist_B8164F7143E1A313003Ab0C834562F1F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11142-L11160"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11142-L11160"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a42fec2e0e8d37948420f16907f39c3d502c535be98024d04a777dfbc633004d"
 		score = 75
 		quality = 90
@@ -21733,8 +22048,8 @@ rule REVERSINGLABS_Cert_Blocklist_24E4A2B3Db6Be1007B9Ddc91995Bc0C8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11162-L11178"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11162-L11178"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "861691ce7bae4366f3b35d01c84bb0031b54653869f52eaccf20808b1b55d2af"
 		score = 75
 		quality = 90
@@ -21757,8 +22072,8 @@ rule REVERSINGLABS_Cert_Blocklist_881573Fc67Ff7395Dde5Bccfbce5B088 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11180-L11198"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11180-L11198"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ce489a4a2f07181d6fbf295f426deeaf51310e061bac2e56d65b37eeb397ff9a"
 		score = 75
 		quality = 90
@@ -21781,8 +22096,8 @@ rule REVERSINGLABS_Cert_Blocklist_53E1F226Cb77574F8Fbeb5682Da091Bb : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11200-L11216"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11200-L11216"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "591846225d5faf3ee8f3102acaad066f0187219044077bbdaf32345613b00965"
 		score = 75
 		quality = 90
@@ -21805,8 +22120,8 @@ rule REVERSINGLABS_Cert_Blocklist_0772B4D1D63233D2B8771997Bc8Da5C4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11218-L11234"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11218-L11234"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "30586a643b29f3c943b3f35bb1639c5b9fa48ecbd776775086e35af502aa4a7a"
 		score = 75
 		quality = 90
@@ -21829,8 +22144,8 @@ rule REVERSINGLABS_Cert_Blocklist_02B6656292310B84022Db5541Bc48Faf : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11236-L11252"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11236-L11252"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "40b570b28e10ebd2a1ba515dc3fa45bdb5c0b76044e4dda7a6819976072a67a2"
 		score = 75
 		quality = 90
@@ -21853,8 +22168,8 @@ rule REVERSINGLABS_Cert_Blocklist_64C2505C7306639Fc8Eae544B0305338 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11254-L11270"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11254-L11270"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9b6fb002d603135391958668be0ef805e441928a035c9c4da4bb9915aa3086e8"
 		score = 75
 		quality = 90
@@ -21877,8 +22192,8 @@ rule REVERSINGLABS_Cert_Blocklist_2F96A89Bfec6E44Dd224E8Fd7E72D9Bb : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11272-L11288"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11272-L11288"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c0c8e5c0e2e120ee6b055e9a6b2af3d424bed0832c2619beab658fe01757f69f"
 		score = 75
 		quality = 90
@@ -21901,8 +22216,8 @@ rule REVERSINGLABS_Cert_Blocklist_B649A966410F62999C939384Af553919 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11290-L11308"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11290-L11308"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "623a2f931198eacf44fd233065e96a4dcadb5b3bbc7ca56df2b6ae9eafc4faa5"
 		score = 75
 		quality = 90
@@ -21925,8 +22240,8 @@ rule REVERSINGLABS_Cert_Blocklist_45245Eef53Fcf38169C715Cf68F44452 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11310-L11326"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11310-L11326"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7e0c3147e657802e457f6df271b7f5a64c81fd13f936a8935aa991022e4ab238"
 		score = 75
 		quality = 90
@@ -21949,8 +22264,8 @@ rule REVERSINGLABS_Cert_Blocklist_1895433Ee9E2Bd48619D75132262616F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11328-L11344"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11328-L11344"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f00a29ff5dddae40225ab62cb2d4b9dec1539ad58c8cd27d686480eecdb3e31d"
 		score = 75
 		quality = 90
@@ -21973,8 +22288,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Ffc9825644Caf5B1F521780C5C7F42C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11346-L11362"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11346-L11362"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1a9263c809f5633d01d4d4d0091c8dc214bad73af0eff3c9a94b33bca513f26d"
 		score = 75
 		quality = 90
@@ -21997,8 +22312,8 @@ rule REVERSINGLABS_Cert_Blocklist_8D52Fb12A2511E86Bbb0Ba75C517Eab0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11364-L11382"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11364-L11382"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "023830ab3d71ed8ecf8f0e271c56dc267dcd000f5ff156c70d31089cd7010da8"
 		score = 75
 		quality = 90
@@ -22021,8 +22336,8 @@ rule REVERSINGLABS_Cert_Blocklist_332Bd5801E8415585E72C87E0E2Ec71D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11384-L11400"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11384-L11400"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3648c3a8dbcdbd24746b9fa8cb3071d5f5019e5917848d88437158c6cb165445"
 		score = 75
 		quality = 90
@@ -22045,8 +22360,8 @@ rule REVERSINGLABS_Cert_Blocklist_E3B80C0932B52A708477939B0D32186F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11402-L11420"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11402-L11420"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "acdfce4dc25cbc9e9817453d5cf56c7d319bebdf7a039ea47412ec3b2f68cb02"
 		score = 75
 		quality = 90
@@ -22069,8 +22384,8 @@ rule REVERSINGLABS_Cert_Blocklist_C79F817F082986Bef3209F6723C8Da97 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11422-L11440"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11422-L11440"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a5960f4c2ed768ccc5779d3754f51463c7b14a3a887c690944add23fba464f1a"
 		score = 75
 		quality = 90
@@ -22093,8 +22408,8 @@ rule REVERSINGLABS_Cert_Blocklist_1E5Efa53A14599Cc82F56F0790E20B17 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11442-L11458"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11442-L11458"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "78cbfeb5d7b58029a5b4107f2a59e892ff9d71788cf74e88ac823cb85ba35a94"
 		score = 75
 		quality = 90
@@ -22117,8 +22432,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Cf2D0B5Bfdd68Cf777A0C12F806A569 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11460-L11476"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11460-L11476"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4d8fd52cd12f9512c0b148f9915860152f108884d29617a5fbfd62500d3a14c4"
 		score = 75
 		quality = 90
@@ -22141,8 +22456,8 @@ rule REVERSINGLABS_Cert_Blocklist_F675139Ea68B897A865A98F8E4611F00 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11478-L11496"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11478-L11496"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2306e90d376f5de8a4eb6d4a696bc1781686d7094cb0a2db48019ee93c1bf60a"
 		score = 75
 		quality = 90
@@ -22165,8 +22480,8 @@ rule REVERSINGLABS_Cert_Blocklist_4728189Fa0F57793484Cdf764F5E283D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11498-L11514"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11498-L11514"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9ec7e84c77583bd52ccfb8d6d5831f3634ed0a401d8103376c4775b7f2c43d81"
 		score = 75
 		quality = 90
@@ -22189,8 +22504,8 @@ rule REVERSINGLABS_Cert_Blocklist_9Bd81A9Adaf71F1Ff081C1F4A05D7Fd7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11516-L11534"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11516-L11534"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e275a1fd2eb931030fa8b5fc11cd1b335835aaa553a42455053cb93fef5e6e72"
 		score = 75
 		quality = 90
@@ -22213,8 +22528,8 @@ rule REVERSINGLABS_Cert_Blocklist_C81319D20C6F1F1Aec3398522189D90C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11536-L11554"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11536-L11554"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2a9f13f5e79a12f7e9d9d4a0dcaac065e1fc5167c67bc9f3fd7ba1c374b26d96"
 		score = 75
 		quality = 90
@@ -22237,8 +22552,8 @@ rule REVERSINGLABS_Cert_Blocklist_C318D876768258A696Ab9Dd825E27Acd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11556-L11574"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11556-L11574"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "691b57929c93d14f8700e0e61170b9248499fd36b80aec90f2054c32d6a3a9eb"
 		score = 75
 		quality = 90
@@ -22261,8 +22576,8 @@ rule REVERSINGLABS_Cert_Blocklist_06Df5C318759D6Ea9D090Bfb2Faf1D94 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11576-L11592"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11576-L11592"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5f151ee5781a15cca4394fdd8200162eae47e9d088a0b1551c9ed22ce11473a2"
 		score = 75
 		quality = 90
@@ -22285,8 +22600,8 @@ rule REVERSINGLABS_Cert_Blocklist_02De1Cc6C487954592F1Bf574Ca2B000 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11594-L11610"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11594-L11610"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "40b78005d343684d08bb93e92c51eee10e674e8deb9eec290bc9ffe3b23061b1"
 		score = 75
 		quality = 90
@@ -22309,8 +22624,8 @@ rule REVERSINGLABS_Cert_Blocklist_A32B8B4F1Be43C23Eb2848Ab4Ef06Bb2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11612-L11630"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11612-L11630"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "dd7d44349baaf4a2e2f61b38cef31f288110bb03944fd4593f52a0ab03b9d172"
 		score = 75
 		quality = 90
@@ -22333,8 +22648,8 @@ rule REVERSINGLABS_Cert_Blocklist_626735Ed30E50E3E0553986D806Bfc54 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11632-L11648"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11632-L11648"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0a2acf8528a12fd05cf58c2ed5224f7472d14251b342ce4df6d9c10c6a6decfc"
 		score = 75
 		quality = 90
@@ -22357,8 +22672,8 @@ rule REVERSINGLABS_Cert_Blocklist_34D42E871Ddb1C92Fa20B55B384E1259 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11650-L11666"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11650-L11666"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8af5f4abe6425713b7c1fd17deaa78b2cfd6ef73ad960bce883e95661c2dbb56"
 		score = 75
 		quality = 90
@@ -22381,8 +22696,8 @@ rule REVERSINGLABS_Cert_Blocklist_08D4Dc90047B8470Ccaf3924Dfbd8B5F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11668-L11684"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11668-L11684"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "569db2f6d6f4da9985c57812a03f91bce88f2150b17659249e0f746a0d15150b"
 		score = 75
 		quality = 90
@@ -22405,8 +22720,8 @@ rule REVERSINGLABS_Cert_Blocklist_C2Fc83D458E653837Fcfc132C9B03062 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11686-L11704"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11686-L11704"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "836cec8d8396680dd64f95d4dd41f7f5876cb4268d983238a01d2e0990cce74a"
 		score = 75
 		quality = 90
@@ -22429,8 +22744,8 @@ rule REVERSINGLABS_Cert_Blocklist_54C793D2224Bdd6Ca527Bb2B7B9Dfe9D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11706-L11722"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11706-L11722"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "81c9c1d841d4aae3de229cc499ee84920d89928590a3eb157f7a7a7fbc46b4a8"
 		score = 75
 		quality = 90
@@ -22453,8 +22768,8 @@ rule REVERSINGLABS_Cert_Blocklist_8Cece6Df54Cf6Ad63596546D77Ba3581 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11724-L11742"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11724-L11742"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d6b5bca36ef492ce9b79be905c86c66d43ef38701dafeed977229034119bd00d"
 		score = 75
 		quality = 90
@@ -22477,8 +22792,8 @@ rule REVERSINGLABS_Cert_Blocklist_984E84Cfe362E278F558E2C70Aaafac2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11744-L11762"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11744-L11762"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e7a8f3dff77121df53d5f932f861e15208b0607ba77712f40927bc14b17a53cd"
 		score = 75
 		quality = 90
@@ -22501,8 +22816,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ff52Eb011Bb748Fee75153Cbe1E50Dd6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11764-L11782"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11764-L11782"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8c80ed4e4f77df34ff9fcc712deda4c1bbedc588f2b01d02aa705e368fb98c5e"
 		score = 75
 		quality = 90
@@ -22525,8 +22840,8 @@ rule REVERSINGLABS_Cert_Blocklist_84A4A0D0657E217B176B455E2465Aee0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11784-L11802"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11784-L11802"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "92f6e90bd21182bece68ac1651105f96a18c5b1497d30e0040a978e349341bdb"
 		score = 75
 		quality = 90
@@ -22549,8 +22864,8 @@ rule REVERSINGLABS_Cert_Blocklist_B8F726508Cf1D7B7913Bf4Bbd1E5C19C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11804-L11822"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11804-L11822"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ec05c7e41e309aff00ae819c63f5bdc8e4172c611779da345efd211e48c9efb1"
 		score = 75
 		quality = 90
@@ -22573,8 +22888,8 @@ rule REVERSINGLABS_Cert_Blocklist_6A241Ffe96A6349Df608D22C02942268 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11824-L11840"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11824-L11840"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "79db8be7ca3ed80eb1e3a9401e8fec2b83da8b95b16789ed0b59bb7f4639a94d"
 		score = 75
 		quality = 90
@@ -22597,8 +22912,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aa1D84779792B57F91Fe7A4Bde041942 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11842-L11860"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11842-L11860"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "682af8c799acaca531724c5b3184b855e64ec4531fcc333a485ba2f63331cdae"
 		score = 75
 		quality = 90
@@ -22621,8 +22936,8 @@ rule REVERSINGLABS_Cert_Blocklist_3C98B6872Fbb1F4Ae37A4Caa749D24C2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11862-L11878"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11862-L11878"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c534ad306f85e12eca2336e998120deb4ba8d0d63b8331986ec7fe4ac69ba65a"
 		score = 75
 		quality = 90
@@ -22645,8 +22960,8 @@ rule REVERSINGLABS_Cert_Blocklist_E4E795Fd1Fd25595B869Ce22Aa7Dc49F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11880-L11898"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11880-L11898"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ced47bd69b58de9e6b2aa7518ccceca088884acb79c0803c3defe6b115a0abb6"
 		score = 75
 		quality = 90
@@ -22669,8 +22984,8 @@ rule REVERSINGLABS_Cert_Blocklist_E953Ada7E8F1438E5F7680Ff599Ae43E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11900-L11918"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11900-L11918"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7cb7d77abefd35f0756c5aa0983f7403cca4cbacd94dcc6b510c929bc96c8309"
 		score = 75
 		quality = 90
@@ -22693,8 +23008,8 @@ rule REVERSINGLABS_Cert_Blocklist_28C57Df09Ce7Cc3Fde2243Beb4D00101 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11920-L11936"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11920-L11936"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "84402dc0a58fca36424d8d6d13c60b80342bb3792f4e32e23878530264358726"
 		score = 75
 		quality = 90
@@ -22717,8 +23032,8 @@ rule REVERSINGLABS_Cert_Blocklist_2D8Cfcf04209Dc7F771D8D18E462C35A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11938-L11954"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11938-L11954"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2b784e46268d78046365400ef914d7ca673503c93962d0b0740ca2ac9faf7857"
 		score = 75
 		quality = 90
@@ -22741,8 +23056,8 @@ rule REVERSINGLABS_Cert_Blocklist_016836311Fc39Fbb8E6F308Bb03Cc2B3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11956-L11972"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11956-L11972"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c5f6372a207d02283840e745619e93194d954eedff7bae34aadcb645b1cb78fc"
 		score = 75
 		quality = 90
@@ -22765,8 +23080,8 @@ rule REVERSINGLABS_Cert_Blocklist_435Abf46053A0A445C54217A8C233A7F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11974-L11990"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11974-L11990"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "839f55e8fe7a86aad406e657fdef48925543b5d3884927104fd3786444a8fccc"
 		score = 75
 		quality = 90
@@ -22789,8 +23104,8 @@ rule REVERSINGLABS_Cert_Blocklist_B2F9C693A2E6634565F63C79B01Dd8F8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L11992-L12010"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L11992-L12010"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f5ec67c082be21a2495ef90fd0a6d4fc4b1379c4903dcc051d39cf1913d5cf20"
 		score = 75
 		quality = 90
@@ -22813,8 +23128,8 @@ rule REVERSINGLABS_Cert_Blocklist_54A6D33F73129E0Ef059Ccf51Be0C35E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12012-L12028"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12012-L12028"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6fbed9c8537ea2baeb58044a934fc9741730b8a3ae4d059c23b033973d7ff7d3"
 		score = 75
 		quality = 90
@@ -22837,8 +23152,8 @@ rule REVERSINGLABS_Cert_Blocklist_142Aac4217E22B525C8587589773Ba9B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12030-L12046"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12030-L12046"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f169925c27f5e0f8d5f658b83d1b9fa4548c4443b16bd4d7f87aa2b8e44bf06b"
 		score = 75
 		quality = 90
@@ -22861,8 +23176,8 @@ rule REVERSINGLABS_Cert_Blocklist_239664C12Baeb5A6D787912888051392 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12048-L12064"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12048-L12064"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ab2c228088a4c11b3a0f1a5f0acf181cc31e548781cb3f1205475bfbe39c7236"
 		score = 75
 		quality = 90
@@ -22885,8 +23200,8 @@ rule REVERSINGLABS_Cert_Blocklist_0218Ebfd5A9Bfd55D2F661F0D18D1D71 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12066-L12082"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12066-L12082"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4aabe3beab0055b6ef8f6114c5236940f5693b44e94efd14132b450bb9232c03"
 		score = 75
 		quality = 90
@@ -22909,8 +23224,8 @@ rule REVERSINGLABS_Cert_Blocklist_35590Ebe4A02Dc23317D8Ce47A947A9B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12084-L12100"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12084-L12100"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2d4bc88943cdc8af00effab745e64e60ef662c668a0b2193c256d11831ef1554"
 		score = 75
 		quality = 90
@@ -22933,8 +23248,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aa07D4F2857119Cee514A0Bd412F8201 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12102-L12120"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12102-L12120"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fbbea89f2070b2a527bba6199022fbffd269e664b000988a59adf4ca0d4a9f22"
 		score = 75
 		quality = 90
@@ -22957,8 +23272,8 @@ rule REVERSINGLABS_Cert_Blocklist_40F5660A90301E7A8A8C3B42 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12122-L12138"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12122-L12138"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3573d1d5f11df106f1f6f44f8b0164992f2a50707c6df7b08b05ed9ea7d9173b"
 		score = 75
 		quality = 90
@@ -22981,8 +23296,8 @@ rule REVERSINGLABS_Cert_Blocklist_0400C7614F86D75Fe4Ee3F6192B6Feda : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12140-L12156"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12140-L12156"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "47735267e9a0fb8107f6c4008bacc8aada1705f6714a0447dacc3928fc20cad6"
 		score = 75
 		quality = 90
@@ -23005,8 +23320,8 @@ rule REVERSINGLABS_Cert_Blocklist_E573D9C8B403C41Bd59Ffa0A8Efd4168 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12158-L12176"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12158-L12176"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "425126b90fe2ab7c1ec7bf2fd5a91e4438a81992f20f99ed87ec62e7f20043cd"
 		score = 75
 		quality = 90
@@ -23029,8 +23344,8 @@ rule REVERSINGLABS_Cert_Blocklist_B06Bc166Fc765Dacd2F7448C8Cdd9205 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12178-L12196"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12178-L12196"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2c47166f02c7f94bb4f82296e3220ff7ca3c6c53566d855b2fe77cb842a5fb43"
 		score = 75
 		quality = 90
@@ -23053,8 +23368,8 @@ rule REVERSINGLABS_Cert_Blocklist_E9268Ed63A7D7E9Dfd40A664Ddfbaf18 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12198-L12216"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12198-L12216"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fc840c0b37867c3b0aa80d4dc609feaaab77d3f0c6f84c8bb2ea7c5a6461ebb8"
 		score = 75
 		quality = 90
@@ -23077,8 +23392,8 @@ rule REVERSINGLABS_Cert_Blocklist_425Dc3E0Ca8Bcdce19D00D87E3F0Ba28 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12218-L12234"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12218-L12234"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "67a975f2806825bf0da27fcaf33c2ff497fe9bb2af12c22ff505b49070516960"
 		score = 75
 		quality = 90
@@ -23101,8 +23416,8 @@ rule REVERSINGLABS_Cert_Blocklist_Afc0Ddb7Bdc8207E8C3B7204018Eecd3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12236-L12254"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12236-L12254"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "302e2d6b31ca5c2c33c4ec7294630fd88a9c40f70ddecdc606ccff27b24e1cd4"
 		score = 75
 		quality = 90
@@ -23125,8 +23440,8 @@ rule REVERSINGLABS_Cert_Blocklist_38989Ec61Ecdb7391Ff5647F7D58Ad18 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12256-L12272"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12256-L12272"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1795812d4daa458b157280cac7a9b13e9b67a2d78eac077691bbce2bf8aeec34"
 		score = 75
 		quality = 90
@@ -23149,8 +23464,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bc6C43D206A360F2D6B58537C456B709 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12274-L12292"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12274-L12292"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "eb5288d2b96ff7a7783c2b2b02f9f1168784352ed84ad6463dce00c12daca6cb"
 		score = 75
 		quality = 90
@@ -23173,8 +23488,8 @@ rule REVERSINGLABS_Cert_Blocklist_4929Ab561C812Af93Ddb9758B545F546 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12294-L12310"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12294-L12310"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "12235e324b92b83e9cfaed7cbcff5d093b8b1d7528dd5ac327159cde6e9a4d1f"
 		score = 75
 		quality = 90
@@ -23197,8 +23512,8 @@ rule REVERSINGLABS_Cert_Blocklist_25C6Dbce3D5499F65D9Df16E9007465D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12312-L12328"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12312-L12328"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "978f05f86734c63afe1e5929a58f3cfff75ef749ffda07252db90b6fe12508ec"
 		score = 75
 		quality = 90
@@ -23221,8 +23536,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bc6A1812E001362469541108973Bbd52 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12330-L12348"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12330-L12348"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9b678e9fb1e1eda3ac8e027b5e449af446de4379fea46ef7ff820240c73795ee"
 		score = 75
 		quality = 90
@@ -23245,8 +23560,8 @@ rule REVERSINGLABS_Cert_Blocklist_Bde1D6Dc3622724F427A39E6A34F5124 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12350-L12368"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12350-L12368"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f1cf0b6855269a771447a0b38f4a02996b6527d7df4b143b69598ed591719ca0"
 		score = 75
 		quality = 90
@@ -23269,8 +23584,8 @@ rule REVERSINGLABS_Cert_Blocklist_5C9F5F96726A6E6Fc3B8Bb153Ac82Af2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12370-L12386"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12370-L12386"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a61bcc4a90a75a429366e3f93929005b67325eccc6cad3df6b7a0c3692597828"
 		score = 75
 		quality = 90
@@ -23293,8 +23608,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E889Bb3B7F7194B674C6A0335A608E0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12388-L12404"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12388-L12404"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fa2a47f4fb822089fcc958850ce516c8c5d95a6d9b575f3b1d1d4a2ceb2537e4"
 		score = 75
 		quality = 90
@@ -23317,8 +23632,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F62F760704Bdf8Dc30C7Baa7376F484 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12406-L12422"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12406-L12422"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d54d52e116b9404782ce80664f218d2e142577dac672c53c41b82f0466c7375a"
 		score = 75
 		quality = 90
@@ -23341,8 +23656,8 @@ rule REVERSINGLABS_Cert_Blocklist_071202Dbfda40B629C5E7Acac947C2D3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12424-L12440"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12424-L12440"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cc51b0ae6a59f68e61ee0b4ff33ea0e1ee9ef04e4c994e1c98da6befab62a5b9"
 		score = 75
 		quality = 90
@@ -23365,8 +23680,8 @@ rule REVERSINGLABS_Cert_Blocklist_98Ab9585C04D7F0E4Cf4De98C14B684D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12442-L12460"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12442-L12460"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ba43dd15b13623bb99d88c93fb9e751deb95a546325a1142d9137b25430d07fd"
 		score = 75
 		quality = 90
@@ -23389,8 +23704,8 @@ rule REVERSINGLABS_Cert_Blocklist_4631713E66E91347F0388B98Cf747794 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12462-L12478"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12462-L12478"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cb517cda67150b7e17ee3bd946903e8e8eca81742a362032249a2f2387e71c50"
 		score = 75
 		quality = 90
@@ -23413,8 +23728,8 @@ rule REVERSINGLABS_Cert_Blocklist_E963F8983D21B4C1A69C66A9D37498E5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12480-L12498"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12480-L12498"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b7c715e28f003351d10ba53657e9e667b635a0e4433276d91d26f4482a61191d"
 		score = 75
 		quality = 90
@@ -23437,8 +23752,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E44Fcedd49F22F7A28Cecc99104F61A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12500-L12516"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12500-L12516"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "caff0cbca45c0dffb673367585824783371f2f4e31a0c9629afb7de708098892"
 		score = 75
 		quality = 90
@@ -23461,8 +23776,8 @@ rule REVERSINGLABS_Cert_Blocklist_35B49Ee870Aea532E6Ef0A4987105C8F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12518-L12534"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12518-L12534"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a9d8e9db453f40e32a0cb6412db8885db54053fdf3d7908b884361a493f97b1f"
 		score = 75
 		quality = 90
@@ -23485,8 +23800,8 @@ rule REVERSINGLABS_Cert_Blocklist_063Dcd7D7B0Bc77Cac844C7213Be3989 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12536-L12552"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12536-L12552"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "091d00b0731f0a3d9917eee945249f001e4b5b1b603cad2fc21eed70ec86aa99"
 		score = 75
 		quality = 90
@@ -23509,8 +23824,8 @@ rule REVERSINGLABS_Cert_Blocklist_6F8777Aa866142Ad7120E5E1C9321E37 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12554-L12570"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12554-L12570"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ca3ff0c7192ba90932d35d053712816555dea051ce15d29a7ccf4e37da989899"
 		score = 75
 		quality = 90
@@ -23533,8 +23848,8 @@ rule REVERSINGLABS_Cert_Blocklist_4A7F07C5D4Ad2E23F9E8E03F0E229Dd4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12572-L12588"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12572-L12588"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6dc2bfac77117e294cacc772f7bfaea8b2e3caa26a0afd3729d517e91ca20ea5"
 		score = 75
 		quality = 90
@@ -23557,8 +23872,8 @@ rule REVERSINGLABS_Cert_Blocklist_F5F9C8F8C33E4Ce84Dd48Fcb03Ccb075 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12590-L12608"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12590-L12608"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ac3bab3f5a93099f39b0862b419346d1eb3d0f75d86e121ba30626d496c46c57"
 		score = 75
 		quality = 90
@@ -23581,8 +23896,8 @@ rule REVERSINGLABS_Cert_Blocklist_57Fc55239F21F139978609E323097132 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12610-L12626"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12610-L12626"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "030bb847e524e672ee382e0284ba3f027920f60c70bbd153d4b9cdd2669e6a99"
 		score = 75
 		quality = 90
@@ -23605,8 +23920,8 @@ rule REVERSINGLABS_Cert_Blocklist_Eeefec4308Abe63323600E1608F5E6F2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12628-L12646"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12628-L12646"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "71ab4bd7e85155bfbc1612941c5f15c409629b116258c38b79bd808512df006a"
 		score = 75
 		quality = 90
@@ -23629,8 +23944,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ecd460Ce14Bd8Ef2926Da2Cd9A44176 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12648-L12664"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12648-L12664"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "58fa244c125415ef7a3cf0feb79add4db7c84f94c23e5d27e840fb17c18d67ef"
 		score = 75
 		quality = 90
@@ -23653,8 +23968,8 @@ rule REVERSINGLABS_Cert_Blocklist_5E75E997F3D70Bb8C182D56B25B7D836 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12666-L12682"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12666-L12682"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a2c6a57759fb0717951f83a32c00deeae82cad772b6cb7f60fa96232b6b82560"
 		score = 75
 		quality = 90
@@ -23677,8 +23992,8 @@ rule REVERSINGLABS_Cert_Blocklist_D5690D94F15315E143Db10Af35497Dc5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12684-L12702"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12684-L12702"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4ac17d0f0e4ef2bb5f6cda8e7cb07a641d49c83465a0a80c46ff6e0e752d1847"
 		score = 75
 		quality = 90
@@ -23701,8 +24016,8 @@ rule REVERSINGLABS_Cert_Blocklist_8223C74185Add0927246F5E33Ebac467 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12704-L12722"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12704-L12722"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f700b4f7cdfda9f678c3a5259d4293640c50567ec277c5b3db69756534e2007f"
 		score = 75
 		quality = 90
@@ -23725,8 +24040,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dd9E9E1D7C573714E3F567C5380Ae6D0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12724-L12742"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12724-L12742"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7bbcdb989d53bafbb2bdb694be72d4f7305323c01e8f1eafcb7cd889df165ff6"
 		score = 75
 		quality = 90
@@ -23749,8 +24064,8 @@ rule REVERSINGLABS_Cert_Blocklist_3D5E71 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12744-L12760"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12744-L12760"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "aa73ac6569e4bb0084d7b148b2186ec2737a691a133319b21b666aa16bca9f2d"
 		score = 75
 		quality = 90
@@ -23773,8 +24088,8 @@ rule REVERSINGLABS_Cert_Blocklist_C33187Fe848A65E8484Ea492Cb2Cbb18 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12762-L12780"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12762-L12780"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b66d67b74d73a143cb5301b232abd5f0f84f058223d4494b924a25dffb49037a"
 		score = 75
 		quality = 90
@@ -23797,8 +24112,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Fc143Ba34Cabf1De7A4C7F8F4Cdad6D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12782-L12798"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12782-L12798"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ffe25e4478a2245d4e5b330bb9300fb6cb48afb0fe3bd72bd62a589eeee3fe89"
 		score = 75
 		quality = 90
@@ -23821,8 +24136,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Ac6268B2E431A2C1369346D175D0E30 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12800-L12816"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12800-L12816"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "27efaba9bd9cd116f640007c1e951bb77757efbe148b5f953e71d6621d7f16b2"
 		score = 75
 		quality = 90
@@ -23845,8 +24160,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fc4D9178B8Df2C19E269Ac6F43Dd708 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12818-L12834"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12818-L12834"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "41dfe37b464d337268a8bb0e23124df7b50ab966038e8ad33bda81a4d86040ca"
 		score = 75
 		quality = 90
@@ -23869,8 +24184,8 @@ rule REVERSINGLABS_Cert_Blocklist_E01407871E2146C9Baab1Ae7Ab8Ab172 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12836-L12854"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12836-L12854"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1801e7f15bd5f916fc08d263a845d296d334ca9de1040008f619719c1b5c0a3b"
 		score = 75
 		quality = 90
@@ -23893,8 +24208,8 @@ rule REVERSINGLABS_Cert_Blocklist_Effc6D19D6Fc85872E4E5B3Ccee6D301 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12856-L12874"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12856-L12874"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a746c4193f1264cb96eae0ea85c2c76b5caf3b72ca950f76af426b4d68d210b3"
 		score = 75
 		quality = 90
@@ -23917,8 +24232,8 @@ rule REVERSINGLABS_Cert_Blocklist_2F4A25D52B16Eb4C9Dfe71Ebbd8121Bb : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12876-L12892"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12876-L12892"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7b237ae0574afeafcc05f71512c09d3170edbee20e512a1b0af5b431923dc25c"
 		score = 75
 		quality = 90
@@ -23941,8 +24256,8 @@ rule REVERSINGLABS_Cert_Blocklist_6889Aab6202Bcc5F11Caedf4D04F435B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12894-L12910"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12894-L12910"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b2261ed8001929be8f80f73cc0c5076138f4794c73cbffd63773da5fc44639a8"
 		score = 75
 		quality = 90
@@ -23965,8 +24280,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Be63083Fbb1787B445Da97583721419 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12912-L12928"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12912-L12928"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f39f5a632544bc01c3b4c9e2f2dd33f7109c44375f54011a34181e10da79debc"
 		score = 75
 		quality = 90
@@ -23989,8 +24304,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E2D3449272B6B96B8B9F728E87580D5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12930-L12946"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12930-L12946"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0155a8c71bf8426bbb980798772b04c145df5b8c4b60ff1a610a1236a47547ef"
 		score = 75
 		quality = 90
@@ -24013,8 +24328,8 @@ rule REVERSINGLABS_Cert_Blocklist_268C0D7028A154Ac3B6349C5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12948-L12964"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12948-L12964"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8311b36f008e31b7ac27b439fa46da4c90ab4be6c7c89426f8e1939963bc3d7d"
 		score = 75
 		quality = 90
@@ -24037,8 +24352,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Daa8D629Cc0410A9482E62A0F8Bf8Fc : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12966-L12982"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12966-L12982"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cfb2631bc1832f65fb9d77c812bf2a1e05121e825254bd57ae8b21e7b10b2344"
 		score = 75
 		quality = 90
@@ -24061,8 +24376,8 @@ rule REVERSINGLABS_Cert_Blocklist_9A727E200Ea76570 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L12984-L13002"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L12984-L13002"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "337dc486f2bdca1f7682887d5e5c0f82961850a8fd9c9a20b9a43a75334070d8"
 		score = 75
 		quality = 90
@@ -24085,8 +24400,8 @@ rule REVERSINGLABS_Cert_Blocklist_0954A3C876Df9262Cde5817F9870F0C6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13004-L13020"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13004-L13020"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "164b064a9df31d4a122236dfee7b713417a44d47a7f304b2bf55686a7f038feb"
 		score = 75
 		quality = 90
@@ -24109,8 +24424,8 @@ rule REVERSINGLABS_Cert_Blocklist_3C30930E53Bb026F9A5D7440155F7118 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13022-L13038"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13022-L13038"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "260a58669043d21ee0ffccbdee95c9d04ef338497685d42f1951660f658a164d"
 		score = 75
 		quality = 90
@@ -24133,8 +24448,8 @@ rule REVERSINGLABS_Cert_Blocklist_432Eefc0D4Dc0326Eb277A518Cc4310A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13040-L13056"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13040-L13056"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d5a0b7f19f66f18b5ef1c548276b675ead74fed6be94310c303bfad6c85f18be"
 		score = 75
 		quality = 90
@@ -24157,8 +24472,8 @@ rule REVERSINGLABS_Cert_Blocklist_470D6Ce21A6940320261F09E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13058-L13074"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13058-L13074"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cae1d381bf2018a0ce56feb245d01f2bfea55b67894264d32d78dbb41873c792"
 		score = 75
 		quality = 90
@@ -24181,8 +24496,8 @@ rule REVERSINGLABS_Cert_Blocklist_7E6Bc7E5A49E2C28E6F5D042 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13076-L13092"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13076-L13092"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f378c490ff4f32fc095c822f75abac44a8d94327404cd97546c63e7441e07632"
 		score = 75
 		quality = 90
@@ -24205,8 +24520,8 @@ rule REVERSINGLABS_Cert_Blocklist_4C5020899147C850196C4Ebf : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13094-L13110"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13094-L13110"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "112e834a24c50d639f8607740faa609f1a36539058357544e5dbcddf841f3116"
 		score = 75
 		quality = 90
@@ -24229,8 +24544,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Efcf7Adc21F070E590D49Ddb8081397 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13112-L13128"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13112-L13128"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d60a5bbd50484d620ab60cfd40840abc541c2b7bc1005a9076b69ddd1b938652"
 		score = 75
 		quality = 90
@@ -24253,8 +24568,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cbd37C0A651913Ee25A6860D7D5Ccdf2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13130-L13148"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13130-L13148"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "77cc439aea6eaa5a835b6b1aa50904c1df0d5379228e424ab2d68a3cb654834c"
 		score = 75
 		quality = 90
@@ -24277,8 +24592,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Fe0Ad6B03C57Ab67A352159004Ca3Db : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13150-L13166"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13150-L13166"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6f2489421f2effa2089b744f7e137818935fe2339d9216a42686012c51da677b"
 		score = 75
 		quality = 90
@@ -24301,8 +24616,8 @@ rule REVERSINGLABS_Cert_Blocklist_642Ad8E5Ef8B3Ac767F0D5C1A999Bdaa : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13168-L13184"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13168-L13184"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d42d40ca381b99b68a3384cecf585aab2acca66d4e13503d337b1605d587d0b5"
 		score = 75
 		quality = 90
@@ -24325,8 +24640,8 @@ rule REVERSINGLABS_Cert_Blocklist_5333D3079D8Afda715703775E1389991 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13186-L13202"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13186-L13202"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "98bd9d35c4e196a11943826115ab495833f7ef1d95f9736cc24255d6dd4fd21c"
 		score = 75
 		quality = 90
@@ -24349,8 +24664,8 @@ rule REVERSINGLABS_Cert_Blocklist_139A7Ee1F1A7735C151089755Df5D373 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13204-L13220"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13204-L13220"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "86072fef7d1488dc257c3ca8fbb99620ec06f8ecb671b4e20d09d0ce6cc8601d"
 		score = 75
 		quality = 90
@@ -24373,8 +24688,8 @@ rule REVERSINGLABS_Cert_Blocklist_74Dbe83082E1B3Dfa29F9C24 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13222-L13238"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13222-L13238"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1fdf6471d0b869df1a8630108cdaf1cc97d33e91d4726073913cdc54c7cf0042"
 		score = 75
 		quality = 90
@@ -24397,8 +24712,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A466553A6391Aafd181B400266C7B18 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13240-L13256"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13240-L13256"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cb21e5759887904d6a38cd1b363610ebc0bfd9a357050c602210468992815cbe"
 		score = 75
 		quality = 90
@@ -24421,8 +24736,8 @@ rule REVERSINGLABS_Cert_Blocklist_0D3Dec8794Fa7228D1Ee40Eeb8187149 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13258-L13274"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13258-L13274"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "20084dc0b069d65755f859f5aef4be5599d1f066ba006199d3ce803b0d8f041e"
 		score = 75
 		quality = 90
@@ -24445,8 +24760,8 @@ rule REVERSINGLABS_Cert_Blocklist_24Af70B5D17A63Ad053E5821 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13276-L13292"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13276-L13292"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d78f709067c83169484d9dd6e1dd8a88852362da028551d4e55e5703a22e04a7"
 		score = 75
 		quality = 90
@@ -24469,8 +24784,8 @@ rule REVERSINGLABS_Cert_Blocklist_402E9Fcba61E5Eaf9C0C7B3Bfd6259D9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13294-L13310"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13294-L13310"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1bfc2610745a98ebcf0f77504815d9d1c448697fbe407d6c2e075219b401de50"
 		score = 75
 		quality = 90
@@ -24493,8 +24808,8 @@ rule REVERSINGLABS_Cert_Blocklist_2C84F9136059E96134F8766670Eacd52 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13312-L13328"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13312-L13328"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d6778630dcc3e4fe2816e6dee1b823e616f53de8a924057495c7c252948a71b4"
 		score = 75
 		quality = 90
@@ -24517,8 +24832,8 @@ rule REVERSINGLABS_Cert_Blocklist_6716A9C195987D5Cfe53A094779461E7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13330-L13346"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13330-L13346"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "648fd70432a791b3e589f5eda1b1510045b465623914a9762ff3dfb4a3e022f8"
 		score = 75
 		quality = 90
@@ -24541,8 +24856,8 @@ rule REVERSINGLABS_Cert_Blocklist_876C00Bd665Df98B35554F67A5C1C32A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13348-L13366"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13348-L13366"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "90bde1313db78d4166e8c87e7e4111c576880922b1c983f3a842ea030d38a0da"
 		score = 75
 		quality = 90
@@ -24565,8 +24880,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B093Cb60D4B992266F550934A4Ac7D0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13368-L13384"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13368-L13384"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4b634bc706638d72f2d036d41cf092cac538e930d7d407eebc225b482fd64f51"
 		score = 75
 		quality = 90
@@ -24589,8 +24904,8 @@ rule REVERSINGLABS_Cert_Blocklist_2050B54146B011Ed30F60F61 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13386-L13402"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13386-L13402"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "74749317fcefcdb698046a6f42c6c6e05cc1eab1370b3b1fd7d025f49de4a032"
 		score = 75
 		quality = 90
@@ -24613,8 +24928,8 @@ rule REVERSINGLABS_Cert_Blocklist_73E2F34C9C2435F29Bbe0A3C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13404-L13420"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13404-L13420"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "503429e737e8bdad735cf88e2bb2877d1f52b2c38be101a7a129c02db608a347"
 		score = 75
 		quality = 90
@@ -24637,8 +24952,8 @@ rule REVERSINGLABS_Cert_Blocklist_68C457D7495D2A8D0D7B9042836135C2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13422-L13438"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13422-L13438"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3eb63f75f258eec611fa4288302f0ce5e47149ca876265a4a4b65dc33313aaa6"
 		score = 75
 		quality = 90
@@ -24661,8 +24976,8 @@ rule REVERSINGLABS_Cert_Blocklist_6B72Ca367D40Fbef16E73E6Eba6A9A59 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13440-L13456"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13440-L13456"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2b20c16dafcd891c36b28b36093cd3ad3a15f3795f0f2adda61fb0db2835d02d"
 		score = 75
 		quality = 90
@@ -24685,8 +25000,8 @@ rule REVERSINGLABS_Cert_Blocklist_736B7663D322533413F36E3E7E55F920 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13458-L13474"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13458-L13474"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "44e86319106a4bf8edba6c1be2f90d68b3d1ef4591f0cc23921a0dc4da4a407b"
 		score = 75
 		quality = 90
@@ -24709,8 +25024,8 @@ rule REVERSINGLABS_Cert_Blocklist_54A170102461Fdc967Acfafe4Bbbc7F0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13476-L13492"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13476-L13492"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ddae18d566fa2fd077f51d0afff74fb8a8e525f88f23908c7402a4b2c092ad24"
 		score = 75
 		quality = 90
@@ -24733,8 +25048,8 @@ rule REVERSINGLABS_Cert_Blocklist_0C501B8B113209C96C8119Cf7A6B8B79 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13494-L13510"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13494-L13510"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "dca37fda83650979566fb6ffbedaf713955a3c7f03ecc62e2e155475b7ca00e4"
 		score = 75
 		quality = 90
@@ -24757,8 +25072,8 @@ rule REVERSINGLABS_Cert_Blocklist_0300Ee4A4C52443147821A8186D04309 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13512-L13528"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13512-L13528"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8476ece98427c1ffd99d820c25fe664397de2c393473f7d5ee0846d8d840fd9e"
 		score = 75
 		quality = 90
@@ -24781,8 +25096,8 @@ rule REVERSINGLABS_Cert_Blocklist_202Cf8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13530-L13546"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13530-L13546"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "671a4b522761fdff75d1c0c608e8cfb21c7ab538c8c30c8620315bc58ed358e6"
 		score = 75
 		quality = 90
@@ -24805,8 +25120,8 @@ rule REVERSINGLABS_Cert_Blocklist_6651Cc8B4850D4Dec61961503Ea7956B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13548-L13564"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13548-L13564"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "29bfe9c8b340b55a9daa2644e8d55b2b783cc95c85541732e6e0decca8c10ff6"
 		score = 75
 		quality = 90
@@ -24829,8 +25144,8 @@ rule REVERSINGLABS_Cert_Blocklist_25Bef28467E4750331D2F403458113B8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13566-L13582"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13566-L13582"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "dc59fdecf60f3781e92cfe8469be2e0c1cb1cfdd3e9f9757d159667437cb37f5"
 		score = 75
 		quality = 90
@@ -24853,8 +25168,8 @@ rule REVERSINGLABS_Cert_Blocklist_0296Cf3314F434C5B74D0C3E36616Dd1 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13584-L13600"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13584-L13600"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "acf3b7460c79fa71c1b131b26a40bbc286c9da0a5fe7071bbe8b386a3ca91de4"
 		score = 75
 		quality = 90
@@ -24877,8 +25192,8 @@ rule REVERSINGLABS_Cert_Blocklist_045D57D63E13775C8F812E1864797F5A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13602-L13618"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13602-L13618"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d3e61e9a43f5b17ebb08b71dc39648d1f20273a18214f39605f365f9f0f72c10"
 		score = 75
 		quality = 90
@@ -24901,8 +25216,8 @@ rule REVERSINGLABS_Cert_Blocklist_6D633Df9Bb6015Fc3Ecea99Dff309Ee7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13620-L13636"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13620-L13636"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "84e2f427ee79b47db8d0e5f1e2217a7e1c1ea64047e01b4ea6db69f529501f36"
 		score = 75
 		quality = 90
@@ -24925,8 +25240,8 @@ rule REVERSINGLABS_Cert_Blocklist_22E2A66E63B8Cb4Ec6989Bf7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13638-L13654"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13638-L13654"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2099c508d1fd986f34f14aa396a5aaa136e2cdd2226099acdca9c14f6f6342eb"
 		score = 75
 		quality = 90
@@ -24949,8 +25264,8 @@ rule REVERSINGLABS_Cert_Blocklist_654B406De388Ec2Aec253Ff2Ba4C4Bbd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13656-L13672"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13656-L13672"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a1aadaded55c8b0d85ac09ba9ab27fefaeec2969cdabaf26ff0c41bf33422ddc"
 		score = 75
 		quality = 90
@@ -24973,8 +25288,8 @@ rule REVERSINGLABS_Cert_Blocklist_78D1817Ebcf338B4E9C810F9740A726B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13674-L13690"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13674-L13690"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "62e59130ef0ac35b17a265bb8bc2031cac6a75c11925ccb21eb4601b8fbe1a63"
 		score = 75
 		quality = 90
@@ -24997,8 +25312,8 @@ rule REVERSINGLABS_Cert_Blocklist_45Fbcdb1Fbd3D702Fb77257B45D8C58E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13692-L13708"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13692-L13708"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "441e10f49515d75ee9e8983ba4321377fee13a91ca5eeddc08b393136ce8ccfd"
 		score = 75
 		quality = 90
@@ -25021,8 +25336,8 @@ rule REVERSINGLABS_Cert_Blocklist_4B5D8Ed5Ca011679F141F124 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13710-L13726"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13710-L13726"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "39ff0d5fd711524ce181596033d1d51579cd086eb20b87722aebf39623bbaa17"
 		score = 75
 		quality = 90
@@ -25045,8 +25360,8 @@ rule REVERSINGLABS_Cert_Blocklist_33671F1Bcbd0F5E231Fc386F4895000E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13728-L13744"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13728-L13744"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9199c8d76e3390ec9038808b4e88b803b3f3d6966af6206d0c9968d9ab673f31"
 		score = 75
 		quality = 90
@@ -25069,8 +25384,8 @@ rule REVERSINGLABS_Cert_Blocklist_32Bc299F0694C19Ec21E71265B1D7E17 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13746-L13762"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13746-L13762"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cb522e3084d382c451a8b040095e75582675f90dbb588e370f2f0054f4c2d14b"
 		score = 75
 		quality = 90
@@ -25093,8 +25408,8 @@ rule REVERSINGLABS_Cert_Blocklist_7B75C6B0A09Afdb9787F6Dff75Ae7844 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13764-L13780"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13764-L13780"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8fd125a526b3433fbb8a5c6fa74ce0b0e2de8ff789880c355625d4140cd902a2"
 		score = 75
 		quality = 90
@@ -25117,8 +25432,8 @@ rule REVERSINGLABS_Cert_Blocklist_167Fd1295B3Bb102Dbb37292C838E7Cd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13782-L13798"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13782-L13798"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1cc7d441291fd9c4dc37320d411f94fb362523d47d37ab35c20b3ac9d4cd75cb"
 		score = 75
 		quality = 90
@@ -25141,8 +25456,8 @@ rule REVERSINGLABS_Cert_Blocklist_253Ad25E39Abe8F8Fda9Fcf6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13800-L13816"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13800-L13816"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1d46ccaa136cd7be30ffbf0eb09eb6485c543ff4bdbe99fa7ea3846841cbd41b"
 		score = 75
 		quality = 90
@@ -25165,8 +25480,8 @@ rule REVERSINGLABS_Cert_Blocklist_A9C1523Cb2C73A82771D318124963E87 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13818-L13836"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13818-L13836"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "87e314d14361f56935b7a8fb93468cfaf2c73e16c25d68a61ec80ad9334d3115"
 		score = 75
 		quality = 90
@@ -25189,8 +25504,8 @@ rule REVERSINGLABS_Cert_Blocklist_68E1B2C210B19Bb1F2A24176709B165B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13838-L13854"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13838-L13854"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8e88ad992c58d37ff1ac34e2d9cf121f3bc692ae78c0ad79140974abdec2f317"
 		score = 75
 		quality = 90
@@ -25213,8 +25528,8 @@ rule REVERSINGLABS_Cert_Blocklist_5C88313Bd98Bde99C9B9Ac1408A63249 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13856-L13872"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13856-L13872"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f958e46e00bf4ab8ecf071502bcda63a84265029bc9c72cea1eaaf72e9003a84"
 		score = 75
 		quality = 90
@@ -25237,8 +25552,8 @@ rule REVERSINGLABS_Cert_Blocklist_7A632A6Ecfc6C49Ec1F42F76 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13874-L13890"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13874-L13890"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "038badeab61c00476b79684308bf91f8a63716641f2be16fe0a3b25ebd3a9a1e"
 		score = 75
 		quality = 90
@@ -25261,8 +25576,8 @@ rule REVERSINGLABS_Cert_Blocklist_F57Df6A6Eee3854D513D0Ba8585049B7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13892-L13910"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13892-L13910"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "09d5998960fb65eda56cd698c5ff50d87ba7a811cbb128bc7485c0f124e14cba"
 		score = 75
 		quality = 90
@@ -25285,8 +25600,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Ac5Ac5D323122E6D8E92D6E191B1432 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13912-L13928"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13912-L13928"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d5e62d3cdfacfaea70f9ee11230501bb9c4099508077d50a2a143cb69476f02a"
 		score = 75
 		quality = 90
@@ -25309,8 +25624,8 @@ rule REVERSINGLABS_Cert_Blocklist_2433D9Df7Efbccb870Ee5904D62A0101 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13930-L13946"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13930-L13946"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "92a2effe1b94345f52130e4cb1db181f1990e58eaefb9c74375c14249cc1be22"
 		score = 75
 		quality = 90
@@ -25333,8 +25648,8 @@ rule REVERSINGLABS_Cert_Blocklist_462Baada57570F70Df76D10B9E7Bf2B7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13948-L13964"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13948-L13964"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c48207907339ce3fb7b6bc630097761a24495a9d4e69d421f2bdb36ddc92abcb"
 		score = 75
 		quality = 90
@@ -25357,8 +25672,8 @@ rule REVERSINGLABS_Cert_Blocklist_83320D93Dd8Cf16D11F99B1078B0A7Cb : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13966-L13984"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13966-L13984"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "94ec5e05357767cc0c4cd1fc8ff6d1a366359ba699c43f3710204d761e7e707f"
 		score = 75
 		quality = 90
@@ -25381,8 +25696,8 @@ rule REVERSINGLABS_Cert_Blocklist_10Bae1D20Cb4Cc36A0Ffac86 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L13986-L14002"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L13986-L14002"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "44e91fbf4da8e81859a21408ee9f1971f1e8f48d22553fcaa6469156d4a0670b"
 		score = 75
 		quality = 90
@@ -25405,8 +25720,8 @@ rule REVERSINGLABS_Cert_Blocklist_230716Bfe915Dd6203B2E2A35674C2Ee : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14004-L14020"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14004-L14020"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0197ff46ceb1017488da4383436fd0ddc375904f36cc16c5a8ef21d633ec387c"
 		score = 75
 		quality = 90
@@ -25429,8 +25744,8 @@ rule REVERSINGLABS_Cert_Blocklist_36A77D37E68E02Fd3D043C7197E044Ca : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14022-L14038"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14022-L14038"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fc13ac5880cc2c8eac9ff8d09f6c5c2055b2de54d460a284936a4f6cd78192e8"
 		score = 75
 		quality = 90
@@ -25453,8 +25768,8 @@ rule REVERSINGLABS_Cert_Blocklist_73Bff2Fb714F986C1707165F0B0F2E0E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14040-L14056"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14040-L14056"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d79ab926cbc0049d39f5f4c6e57afc71b1a30311a4816fdb66a9c2e257cc84af"
 		score = 75
 		quality = 90
@@ -25477,8 +25792,8 @@ rule REVERSINGLABS_Cert_Blocklist_33B24170694Ca0Cf4D2Bdf4Aadf475A3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14058-L14074"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14058-L14074"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "795bcb46b41ded084e4d12d98e335748ec1db3e0abbbb2d933e819d955075138"
 		score = 75
 		quality = 90
@@ -25501,8 +25816,8 @@ rule REVERSINGLABS_Cert_Blocklist_3A9Bdec10E00E780316Baaebfe7A772C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14076-L14092"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14076-L14092"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ea9bc11efd2969f6b7112338f2b084ea3551e072e46b1162bd47b08be549cdd4"
 		score = 75
 		quality = 90
@@ -25525,8 +25840,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Cad9C37F7Affa8F4D8229F97607E265 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14094-L14110"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14094-L14110"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0f88989c64bece23e7eccf8022e038fdd9c360766de71268cf71616f74adc56c"
 		score = 75
 		quality = 90
@@ -25549,8 +25864,8 @@ rule REVERSINGLABS_Cert_Blocklist_098A57 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14112-L14128"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14112-L14128"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5e203f87dd4608ba5d583e02ce86fbe230e45fff86a7a697766e149d0cf6f436"
 		score = 75
 		quality = 90
@@ -25573,8 +25888,8 @@ rule REVERSINGLABS_Cert_Blocklist_5389Cc6286Da3Bfa1Dc4Df498Bf68361 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14130-L14146"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14130-L14146"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d25d998c980f47f4da065155451503dcbc677ad041af85a6ed7060ecadec66b3"
 		score = 75
 		quality = 90
@@ -25597,8 +25912,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ed9Caeb7911B31Bd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14148-L14166"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14148-L14166"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "02cfdf883212387a465af3e692b29b8d0eb8249e0a260f18bec2f662d775b606"
 		score = 75
 		quality = 90
@@ -25621,8 +25936,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Fd2B19A941B7009Cc728A37Cb1B10B9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14168-L14184"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14168-L14184"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6b5cc47f4df9e57c59bc66c32188e02390d4855a1b9e56bd7471fd641a245c3c"
 		score = 75
 		quality = 90
@@ -25645,8 +25960,8 @@ rule REVERSINGLABS_Cert_Blocklist_2D88C0Af1Fe2609961C171213C03Bd23 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14186-L14202"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14186-L14202"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2d181b9b517732f14d196c1a6c5661d8de4dbbfe6f120954dd3f9dcad00ff0fe"
 		score = 75
 		quality = 90
@@ -25669,8 +25984,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E7Cc176062D91225Cfdcbdf5B5F0Ea5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14204-L14220"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14204-L14220"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1d2ffa7ec3559061432c2aff23f568cb580fb9093d0af7d8a6a0b91add89c9cc"
 		score = 75
 		quality = 90
@@ -25693,8 +26008,8 @@ rule REVERSINGLABS_Cert_Blocklist_Cecedd2Efc985C2Dbf0019669D270079 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14222-L14240"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14222-L14240"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1dfb5959db6929643126a850de84e54a84d7197518cde475c802987721b71020"
 		score = 75
 		quality = 90
@@ -25717,8 +26032,8 @@ rule REVERSINGLABS_Cert_Blocklist_61Fe6F00Bd79684210534050Ff46Bc92 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14242-L14258"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14242-L14258"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e8ebc5de081e2d1e653493a2d85699ebfb5227b7fab656468025c2043903f597"
 		score = 75
 		quality = 90
@@ -25741,8 +26056,8 @@ rule REVERSINGLABS_Cert_Blocklist_0323Cc4E38735B0E6Efba76Ea25C73B7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14260-L14276"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14260-L14276"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "48bda7f61c9705ae70add3940f10d65fc7f7a776cec91a244f0e5bde07303831"
 		score = 75
 		quality = 90
@@ -25765,8 +26080,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F9Aca069Ac1B6Bfb0E14861Ec857Bf6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14278-L14294"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14278-L14294"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d7c9a471455768a00deeb73900bf80a98f0b2c9da1fd09d568e2998deaf404d2"
 		score = 75
 		quality = 90
@@ -25789,8 +26104,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E9D26Dcf703Ca3B140D7E7Ad48312E2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14296-L14312"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14296-L14312"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d8f70ba61509f3df34705bea0bfcb4cce3e92a33f0f1b65315d886eb5592f152"
 		score = 75
 		quality = 90
@@ -25813,8 +26128,8 @@ rule REVERSINGLABS_Cert_Blocklist_4E2523E76Ea455941E75Fb8240474A75 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14314-L14330"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14314-L14330"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e89f722345fda82fd894d34169d1463997ae1d567d46badbf3138faa04cf8fa4"
 		score = 75
 		quality = 90
@@ -25837,8 +26152,8 @@ rule REVERSINGLABS_Cert_Blocklist_6102468293Ba7308D17Efb43Ad6Bfb58 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14332-L14348"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14332-L14348"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c1ae1562595ac6515a071a16195b46db6fad4ee0fe9757d366ee78b914e1de7f"
 		score = 75
 		quality = 90
@@ -25861,8 +26176,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Ded1A7Ff6Da152A98A57A2F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14350-L14366"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14350-L14366"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "20ec1e8e0570eb216304fd8453df315a26d9c170224177c325c10cbefc1993fb"
 		score = 75
 		quality = 90
@@ -25885,8 +26200,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Ce65Ea057B975D2C17Eaf2C2297B1Eb : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14368-L14384"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14368-L14384"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e17988cb2503e285cfe2ea74d7bc61c577d828e14fd5d8d8062e469dc75c449e"
 		score = 75
 		quality = 90
@@ -25909,8 +26224,8 @@ rule REVERSINGLABS_Cert_Blocklist_5D085A9A288549D09Edc4941 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14386-L14402"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14386-L14402"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "dff7c2d727acca753b030d05028590e1a5577121bb2b4c0dcfcb70b4c9d77cbf"
 		score = 75
 		quality = 90
@@ -25933,8 +26248,8 @@ rule REVERSINGLABS_Cert_Blocklist_7D20Dec3797A1Ac30649Ebb184265B79 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14404-L14420"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14404-L14420"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "78c0575a1c9ecf37ef5bac0612c20f96b8641875b0ba786979adc8a77f001a5e"
 		score = 75
 		quality = 90
@@ -25957,8 +26272,8 @@ rule REVERSINGLABS_Cert_Blocklist_187D92861076E469B5B7A19E2A9Fd4Ba : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14422-L14438"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14422-L14438"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7383a7fb31a0a913dff1740015ff702642fbb41d8e5a528a8684c80e66026e9d"
 		score = 75
 		quality = 90
@@ -25981,8 +26296,8 @@ rule REVERSINGLABS_Cert_Blocklist_199A9476Feca3C004Ff889D34545De07 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14440-L14456"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14440-L14456"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "39c6efefcbd78d5e08ffd8d3989cab3bdf273a1847b2a961f9e68c9ee95e85b6"
 		score = 75
 		quality = 90
@@ -26005,8 +26320,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Efe65 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14458-L14474"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14458-L14474"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f849b6899b6766807cfddf99ecb809fe923f35f04de09b62235da352ce6e6e24"
 		score = 75
 		quality = 90
@@ -26029,8 +26344,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Af7E2B6A3Deb99291Dcaf66 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14476-L14492"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14476-L14492"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "270b5655a0f54abceb520eaca714ed4f6d4de720883e2759acd5bb2f027dfd2b"
 		score = 75
 		quality = 90
@@ -26053,8 +26368,8 @@ rule REVERSINGLABS_Cert_Blocklist_45E27C4Dfa5E6175566A13B1B6Ddf3F5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14494-L14510"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14494-L14510"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9bcbb84207984b259463482f094bf0f3815f0d74317b6b864dab44769ff5e7e8"
 		score = 75
 		quality = 90
@@ -26077,8 +26392,8 @@ rule REVERSINGLABS_Cert_Blocklist_37D36A4E61C0Ac68Ceb8Bfcef2Dbf283 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14512-L14528"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14512-L14528"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "41e126600aae5646b808ed0a4294faa9a63e47842e9cde4fee9e5e65919af7ee"
 		score = 75
 		quality = 90
@@ -26101,8 +26416,8 @@ rule REVERSINGLABS_Cert_Blocklist_4321De10738278B93683Ca542407F103 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14530-L14546"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14530-L14546"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2787375605310877891ef924268f4660d1c8aa020e00674c1b1d7eb3c4f5b2fb"
 		score = 75
 		quality = 90
@@ -26125,8 +26440,8 @@ rule REVERSINGLABS_Cert_Blocklist_2A6B2Df210Be14F4E18E10C7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14548-L14564"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14548-L14564"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "24ae1664c35b7947e2e638bf620d9ab572c70df9cdc1403cc00b422a45ff9194"
 		score = 75
 		quality = 90
@@ -26149,8 +26464,8 @@ rule REVERSINGLABS_Cert_Blocklist_412Ab2A50E8028Ddcbc499Ddf45F2045 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14566-L14582"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14566-L14582"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a5b85d13dee51d68af28394ecee3dcc2efe7add4d26c2a8033d1855b33ac6271"
 		score = 75
 		quality = 90
@@ -26173,8 +26488,8 @@ rule REVERSINGLABS_Cert_Blocklist_0747F6A8C3542F954B113Fd98C7607Cf : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14584-L14600"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14584-L14600"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9d5e5c98f3ef372532cfc4f544d5d3f620dc2e49d8b6e1c96df29d2a38042019"
 		score = 75
 		quality = 90
@@ -26197,8 +26512,8 @@ rule REVERSINGLABS_Cert_Blocklist_2572B484Fa0A61Be7288D785D7Bda7D3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14602-L14618"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14602-L14618"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d6b23ba706a640a1e76ad7ab0a70c845c9366ac8355eea5439f76f6993c9c6be"
 		score = 75
 		quality = 90
@@ -26221,8 +26536,8 @@ rule REVERSINGLABS_Cert_Blocklist_6726Bd04204746C46857887F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14620-L14636"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14620-L14636"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "11d25dff7e05e6f97725e919cc6c978d7f2e64a91cf04b72461c71d592dfc2dc"
 		score = 75
 		quality = 90
@@ -26245,8 +26560,8 @@ rule REVERSINGLABS_Cert_Blocklist_4463D8B31E0F87C14233D4D0D2C487A0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14638-L14654"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14638-L14654"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "04ce664fceb4a617294e860d5364d8a4ce8e055fd2baebb8be69f258d9c70ac7"
 		score = 75
 		quality = 90
@@ -26269,8 +26584,8 @@ rule REVERSINGLABS_Cert_Blocklist_387982605E542D6D52F231Ca6F5657Cc : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14656-L14672"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14656-L14672"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d55cfd45bc0d330c0ed433a882874e4633ffbaa0d68288bea9058fe269d75ed9"
 		score = 75
 		quality = 90
@@ -26293,8 +26608,8 @@ rule REVERSINGLABS_Cert_Blocklist_E0134C41E7Eda6863C4Eee5B003976Dd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14674-L14692"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14674-L14692"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fbe34baf52e3fa7d7cdfcfaef9b8851c4cbeb46d17eeade61750e59cf0c13291"
 		score = 75
 		quality = 90
@@ -26317,8 +26632,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B47A4739Dd8Ffe81D9B5307 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14694-L14710"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14694-L14710"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5f35f520d4af26fa648553894a5b0db043d0c32302d94f531b6cb48691396a92"
 		score = 75
 		quality = 90
@@ -26341,8 +26656,8 @@ rule REVERSINGLABS_Cert_Blocklist_4F5A9Bf75Da76B949645475473793A7D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14712-L14728"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14712-L14728"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8c58d30b1b6ef80409d9da5f5f4bc26a8818b01cc388b5966c8b68ed0e4c5a2a"
 		score = 75
 		quality = 90
@@ -26365,8 +26680,8 @@ rule REVERSINGLABS_Cert_Blocklist_081Df56C9A48D02571F08907 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14730-L14746"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14730-L14746"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "25d91f09e0731ab09a05855442b72589eb30e1c7d5e4c0a7af760eea540d786f"
 		score = 75
 		quality = 90
@@ -26389,8 +26704,8 @@ rule REVERSINGLABS_Cert_Blocklist_77D5C1A3E623575999C74409Dc19753C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14748-L14764"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14748-L14764"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "54921ce39a0876511b33ac6fa088c3342e2ea7fa037423fe72825bfe9c83bce6"
 		score = 75
 		quality = 90
@@ -26413,8 +26728,8 @@ rule REVERSINGLABS_Cert_Blocklist_E9756B3F38B1172Ea89Fdbdfdba5F979 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14766-L14784"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14766-L14784"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "997a9433f907896d82f22ae323bf9cfe9aa04a2a49c5505e98adbb34277fcc15"
 		score = 75
 		quality = 90
@@ -26437,8 +26752,8 @@ rule REVERSINGLABS_Cert_Blocklist_09Fb28 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14786-L14802"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14786-L14802"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5ed65d33b73977e869460ba51271aff94811fa2f41e4a2993c47233add2f38dd"
 		score = 75
 		quality = 90
@@ -26461,8 +26776,8 @@ rule REVERSINGLABS_Cert_Blocklist_197Dc32D915458953562D2Fe78Bf2468 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14804-L14820"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14804-L14820"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e61284a74765592fe97b90ca1c260efa46ea31286e6d09ab32d6c664b8271f2a"
 		score = 75
 		quality = 90
@@ -26485,8 +26800,8 @@ rule REVERSINGLABS_Cert_Blocklist_7C0Be3D14787351E3156F5F37F2B3663 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14822-L14838"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14822-L14838"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "66c2cd84fccedd2afef00495c49d0c2844e2e5e190e6a859d2970e8ddb4a35c2"
 		score = 75
 		quality = 90
@@ -26509,8 +26824,8 @@ rule REVERSINGLABS_Cert_Blocklist_05054Fdea356F3Dd7Db479Fa : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14840-L14856"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14840-L14856"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "02ec52e060a6b8b3edfad0a1f5b1f2d6c409645d5233612d0d353ad74bcd4568"
 		score = 75
 		quality = 90
@@ -26533,8 +26848,8 @@ rule REVERSINGLABS_Cert_Blocklist_08Aaa069E92517F21Ce67Ca713F6Ea63 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14858-L14874"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14858-L14874"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "28ad7e9c75a701425003cde4a7eb10fa471394628cd5004412778d8d7cddb50b"
 		score = 75
 		quality = 90
@@ -26557,8 +26872,8 @@ rule REVERSINGLABS_Cert_Blocklist_1B7B54E0Dd4D7E45A0B46834De52658D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14876-L14892"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14876-L14892"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5febbce8c39440bfc4846f509f0b1dd4f71a8b4dc24fa18afb561d26e53c2446"
 		score = 75
 		quality = 90
@@ -26581,8 +26896,8 @@ rule REVERSINGLABS_Cert_Blocklist_B63E4299D0B0E2Dcdaeb976167A23235 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14894-L14912"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14894-L14912"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "da7415d0bc0245dea6a4ec325da5140c79c723c20fb7c04ff14f59a3089a5c88"
 		score = 75
 		quality = 90
@@ -26605,8 +26920,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Dabae616705F5A51152Eac48423F354 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14914-L14930"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14914-L14930"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0bb14ececa3a78e1a2e71cfdee8bc57678251b15151d156ef5fa754b2438ee35"
 		score = 75
 		quality = 90
@@ -26629,8 +26944,8 @@ rule REVERSINGLABS_Cert_Blocklist_50D08F3C9Bf86Fba52Cf592B4Fe6Eacf : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14932-L14948"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14932-L14948"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ca613e4b45b9bb1ef7564b9fc6321bccc0f683298de692a3db2bf841db9010ef"
 		score = 75
 		quality = 90
@@ -26653,8 +26968,8 @@ rule REVERSINGLABS_Cert_Blocklist_7C7Fc3616F3157A28F702Cc1Df275Dcd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14950-L14966"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14950-L14966"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c2dcea21c7a3e3aef6408f11c23edbce6d8f655f298654552a607a9b0caabb28"
 		score = 75
 		quality = 90
@@ -26677,8 +26992,8 @@ rule REVERSINGLABS_Cert_Blocklist_73Ed1B2F4Bf8Dd37A8Ad9Bb775774592 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14968-L14984"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14968-L14984"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "69865935e07ea255a5d690e170911b33574ea61550b00bebc2ceff91ba9a33da"
 		score = 75
 		quality = 90
@@ -26701,8 +27016,8 @@ rule REVERSINGLABS_Cert_Blocklist_211B5Dfe65Bc6F34Bc9D3A54 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L14986-L15002"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L14986-L15002"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cf2e4c0dd98efb77c28b63641196c83e60afc0d6ab64802743c351581506dbb5"
 		score = 75
 		quality = 90
@@ -26725,8 +27040,8 @@ rule REVERSINGLABS_Cert_Blocklist_5400D1C1406528B1Ef625976 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15004-L15020"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15004-L15020"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fbdd37e050d68c4287e897f050a673aea071df105a35b07475d3233da3f03feb"
 		score = 75
 		quality = 90
@@ -26749,8 +27064,8 @@ rule REVERSINGLABS_Cert_Blocklist_013472D7D665557Bfa0Dc21B350A361B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15022-L15038"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15022-L15038"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ab908ef0fca56753bcba8bc85e2fdf5859b4e226c179ec5c6eb6eb3dc4014a8e"
 		score = 75
 		quality = 90
@@ -26773,8 +27088,8 @@ rule REVERSINGLABS_Cert_Blocklist_66C758A22Bfbbce327616815616Ddd07 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15040-L15056"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15040-L15056"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "37f0f64e2d84ef6591e1f07a05abca35b37827d26c828269fb5f38d8546a60a7"
 		score = 75
 		quality = 90
@@ -26797,8 +27112,8 @@ rule REVERSINGLABS_Cert_Blocklist_E61B0366D940896430Bcfe3E93Baac5B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15058-L15076"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15058-L15076"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1b1fd0c2237446ab22c7359d1e89d822a4b9b6ad345447740154d7d52635c2ea"
 		score = 75
 		quality = 90
@@ -26821,8 +27136,8 @@ rule REVERSINGLABS_Cert_Blocklist_6294B8Acc35Dea7D32A95Ac5D4536F8F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15078-L15094"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15078-L15094"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ac92ff8e533121071a620ca5280ae66629576f9c4af9831ddac5bb487e4348af"
 		score = 75
 		quality = 90
@@ -26845,8 +27160,8 @@ rule REVERSINGLABS_Cert_Blocklist_485E4626C32493C16283Cfd9E30D17Ad : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15096-L15112"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15096-L15112"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "faf860786e8473493d24abf6e61cf0b906e98d786516be6d2098181368214020"
 		score = 75
 		quality = 90
@@ -26869,8 +27184,8 @@ rule REVERSINGLABS_Cert_Blocklist_D0312F9177Cd46B943Df3Ef22Db4608B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15114-L15132"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15114-L15132"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2eb955e91c927980cee031c6284e48bad315e891c32cdaf41b844090e841c44d"
 		score = 75
 		quality = 90
@@ -26893,8 +27208,8 @@ rule REVERSINGLABS_Cert_Blocklist_202702 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15134-L15150"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15134-L15150"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bc097e97c1c4c4a71cbf66be811636fecfa23682cb2cc47ab1fcd680a646fb14"
 		score = 75
 		quality = 90
@@ -26917,8 +27232,8 @@ rule REVERSINGLABS_Cert_Blocklist_369A02E5D90B2649040E7F87 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15152-L15168"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15152-L15168"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e2a2e231914f166410580a42ca9d4aac18c5cba94d1f11d22e7acd6d375851d8"
 		score = 75
 		quality = 90
@@ -26941,8 +27256,8 @@ rule REVERSINGLABS_Cert_Blocklist_60497070Ff4A83Bc87Bdea24Da5B431D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15170-L15186"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15170-L15186"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "30998e3f5299a37cdee83b1232249b84dbb3c154ef99237da5ce1b16f9db5da3"
 		score = 75
 		quality = 90
@@ -26965,8 +27280,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A333E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15188-L15204"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15188-L15204"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f76d21e0ae2cf9b28825c813fc509d533c10aba38f8f0c2884365047c1272c1f"
 		score = 75
 		quality = 90
@@ -26989,8 +27304,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Cb6519B2528D006D1Da987153Dad2B3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15206-L15222"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15206-L15222"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "776402fc3a7de4843373bc1981f965fe9c2a9f1fe2374b142a96952fd05a591b"
 		score = 75
 		quality = 90
@@ -27013,8 +27328,8 @@ rule REVERSINGLABS_Cert_Blocklist_621E696C3A6371E77A678Cbf0Ee34Ab2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15224-L15240"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15224-L15240"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "67c9fd92681d6dd1172509113e167e74e07f1f86fd62456758b3e3930180b528"
 		score = 75
 		quality = 90
@@ -27037,8 +27352,8 @@ rule REVERSINGLABS_Cert_Blocklist_21B991 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15242-L15258"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15242-L15258"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "54ca9b19adfc9357a3fb74f0670ad929319c4d06a7de7ae400f8285a31052276"
 		score = 75
 		quality = 90
@@ -27061,8 +27376,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Cc37De5Dbed097F98F56Dbc : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15260-L15276"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15260-L15276"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a2d04275b9fe37308c8f1dca75f4cc3c4a8985930f901e1f46e3ddc2977eea32"
 		score = 75
 		quality = 90
@@ -27085,8 +27400,8 @@ rule REVERSINGLABS_Cert_Blocklist_50F66Ab0D7Ed19B69D48F635E69572Fa : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15278-L15294"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15278-L15294"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "28f71c0572e769d4a0cb289071912bc79cddfd98a3a8161c5400c7bee7090bf5"
 		score = 75
 		quality = 90
@@ -27109,8 +27424,8 @@ rule REVERSINGLABS_Cert_Blocklist_11212F502836A784752160351Defb136Cf09 : INFO FI
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15296-L15312"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15296-L15312"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "63d4c1aaafdf6de14d0ae78035644cf6b0fefab8b0063d2566ca38af9f9498d2"
 		score = 75
 		quality = 90
@@ -27133,8 +27448,8 @@ rule REVERSINGLABS_Cert_Blocklist_2C16Be9A7Ce2A23Ab7A4B4Eb7Da3400C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15314-L15330"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15314-L15330"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "917f324cbe91718efc9b2f41ef947fa8f1a501dde319936774d702d57b1e6b37"
 		score = 75
 		quality = 90
@@ -27157,8 +27472,8 @@ rule REVERSINGLABS_Cert_Blocklist_22Accad235Fb1Ac7422Ebe5Ea7Ac9Bc5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15332-L15348"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15332-L15348"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b348c502aeae036f6d17283260ed4479427f89c8c25f2b6d59e137e90694dbe4"
 		score = 75
 		quality = 90
@@ -27181,8 +27496,8 @@ rule REVERSINGLABS_Cert_Blocklist_4D29757C4Fbfc32B97091D96E3723002 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15350-L15366"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15350-L15366"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "78ede4b02cb1b07500cd0c4f1f33da598938940d0f58430edda00d79b19b16a5"
 		score = 75
 		quality = 90
@@ -27205,8 +27520,8 @@ rule REVERSINGLABS_Cert_Blocklist_3A949Ef03D9Dd2D150B24B274Ff6D7B4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15368-L15384"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15368-L15384"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "88c63a921a300e1b985d084c3ab1a2485713b4c674dafd419d092e5562f121d7"
 		score = 75
 		quality = 90
@@ -27229,8 +27544,8 @@ rule REVERSINGLABS_Cert_Blocklist_954D0577D5Ce8999E0387A5364829F66 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15386-L15404"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15386-L15404"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "84ddc08a0a55200f644778a0e3482f15e82d74c524f12a7ad91b1c3d4acfc731"
 		score = 75
 		quality = 90
@@ -27253,8 +27568,8 @@ rule REVERSINGLABS_Cert_Blocklist_Df5121Dc99D1Ab6B7E5229F6832123Ef : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15406-L15424"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15406-L15424"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3b5e5b81890f1dea3dc0858cade54e7f88a21861818be79c3e7fba066f80d491"
 		score = 75
 		quality = 90
@@ -27277,8 +27592,8 @@ rule REVERSINGLABS_Cert_Blocklist_760Cef386B63406751Ae83A9Eae92342 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15426-L15442"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15426-L15442"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "43b56736afe081a1215db67b933413d7fbafbfc1be8213b330668578921ebca7"
 		score = 75
 		quality = 90
@@ -27301,8 +27616,8 @@ rule REVERSINGLABS_Cert_Blocklist_5C2625Fa836A64F4882C56Cc7A45F0Ed : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15444-L15460"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15444-L15460"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "85e187684d62c33ef6f69323b837ef2d44facab8278b512d7bd6afd49eaed976"
 		score = 75
 		quality = 90
@@ -27325,8 +27640,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Df6Fa580F84493C414Ee0E431086737 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15462-L15478"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15462-L15478"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ef244587c9eb1e1cb2f8a9c161e5dd9ff70e9764586f16e011334400ee400ed9"
 		score = 75
 		quality = 90
@@ -27349,8 +27664,8 @@ rule REVERSINGLABS_Cert_Blocklist_309D2E115F1Fe2993Ee2E063 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15480-L15496"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15480-L15496"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "15fdb95fe5429cdc0263615c2b7c90d21f37b52954c5ce568c1293cd3a544730"
 		score = 75
 		quality = 90
@@ -27373,8 +27688,8 @@ rule REVERSINGLABS_Cert_Blocklist_90E33C1068F54913315B6Ce9311141B9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15498-L15516"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15498-L15516"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4a97171c6dfaa8d249ab0be1ce264b596d266ff4697d869a4d1f90cc0e2c49b7"
 		score = 75
 		quality = 90
@@ -27397,8 +27712,8 @@ rule REVERSINGLABS_Cert_Blocklist_3F15C3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15518-L15534"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15518-L15534"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "03ea946fa99ed7a6ab23cb26dbf514b6c062d63371c9e2a5ddf999acd1954955"
 		score = 75
 		quality = 90
@@ -27421,8 +27736,8 @@ rule REVERSINGLABS_Cert_Blocklist_285Eccbd1D0000E640B84307Ef88Cd9F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15536-L15552"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15536-L15552"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "267df1c327b65938b2b82a53ec8345290659560c69c9a70f2866fe7bd73513a7"
 		score = 75
 		quality = 90
@@ -27445,8 +27760,8 @@ rule REVERSINGLABS_Cert_Blocklist_55Ab71A3F9Dde3Ef20C788Dd1D5Ff6C3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15554-L15570"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15554-L15570"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4bee740eaf359462cd85c6232160c6b1fc3df67acfe731da9978f0b8a304a93f"
 		score = 75
 		quality = 90
@@ -27469,8 +27784,8 @@ rule REVERSINGLABS_Cert_Blocklist_4Beca26210737A5442Ff8B47 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15572-L15588"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15572-L15588"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7a1130413ae8807dc1ec96a6b1c3bac705a1520f7268db2848b997f6f3f9fc9b"
 		score = 75
 		quality = 90
@@ -27493,8 +27808,8 @@ rule REVERSINGLABS_Cert_Blocklist_0F203839A9C63B8798A7Cb31 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15590-L15606"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15590-L15606"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "604ba3fa671cc98e42caf80d07bc9650d193f898413517b46482f183b0f7008a"
 		score = 75
 		quality = 90
@@ -27517,8 +27832,8 @@ rule REVERSINGLABS_Cert_Blocklist_Dc992Ea8E6Bb4926931Df656D5Eef8A0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15608-L15626"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15608-L15626"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2b261624677a1c4a1ef539106bedcef30f272fda3d833d4c8095e9797d592e1f"
 		score = 75
 		quality = 90
@@ -27541,8 +27856,8 @@ rule REVERSINGLABS_Cert_Blocklist_41Bd49Bb456644D8183B3Dae72Ec8F22 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15628-L15644"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15628-L15644"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0516af7b27d244f21c9cea62fe599725d412e385e34f5f3f4f618d565365d321"
 		score = 75
 		quality = 90
@@ -27565,8 +27880,8 @@ rule REVERSINGLABS_Cert_Blocklist_A8D40Da6708679C08Aebddea6D3F6B8A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15646-L15664"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15646-L15664"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "27ec32791eaeccb8aa95d023c4fc8943f0435c32d8a17bde98d7d0b02ba17e59"
 		score = 75
 		quality = 90
@@ -27589,8 +27904,8 @@ rule REVERSINGLABS_Cert_Blocklist_307642E1F3A92C6Cc2E7Fb6E18F2Ddcb : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15666-L15682"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15666-L15682"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8c96fbd10672b0b258a80f3abaf0320540c5ff0a4636f011cfe7cfa8ccc482d0"
 		score = 75
 		quality = 90
@@ -27613,8 +27928,8 @@ rule REVERSINGLABS_Cert_Blocklist_52379131A1C69263C795A7D398Db0997 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15684-L15700"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15684-L15700"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "245e994024e08add755ec704b895286c115ac00eb5aeecde98fce96f35f6e9e0"
 		score = 75
 		quality = 90
@@ -27637,8 +27952,8 @@ rule REVERSINGLABS_Cert_Blocklist_44312Cb9A927B4111360762B4D4Bdd6D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15702-L15718"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15702-L15718"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8e34636ed815812af478dd01eacd5298fa2cfeb420ee2f45e055f557534cae71"
 		score = 75
 		quality = 90
@@ -27661,8 +27976,8 @@ rule REVERSINGLABS_Cert_Blocklist_123A5074069162F4Ed68Fc7D48F464C2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15720-L15736"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15720-L15736"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f55835c7404edab96bc5c8fe3844f3380f1f6bc8b43da1d51213de899629e8f5"
 		score = 75
 		quality = 90
@@ -27685,8 +28000,8 @@ rule REVERSINGLABS_Cert_Blocklist_64Eb04B8Def382B5Efa75F63E0E85Ad0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15738-L15754"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15738-L15754"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "03adb8a9bf2a8f0633b34d5c39816b47e60b9e598208f7de79ad9d9a7ab8cc5e"
 		score = 75
 		quality = 90
@@ -27709,8 +28024,8 @@ rule REVERSINGLABS_Cert_Blocklist_76D8D908Eed2F9857Dc5676A680Ceac9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15756-L15772"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15756-L15772"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "87f9930967d5832d3003672eeb89669b54feed1ca2ea5eec478c50e3cb7a7571"
 		score = 75
 		quality = 90
@@ -27733,8 +28048,8 @@ rule REVERSINGLABS_Cert_Blocklist_083E3F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15774-L15790"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15774-L15790"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6977d48a2e31235d780cba1b84b39a90e409ee8ea5555e01cbc34989ecd3882d"
 		score = 75
 		quality = 90
@@ -27757,8 +28072,8 @@ rule REVERSINGLABS_Cert_Blocklist_79227311Acdd575759198Dbd3544Cca7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15792-L15808"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15792-L15808"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "73e920d51faf7150329ce189d1693c29a2285a02d54fee27e5af5afe3238295b"
 		score = 75
 		quality = 90
@@ -27781,8 +28096,8 @@ rule REVERSINGLABS_Cert_Blocklist_13Ae38C9Ae21A8576C0D024D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15810-L15826"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15810-L15826"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7be892eaf9e2e31442f7ef5ffd296dd17696d6c95d20eb2758ede2c553b05f38"
 		score = 75
 		quality = 90
@@ -27805,8 +28120,8 @@ rule REVERSINGLABS_Cert_Blocklist_557B0Abf44045827F1F36Efbc96271Ec : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15828-L15844"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15828-L15844"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "633e8d6b44d62443d991738fa82b9742ac5634051bba5d0cdb3d6b35d66bdc8f"
 		score = 75
 		quality = 90
@@ -27829,8 +28144,8 @@ rule REVERSINGLABS_Cert_Blocklist_7903870184E18A80899740845A15E2B2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15846-L15862"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15846-L15862"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ad32491b463d0b3b4c85ed78e81bb69802e5f90ae835f73e270b28f02b36f840"
 		score = 75
 		quality = 90
@@ -27853,8 +28168,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Fba9B373F812C16Aef531D4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15864-L15880"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15864-L15880"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8b7340359778e3aa56f6ea300973af74eb77efd54108d2ca2b6b8f04d89a1c39"
 		score = 75
 		quality = 90
@@ -27877,8 +28192,8 @@ rule REVERSINGLABS_Cert_Blocklist_616A5205238590B01D7B761E444E4Ad9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15882-L15898"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15882-L15898"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "463ccd3ace9021569a7a6d5fcbaadf34b15d2b07baf3df526b271b547cf2bbc5"
 		score = 75
 		quality = 90
@@ -27901,8 +28216,8 @@ rule REVERSINGLABS_Cert_Blocklist_29Be2278113Dd062Eadca32De6B242D0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15900-L15916"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15900-L15916"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3df7afba9eda9022a64647ce2a91119d0bdf6fe5b164a1e82b1819409024fbee"
 		score = 75
 		quality = 90
@@ -27925,8 +28240,8 @@ rule REVERSINGLABS_Cert_Blocklist_05F70A557Afd4A443F44D0Baf0Bc8C60 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15918-L15934"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15918-L15934"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3945f515b65ca3ffb6c2b64c884bb2790d703a277e1a5ba128c81bc63ed20a25"
 		score = 75
 		quality = 90
@@ -27949,8 +28264,8 @@ rule REVERSINGLABS_Cert_Blocklist_4E0665D61997072294A70C662F72Eae3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15936-L15952"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15936-L15952"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f07cdfd522db0a92fe1dba30f158b2c89bb5424bdcdfda50ae42fcfddeac19ba"
 		score = 75
 		quality = 90
@@ -27973,8 +28288,8 @@ rule REVERSINGLABS_Cert_Blocklist_74702Dff5D4056B847D009A2265Fb1B3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15954-L15970"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15954-L15970"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8acc57bbf334a48043dbee6fab7b7a54a44801b2ccd0ccd9d14194689c75c021"
 		score = 75
 		quality = 90
@@ -27997,8 +28312,8 @@ rule REVERSINGLABS_Cert_Blocklist_353B1Cf7866Ee0B0Acdd532D0Bb1A220 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15972-L15988"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15972-L15988"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "aa8f0fe1517134b6e562c2accc46420a4f0afd77c3a7bbe98d551c54e68ed4c7"
 		score = 75
 		quality = 90
@@ -28021,8 +28336,8 @@ rule REVERSINGLABS_Cert_Blocklist_093Ff2870Fa33Eaf47259457Ee58C2E0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L15990-L16006"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L15990-L16006"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1aafe547b8645f07498bac6f0ffd6d5aefbac160aa7a6fb8d1d891e70701ce99"
 		score = 75
 		quality = 90
@@ -28045,8 +28360,8 @@ rule REVERSINGLABS_Cert_Blocklist_719C17A823839Dca813Ee85888B3B39A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16008-L16024"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16008-L16024"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a160ada48048e11632082e7538459554d77d31539e53709cd897f3c454af8236"
 		score = 75
 		quality = 90
@@ -28069,8 +28384,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Dc86Ebf5863568E2237B2D89582D705 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16026-L16042"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16026-L16042"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f24cdf890bd0b51a83ca333c37bc22068ab1f7e7ef36b36d94a133773097bd37"
 		score = 75
 		quality = 90
@@ -28093,8 +28408,8 @@ rule REVERSINGLABS_Cert_Blocklist_214Df59Fe53874Cc011Dd45727035F51 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16044-L16060"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16044-L16060"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "96269f41f82621aee029f343acfce70c781bf7713588dfe78fac35a3d1d3f7cd"
 		score = 75
 		quality = 90
@@ -28117,8 +28432,8 @@ rule REVERSINGLABS_Cert_Blocklist_37Ca4F66Fdcc8732992723199859886C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16062-L16078"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16062-L16078"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "190dffc36c17c27c43337d7914683b7bab3ff18a50de5278ed2a66f04b9e395d"
 		score = 75
 		quality = 90
@@ -28141,8 +28456,8 @@ rule REVERSINGLABS_Cert_Blocklist_Be2F22C152Bb218B898C4029056816A9 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16080-L16098"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16080-L16098"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cd99e4d97d9a60f409cf072bbae254486c307ae3cb6e34c5cd9648c972615f36"
 		score = 75
 		quality = 90
@@ -28165,8 +28480,8 @@ rule REVERSINGLABS_Cert_Blocklist_Fc7065Abf8303Fb472B8Af85918F5C24 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16100-L16118"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16100-L16118"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f57ae32d7efd9cd4c0a207897e30b871dc32405c5b9ad844c9bb7eee4827cc5a"
 		score = 75
 		quality = 90
@@ -28189,8 +28504,8 @@ rule REVERSINGLABS_Cert_Blocklist_698Ff388Adb50B88Afb832E76B0A0Ad1 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16120-L16136"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16120-L16136"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b29bc69c8fd9543dba8f7d2a18d52b1bcbb8a8ae6f553d8b232ca74709b9addc"
 		score = 75
 		quality = 90
@@ -28213,8 +28528,8 @@ rule REVERSINGLABS_Cert_Blocklist_391Ae38670Ab188A5De26E07 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16138-L16154"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16138-L16154"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f7ccfadab650ae3b6f950c9d1b35f86aa4a4e6c05479c014ab18881a405678f0"
 		score = 75
 		quality = 90
@@ -28237,8 +28552,8 @@ rule REVERSINGLABS_Cert_Blocklist_D08D83Ff118Df3777E371C5C482Cce7B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16156-L16174"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16156-L16174"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5fdaf01c6a23057ab976e3ad2a8b40558b16693161410b0f30d7b884de7e3985"
 		score = 75
 		quality = 90
@@ -28261,8 +28576,8 @@ rule REVERSINGLABS_Cert_Blocklist_06Ce209477F1Ac19A2049Bdc5846A831 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16176-L16192"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16176-L16192"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "24474c4033a8cad1690160da64b75a1eec570f56e830967256c19574bde59384"
 		score = 75
 		quality = 90
@@ -28285,8 +28600,8 @@ rule REVERSINGLABS_Cert_Blocklist_447F449121B883211663B7B7E2Ead868 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16194-L16210"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16194-L16210"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f473a939d1a27cf53c09d0e4a3753a9444ae3674a55d5b0feafeef6b75dd487f"
 		score = 75
 		quality = 90
@@ -28309,8 +28624,8 @@ rule REVERSINGLABS_Cert_Blocklist_6366A9Ac97Df4De17366943C9B291Aaa : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16212-L16228"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16212-L16228"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "dcdfb78d4d779b1cabcdf5b2da1fa27aaa9faaed4d4967630ce45f30304fe227"
 		score = 75
 		quality = 90
@@ -28333,8 +28648,8 @@ rule REVERSINGLABS_Cert_Blocklist_66E3F0B4459F15Ac7F2A2B44990Dd709 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16230-L16246"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16230-L16246"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a563f1485ae8887c46f45d1366f676894c7db55954671825b37372f786ce0d3d"
 		score = 75
 		quality = 90
@@ -28357,8 +28672,8 @@ rule REVERSINGLABS_Cert_Blocklist_610039D6349Ee531E4Caa3A65D100C7D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16248-L16264"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16248-L16264"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e6b6a90cf40283d2e4d2d9c5732a078c9f2f117e3639ab5c0dd6c5323cb7c9ff"
 		score = 75
 		quality = 90
@@ -28381,8 +28696,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Caa0D0Dadf32A2404A75195Ae47820A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16266-L16282"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16266-L16282"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ab71e485c0b541fae79d246d34b1f4fb146747c1c3fb723aa87a7a32378ff974"
 		score = 75
 		quality = 90
@@ -28405,8 +28720,8 @@ rule REVERSINGLABS_Cert_Blocklist_140D2C515E8Ee9739Bb5F1B2637Dc478 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16284-L16300"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16284-L16300"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e6724fe80959592c8741621ce604518d3e964cee5941257a99dda78b9c8bbdac"
 		score = 75
 		quality = 90
@@ -28429,8 +28744,8 @@ rule REVERSINGLABS_Cert_Blocklist_58015Acd501Fc9C344264Eace2Ce5730 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16302-L16318"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16302-L16318"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7c1bec5059d40fc326bb08775888ed169abc746228eeb42c897f479992c5acab"
 		score = 75
 		quality = 90
@@ -28453,8 +28768,8 @@ rule REVERSINGLABS_Cert_Blocklist_0B7279068Beb15Ffe8060D2C56153C35 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16320-L16336"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16320-L16336"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ca00f1adacd6ff16e54b85be38c3a4545a10c76548e0647f7f3f6cfa4dff412d"
 		score = 75
 		quality = 90
@@ -28477,8 +28792,8 @@ rule REVERSINGLABS_Cert_Blocklist_0Bc0F18Da36702E302Db170D91Dc9202 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16338-L16354"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16338-L16354"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d9ee2cf63a4edb28f894ea49a5b4df9b818d5764d9a74721b1d5222f53859462"
 		score = 75
 		quality = 90
@@ -28501,8 +28816,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ca9B6F49B8B41204A174C751C73Dc393 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16356-L16374"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16356-L16374"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0b6558a7a1b78d471aaadced959ba91e411df50e3cc08e447fe9bd97f9e5cced"
 		score = 75
 		quality = 90
@@ -28525,8 +28840,8 @@ rule REVERSINGLABS_Cert_Blocklist_Aaf65B8E7A2E68Bc8C9E8F27331B795C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16376-L16394"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16376-L16394"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "390d074da09d8e5b4bb2a6f4157a5125474ab5c22de62729d4fc4075edade289"
 		score = 75
 		quality = 90
@@ -28549,8 +28864,8 @@ rule REVERSINGLABS_Cert_Blocklist_C6Ed0Efe2844Fa44Aae350C6845C3331 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16396-L16414"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16396-L16414"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5c4afcd8ceb5cc2f1df2303183ede2081b86365eeee7d4e1319a8ed9a45bbf0b"
 		score = 75
 		quality = 90
@@ -28573,8 +28888,8 @@ rule REVERSINGLABS_Cert_Blocklist_Ede6Cfbf9Fa18337B0Fdb49C1F693020 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16416-L16434"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16416-L16434"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a7f18d0028cbc0001a196bc915b7881244a5833dd65f96dd7d2e8ab1b0622e0c"
 		score = 75
 		quality = 90
@@ -28597,8 +28912,8 @@ rule REVERSINGLABS_Cert_Blocklist_Eda0F47B3B38E781Cdf6Ef6Be5D3F6Ee : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16436-L16454"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16436-L16454"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "af3cd543a6feec3118ba4e5fdc8455584aa763bd8339f036ab332977fc0fb20e"
 		score = 75
 		quality = 90
@@ -28621,8 +28936,8 @@ rule REVERSINGLABS_Cert_Blocklist_5Da173Eb1Ac76340Ac058E1Ff4Bf5E1B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16456-L16472"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16456-L16472"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "71da69fca275caead6a822e6587e0a07fc882f712afeafe18f4a595c269f6737"
 		score = 75
 		quality = 90
@@ -28645,8 +28960,8 @@ rule REVERSINGLABS_Cert_Blocklist_1380A7Ccf2Bf36Bc496B00D8 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16474-L16490"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16474-L16490"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "88708d7d139a9d6e92f78df460b527a1ae6a404d0bcccb801c8c8cb1263a46c6"
 		score = 75
 		quality = 90
@@ -28669,8 +28984,8 @@ rule REVERSINGLABS_Cert_Blocklist_02Eaf27E6F1575E365Fc7Fe4E0Be43F7 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16492-L16508"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16492-L16508"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "333a43bdfbc400727b8eae1efeb03484b959fc45ed6b8b0dd5e6a553fa27e87f"
 		score = 75
 		quality = 90
@@ -28693,8 +29008,8 @@ rule REVERSINGLABS_Cert_Blocklist_6Eb02Ac2Beb9611Ed57Eb12E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16510-L16526"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16510-L16526"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7f2a6c61ae82fec6829924d11190da776aebdd3d72c7e001fdc29b215649261c"
 		score = 75
 		quality = 90
@@ -28717,8 +29032,8 @@ rule REVERSINGLABS_Cert_Blocklist_010000000001297Dba69Dd : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16528-L16544"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16528-L16544"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bbc3e740d5043d1811ff44c7366c69192fb78c95215b30fd4f4c782812ad591c"
 		score = 75
 		quality = 90
@@ -28741,8 +29056,8 @@ rule REVERSINGLABS_Cert_Blocklist_7Def22Ef4C645B1Decfb36B6D3539Dbf : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16546-L16562"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16546-L16562"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "655ed87ee65f937c7cec95085fe612f8d733e0853c87aa50b4aa1fda9e5f7a5d"
 		score = 75
 		quality = 90
@@ -28765,8 +29080,8 @@ rule REVERSINGLABS_Cert_Blocklist_3E39C2Ccc494438Bb8C2560F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16564-L16580"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16564-L16580"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3b4a55149b3895eeea5f96297d1fc9787eb74e2fcef8170148ef1a2ced334311"
 		score = 75
 		quality = 90
@@ -28789,8 +29104,8 @@ rule REVERSINGLABS_Cert_Blocklist_6E3B09F43C3A0Fd53B7D600F08Fae2B5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16582-L16598"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16582-L16598"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "86b06519858dce4b77cb870905297a1fd1c767053fd07c0b0469eb7fc3ba6b32"
 		score = 75
 		quality = 90
@@ -28813,8 +29128,8 @@ rule REVERSINGLABS_Cert_Blocklist_21220646C639D62C16992F46 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16600-L16616"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16600-L16616"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "87202c29867e6410d59c1e3b5ab09a24ebac5c68c61d7b932b91a91dcf3707e2"
 		score = 75
 		quality = 90
@@ -28837,8 +29152,8 @@ rule REVERSINGLABS_Cert_Blocklist_738663F2C9E4Adb3Ad5306Aa5E7Cc548 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16618-L16634"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16618-L16634"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "518a22e31432ee42e6aceb861815f7f9e84f2430b7fb3a78b498e45c584584ab"
 		score = 75
 		quality = 90
@@ -28861,8 +29176,8 @@ rule REVERSINGLABS_Cert_Blocklist_4280F2C8Ce1D98E5F8Da7Ecb005Eeae5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16636-L16652"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16636-L16652"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4cc8f00a9704f595f3e48375942a19cd6f8d6c0e53afc932a61f5a4326be4bcb"
 		score = 75
 		quality = 90
@@ -28885,8 +29200,8 @@ rule REVERSINGLABS_Cert_Blocklist_2946397Be9C5Ae44E95C99Af : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16654-L16670"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16654-L16670"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b7b4925482fcc47dea81eb3d84af31cc572f1b19080b98dda330b0bf6d7c80f4"
 		score = 75
 		quality = 90
@@ -28909,8 +29224,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Df453588177Cf1C0C297Ff4 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16672-L16688"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16672-L16688"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b0c82388fd87a89841d190ce4020cc5a2ea21c9d765ceca6bc25d64162479231"
 		score = 75
 		quality = 90
@@ -28933,8 +29248,8 @@ rule REVERSINGLABS_Cert_Blocklist_0619C5E39A4Fc60A32F9B07F6A4Ca328 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16690-L16706"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16690-L16706"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "75e3dfd593d7fdc268de54430be617c015957a624f2ca36bc0036d4cbde5b686"
 		score = 75
 		quality = 90
@@ -28957,8 +29272,8 @@ rule REVERSINGLABS_Cert_Blocklist_2Bffef48E6A321B418041310Fdb9B0D0 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16708-L16724"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16708-L16724"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "30a079b55b75b292f7af4f5ae99184cbb3cca1ce4cf20f2f5c961b533673db00"
 		score = 75
 		quality = 90
@@ -28981,8 +29296,8 @@ rule REVERSINGLABS_Cert_Blocklist_34Ec9565805F34204C6966Fb81E36Ba1 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16726-L16742"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16726-L16742"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e434a02f5b9b22a25d8fe7a0bb7bd81b1cd8bc5356b4b626e3bfceb3f554a085"
 		score = 75
 		quality = 90
@@ -29005,8 +29320,8 @@ rule REVERSINGLABS_Cert_Blocklist_B2B934B7F01E0Ac1E577814992243709 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16744-L16762"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16744-L16762"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "37b254ab76d144c09cc7b622dba59f5e372bf01ae12ce260a06143abb52062f6"
 		score = 75
 		quality = 90
@@ -29029,8 +29344,8 @@ rule REVERSINGLABS_Cert_Blocklist_3A1B397Fd9451E3B5891Fc69681Ed73D : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16764-L16780"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16764-L16780"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ca43c7bacd8cb5a896c3135abf4a131bdb4a7f5093e64c8d1df743fad0c1c64a"
 		score = 75
 		quality = 90
@@ -29053,8 +29368,8 @@ rule REVERSINGLABS_Cert_Blocklist_1Eb816Aa49E4894D9E9F78729E53Cd48 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16782-L16798"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16782-L16798"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4e22568612aec050c7f78b81ba6749528a9c25c0ba43e14260a581a9bea7a2f0"
 		score = 75
 		quality = 90
@@ -29077,8 +29392,8 @@ rule REVERSINGLABS_Cert_Blocklist_383Ca88D6D9379C740609560 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16800-L16816"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16800-L16816"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ce41d046a7ca320d034fa226b5e8c22022cc6bfc97eb9ef294b1aca232aaacef"
 		score = 75
 		quality = 90
@@ -29101,8 +29416,8 @@ rule REVERSINGLABS_Cert_Blocklist_6731Cb1430F18B8C0C43Ab40E1154169 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16818-L16834"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16818-L16834"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c05349166919ffc18ac6ecb61b822a8365f87a82164c5e110ef94345bdc4de6f"
 		score = 75
 		quality = 90
@@ -29125,8 +29440,8 @@ rule REVERSINGLABS_Cert_Blocklist_159505E6456B9A9352F7C47168D89B96 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16836-L16852"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16836-L16852"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d6d0d5c86dd88afa29fb3c7cc3c0ab2e3401637a23e062ee9bab693a715cf16f"
 		score = 75
 		quality = 90
@@ -29149,8 +29464,8 @@ rule REVERSINGLABS_Cert_Blocklist_04A0E92B0B9Ebbb797Df6Ef52Bd5Ad05 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16854-L16870"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16854-L16870"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ff2a2d06c48bd3426fa42526d966152e3e7166c4170b4e08bb65ee5d876eda93"
 		score = 75
 		quality = 90
@@ -29173,8 +29488,8 @@ rule REVERSINGLABS_Cert_Blocklist_25F222Ab2613Dc4270B2Aabc2519A101 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16872-L16888"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16872-L16888"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2c6673f6821c4ba11fc015cf3e9edefeb7c45209bc9dcd18501c4681444a9b9e"
 		score = 75
 		quality = 90
@@ -29197,8 +29512,8 @@ rule REVERSINGLABS_Cert_Blocklist_212Ca239866F88C3D5B000B3004A569C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16890-L16906"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16890-L16906"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "23ab2343b17dce74fb4166a690ca5dd300b3ed20d3a6b43b922f456410d3035d"
 		score = 75
 		quality = 90
@@ -29221,8 +29536,8 @@ rule REVERSINGLABS_Cert_Blocklist_18B700A319Aa98Ae71B279D4E8030B82 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16908-L16924"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16908-L16924"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e201498acfd9afebc68321887a806bb5c1d74c64a7cd93530feae2a944bd30fa"
 		score = 75
 		quality = 90
@@ -29245,8 +29560,8 @@ rule REVERSINGLABS_Cert_Blocklist_169138A86954Be1D9B264F47 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16926-L16942"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16926-L16942"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1584e39b4e2025611bcb7bbbd92b97d25d12ddbb1e5c282db87730a03f7f56b1"
 		score = 75
 		quality = 90
@@ -29269,8 +29584,8 @@ rule REVERSINGLABS_Cert_Blocklist_33412168Eeb3C0E4C7Dd0508A9Ffecd5 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16944-L16960"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16944-L16960"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d634af0637c3349fe1718ee807b8a75007ab46b141494331901a22ce54e9fc5d"
 		score = 75
 		quality = 90
@@ -29293,8 +29608,8 @@ rule REVERSINGLABS_Cert_Blocklist_422Ab71Ac7Fb125Ad7171B0C99510B0E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16962-L16978"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16962-L16978"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7366e5064a9a9f66260730575327e404eadea096ba3f6cf28c83c47bef9bca58"
 		score = 75
 		quality = 90
@@ -29317,8 +29632,8 @@ rule REVERSINGLABS_Cert_Blocklist_6F18946E5B773B7E32D9E7B4Fb8D434C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16980-L16996"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16980-L16996"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fa285c17b43d1acdb05888074ecb16047209ade8f7f6191274f58eca7438dadf"
 		score = 75
 		quality = 90
@@ -29341,8 +29656,8 @@ rule REVERSINGLABS_Cert_Blocklist_3596Dfc23B9A42C66700982250Da2906 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L16998-L17014"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L16998-L17014"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1b69bf520fde5255069cf8752d5c67716e9bc297ddde1566551a563a563197ea"
 		score = 75
 		quality = 90
@@ -29365,8 +29680,8 @@ rule REVERSINGLABS_Cert_Blocklist_486Bbddc8C5Ee99F051Ecaeb3F99D2A3 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17016-L17032"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17016-L17032"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "75855e26ba4e01b56a551a006e789c6032cfb02c6f6125a9bdf8becb848db5b2"
 		score = 75
 		quality = 90
@@ -29389,8 +29704,8 @@ rule REVERSINGLABS_Cert_Blocklist_11211Eea9D0D1D1A325B5Eae1B2B1951120F : INFO FI
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17034-L17050"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17034-L17050"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bafab986605be61d25a6764042937bc5d8c55196ea8ea9aa9360764d9681351b"
 		score = 75
 		quality = 90
@@ -29413,8 +29728,8 @@ rule REVERSINGLABS_Cert_Blocklist_172Fea8Cb06Ffced6Bfac7F2F6B77754 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17052-L17068"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17052-L17068"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8e1e3e7d002ce084600c5444dc9b0bad8771370cb7919a3bb5ebc899040e4cf2"
 		score = 75
 		quality = 90
@@ -29437,8 +29752,8 @@ rule REVERSINGLABS_Cert_Blocklist_3Ee50Bb98Fadca2D662A0920E76685A2 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17070-L17086"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17070-L17086"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d232923ed962fbf4a9a30890778c2380d6c6967a693c6f77c2f558bb4347e60e"
 		score = 75
 		quality = 90
@@ -29461,8 +29776,8 @@ rule REVERSINGLABS_Cert_Blocklist_21Bfddb6A66435D1Adce2Ceb23Ed7C9A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17088-L17104"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17088-L17104"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "22ad68974a1c6729da369c26372ba93c25ddf68df880580c727bf2d3ee2d3a86"
 		score = 75
 		quality = 90
@@ -29485,8 +29800,8 @@ rule REVERSINGLABS_Cert_Blocklist_5B1C3F7Bbaa91Ca49B06A5C1004Ee5Be : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17106-L17122"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17106-L17122"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9a8d9acc87668a6fbd9fdd52b6ef69d18de8f19d8f3d3ca8eeb630c6e8c25c65"
 		score = 75
 		quality = 90
@@ -29509,8 +29824,8 @@ rule REVERSINGLABS_Cert_Blocklist_0A2089 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17124-L17140"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17124-L17140"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "07ce4d39af1e56fbbfa400cf139956826999043480f93c0fc43ed056f6420d7f"
 		score = 75
 		quality = 90
@@ -29533,8 +29848,8 @@ rule REVERSINGLABS_Cert_Blocklist_1F84E030A0Ed10D5Ffe2B81B : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17142-L17158"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17142-L17158"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "097655cb2965ae71efb905ddf20ed30c240d25e03d08a1b6c87b472533ccc9d8"
 		score = 75
 		quality = 90
@@ -29557,8 +29872,8 @@ rule REVERSINGLABS_Cert_Blocklist_88346267057C0A82E2F39851D1B9694C : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17160-L17178"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17160-L17178"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "60acdbad8ad3e1d4a863ce160d93abd0b5e2b214858cba84f7a1b907d2491486"
 		score = 75
 		quality = 90
@@ -29581,8 +29896,8 @@ rule REVERSINGLABS_Cert_Blocklist_A46F9D8784778Baa48167C48Bbc56F30 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17180-L17198"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17180-L17198"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fffb6309355bc6764b0ab033db5964599c86c9a2f6d8985975a07f6b3ebb40ed"
 		score = 75
 		quality = 90
@@ -29605,8 +29920,8 @@ rule REVERSINGLABS_Cert_Blocklist_525B5529Db20D17A85Be284D6B7952Ea : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17200-L17216"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17200-L17216"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8fd406004b634e4826659b1dff88c61074fd321969b9fd63ea45d8e9608b35f1"
 		score = 75
 		quality = 90
@@ -29629,8 +29944,8 @@ rule REVERSINGLABS_Cert_Blocklist_70Ae0E517D2Ef6D5Eed06B56730A1A9A : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17218-L17234"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17218-L17234"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "017eed878daf706eb96b638a8d1f4428466bc1d00ce27f32628bd249a658a813"
 		score = 75
 		quality = 90
@@ -29653,8 +29968,8 @@ rule REVERSINGLABS_Cert_Blocklist_57C3717C5E2Ce9A2E0Cf0340C03F458E : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17236-L17252"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17236-L17252"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fd710146874528c43ad8a9f847b7704c44ba4564cf79e20e6b23aa98b0ee2ea5"
 		score = 75
 		quality = 90
@@ -29677,8 +29992,8 @@ rule REVERSINGLABS_Cert_Blocklist_0761110Efe0B688C469D687512828C1F : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17254-L17270"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17254-L17270"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0ba60e1f58c7335ba5aa261031d09ee83a0ee51e05f8f26078b2a5c776ad0add"
 		score = 75
 		quality = 90
@@ -29701,8 +30016,8 @@ rule REVERSINGLABS_Cert_Blocklist_08Aa03F385F870E3A6D243B74B1Dadf6 : INFO FILE
 		date = "2023-11-08"
 		modified = "2023-11-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/certificate/blocklist.yara#L17272-L17288"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/certificate/blocklist.yara#L17272-L17288"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ef49a28a93d31c55dd2dfd3bec645f757a0a1a7eb8718ce92cf47bf9af126aed"
 		score = 75
 		quality = 90
@@ -29725,8 +30040,8 @@ rule REVERSINGLABS_Win32_Exploit_CVE20200601 : TC_DETECTION MALICIOUS EXPLOIT CV
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/exploit/Win32.Exploit.CVE20200601.yara#L3-L253"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/exploit/Win32.Exploit.CVE20200601.yara#L3-L253"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e4d915560ad72e0fde63276f9ffece00535c7983125efaa8298adc11d5e54817"
 		score = 75
 		quality = 88
@@ -29951,8 +30266,8 @@ rule REVERSINGLABS_Win32_Ransomware_Medusalocker : TC_DETECTION MALICIOUS MALWAR
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.MedusaLocker.yara#L1-L174"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.MedusaLocker.yara#L1-L174"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "73f915d476d1411d2e008d00c5ffa03596e3b62bcdbc4d91dc7226599a066c08"
 		score = 75
 		quality = 90
@@ -30104,8 +30419,8 @@ rule REVERSINGLABS_Win32_Ransomware_Afrodita : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Afrodita.yara#L1-L119"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Afrodita.yara#L1-L119"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ce7cc445d4c1f59c25b9505fc1f7f9dd0d286ab80510e2977b50ff15433aea60"
 		score = 75
 		quality = 90
@@ -30210,8 +30525,8 @@ rule REVERSINGLABS_Win32_Ransomware_Alcatraz : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-28"
 		modified = "2020-07-28"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Alcatraz.yara#L1-L91"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Alcatraz.yara#L1-L91"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ddd35c8da0c08bce17cacfba8bb8a8b8a8c08c3e59261a88a79c63b03d29000f"
 		score = 75
 		quality = 90
@@ -30304,8 +30619,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Timetime : TC_DETECTION MALICIOUS MA
 		date = "2022-02-21"
 		modified = "2022-02-21"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.TimeTime.yara#L1-L75"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.TimeTime.yara#L1-L75"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "43867dd793bc84e6f39ca2de1aff4047a742b295dc4df94cd337bd2ef89e4a62"
 		score = 75
 		quality = 90
@@ -30369,8 +30684,8 @@ rule REVERSINGLABS_Linux_Ransomware_Luckyjoe : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Linux.Ransomware.LuckyJoe.yara#L1-L146"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Linux.Ransomware.LuckyJoe.yara#L1-L146"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1e7df2c45bee072af233cf8f355a84ec931fe96afa3fbdcd225dded1b75ea961"
 		score = 75
 		quality = 90
@@ -30505,8 +30820,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ferrlock : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Ferrlock.yara#L1-L131"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Ferrlock.yara#L1-L131"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b94bc77489dbb74573813631009e605bc848e17995a0a512d08b194ee3020b75"
 		score = 75
 		quality = 90
@@ -30623,8 +30938,8 @@ rule REVERSINGLABS_Win32_Ransomware_Fenixlocker : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.FenixLocker.yara#L1-L143"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.FenixLocker.yara#L1-L143"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "72712616df2c73c5c17696a7c5cb93f767910acf5f49cda27373fccfa29c5a4d"
 		score = 75
 		quality = 90
@@ -30766,8 +31081,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Wormlocker : TC_DETECTION MALICIOUS
 		date = "2021-08-12"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.WormLocker.yara#L1-L69"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.WormLocker.yara#L1-L69"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "87a4f805de78d7e7dffb176302407453108ca01552c682aeee38f8d0201263c9"
 		score = 75
 		quality = 90
@@ -30828,8 +31143,8 @@ rule REVERSINGLABS_Win64_Ransomware_Antiwar : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2022-04-21"
 		modified = "2022-04-21"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.AntiWar.yara#L1-L146"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.AntiWar.yara#L1-L146"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2d885f35454aaf7cb33f03c30b6681aa16cbe8353003bbae0b1e9fdecb2ff8a7"
 		score = 75
 		quality = 90
@@ -30962,8 +31277,8 @@ rule REVERSINGLABS_Linux_Ransomware_Killdisk : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Linux.Ransomware.KillDisk.yara#L1-L144"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Linux.Ransomware.KillDisk.yara#L1-L144"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3ed1fb2b7b24cd4d5100d93ed53a9ab28e1482bd0998a0538d8710a962ee839f"
 		score = 75
 		quality = 90
@@ -31101,8 +31416,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ako : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Ako.yara#L1-L152"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Ako.yara#L1-L152"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "488e9b528f75fcfaa8dd19859801e6e5a73575c33cd70c98ebaa9ae93025018b"
 		score = 75
 		quality = 90
@@ -31242,8 +31557,8 @@ rule REVERSINGLABS_Win32_Ransomware_Montserrat : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Montserrat.yara#L1-L118"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Montserrat.yara#L1-L118"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c8782a8cb2b87e76ff1f804ee8affd01405827d0914ea725bb0e9ddace7dde10"
 		score = 75
 		quality = 90
@@ -31351,8 +31666,8 @@ rule REVERSINGLABS_Win64_Ransomware_Albabat : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2024-03-18"
 		modified = "2024-03-18"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.Albabat.yara#L1-L139"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.Albabat.yara#L1-L139"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "38ec8388b9006f6ab9a397858b89f4bfd7def2ffcf525cfc736abae49bc6034a"
 		score = 75
 		quality = 90
@@ -31478,8 +31793,8 @@ rule REVERSINGLABS_Win32_Ransomware_Erica : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Erica.yara#L1-L76"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Erica.yara#L1-L76"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "93512091943f3a3b395c38fa3b0f5ecdbbf1cdf967ccfea4d7145c940076e046"
 		score = 75
 		quality = 90
@@ -31551,8 +31866,8 @@ rule REVERSINGLABS_Win32_Ransomware_Crysis : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Crysis.yara#L1-L108"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Crysis.yara#L1-L108"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3c9250206f94ac65c1fc24e83cf8cdd76d10066086ef1f34ec14791d237c0263"
 		score = 75
 		quality = 90
@@ -31655,8 +31970,8 @@ rule REVERSINGLABS_Win64_Ransomware_Wintenzz : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2021-11-02"
 		modified = "2021-11-02"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.Wintenzz.yara#L1-L83"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.Wintenzz.yara#L1-L83"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ff4bdf2f6ee185b98d0014b3066806fe7e25ea94f46837948bc5262440bf8a56"
 		score = 75
 		quality = 90
@@ -31731,8 +32046,8 @@ rule REVERSINGLABS_Win32_Ransomware_Badblock : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.BadBlock.yara#L1-L100"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.BadBlock.yara#L1-L100"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "421e6a3772eeec6ef0cbb2427b7e044b450a2b2146cee2ca7d8c3a3a92918557"
 		score = 75
 		quality = 90
@@ -31829,8 +32144,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ladon : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Ladon.yara#L1-L101"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Ladon.yara#L1-L101"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "979e3f3bf6a67bf10b6bfdd2eeb722d8836096076b7e88c6d4aca041a1a9eecb"
 		score = 75
 		quality = 90
@@ -31923,8 +32238,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cincoo : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2022-06-21"
 		modified = "2022-06-21"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Cincoo.yara#L1-L78"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Cincoo.yara#L1-L78"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6a7562cae90754ea75a9fb98ce73ebdb9acf1ad7f28f2240abe6cb592d717ca3"
 		score = 75
 		quality = 90
@@ -31995,8 +32310,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryakl : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Cryakl.yara#L1-L64"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Cryakl.yara#L1-L64"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "51d50ab1ce021e2facbca3a35af372186287a8d69b66651c9804234a409d9932"
 		score = 75
 		quality = 90
@@ -32060,8 +32375,8 @@ rule REVERSINGLABS_Win32_Ransomware_Nemty : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Nemty.yara#L1-L205"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Nemty.yara#L1-L205"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "dc8cfdcdea8ecb2018b1b04bb1b645f6dbdc6c07357719100677c75945edef40"
 		score = 75
 		quality = 90
@@ -32245,8 +32560,8 @@ rule REVERSINGLABS_Win32_Ransomware_Xorist : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Xorist.yara#L1-L150"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Xorist.yara#L1-L150"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c428838cdd103f62508a23c9333b08567625291e110aa437324ecf37c62dca36"
 		score = 75
 		quality = 90
@@ -32378,8 +32693,8 @@ rule REVERSINGLABS_Win32_Ransomware_Makop : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-10-30"
 		modified = "2020-10-30"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Makop.yara#L1-L99"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Makop.yara#L1-L99"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0ff4739d32b4a775d07a5f22d551ed67025681d4986e4404c9a01ad4078468f3"
 		score = 75
 		quality = 90
@@ -32470,8 +32785,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hakunamatata : TC_DETECTION MALICIOUS MALWAR
 		date = "2020-11-11"
 		modified = "2020-11-11"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.HakunaMatata.yara#L1-L373"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.HakunaMatata.yara#L1-L373"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e363ff93fce286d60a3f5ea20ba3ec03564b7a5321c3f6448cc82187f23e8a9f"
 		score = 75
 		quality = 90
@@ -32831,8 +33146,8 @@ rule REVERSINGLABS_Win32_Ransomware_Meow : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2022-10-24"
 		modified = "2022-10-24"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Meow.yara#L1-L84"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Meow.yara#L1-L84"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b00753d2b150a815279297ddf40d70051d25de1c32bb90f5b706ea7fd36bb871"
 		score = 75
 		quality = 90
@@ -32908,8 +33223,8 @@ rule REVERSINGLABS_Win32_Ransomware_Networm : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2021-07-05"
 		modified = "2021-07-05"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Networm.yara#L1-L103"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Networm.yara#L1-L103"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ff9bcb9868522f9d4abf2ab9f94d5b7c9b009e5c6d0cf832c7d052f18e048b31"
 		score = 75
 		quality = 90
@@ -33003,8 +33318,8 @@ rule REVERSINGLABS_Win64_Ransomware_Redroman : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2021-05-10"
 		modified = "2021-05-10"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.RedRoman.yara#L1-L82"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.RedRoman.yara#L1-L82"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6fb2ac0e7f7ac095766e27c057e5124406dc493c08d01a7e5381403d794c7240"
 		score = 75
 		quality = 90
@@ -33082,8 +33397,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gomer : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-10-08"
 		modified = "2020-10-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Gomer.yara#L1-L106"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Gomer.yara#L1-L106"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a53d37fcb877a12a4969a6ea1aaa67fc4106c3fbdd80a4fd39ad5a66a9df47fc"
 		score = 75
 		quality = 90
@@ -33180,8 +33495,8 @@ rule REVERSINGLABS_Win32_Ransomware_Satan : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Satan.yara#L1-L152"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Satan.yara#L1-L152"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0074090c2a6cc483deffdc83dc1c0bfbd150e201c27e54f998dd2c0a7660f917"
 		score = 75
 		quality = 90
@@ -33324,8 +33639,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bam2021 : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2021-09-17"
 		modified = "2021-09-17"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Bam2021.yara#L1-L167"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Bam2021.yara#L1-L167"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5b717510991b78f07806e88f3dfe1c27d6ec1ec21af61a7c4f1edf7c915785d5"
 		score = 75
 		quality = 90
@@ -33474,8 +33789,8 @@ rule REVERSINGLABS_Win32_Ransomware_Kangaroo : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Kangaroo.yara#L1-L91"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Kangaroo.yara#L1-L91"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1078fb3d47ad737548419e5ee66e686f705c02fea27a58c0097446547325772c"
 		score = 75
 		quality = 90
@@ -33558,8 +33873,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sigrun : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Sigrun.yara#L1-L111"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Sigrun.yara#L1-L111"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ea29ec64cdfc0c714fe0acdce5878cb1302dd5aa916811121c644948ce275935"
 		score = 75
 		quality = 90
@@ -33660,8 +33975,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gibon : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Gibon.yara#L1-L122"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Gibon.yara#L1-L122"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cace0f35529307487f39aace6ae8989c7b878f82ebe890b256dfac563551a099"
 		score = 75
 		quality = 90
@@ -33777,8 +34092,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_EAF : TC_DETECTION MALICIOUS MALWARE
 		date = "2022-07-22"
 		modified = "2022-07-22"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.EAF.yara#L1-L89"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.EAF.yara#L1-L89"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3d10c852f95e8aa9bcd3543b96650b98ac57bcd2aa2b374e0badb63b5a4c0396"
 		score = 75
 		quality = 90
@@ -33858,8 +34173,8 @@ rule REVERSINGLABS_Win32_Ransomware_Matsnu : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Matsnu.yara#L1-L116"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Matsnu.yara#L1-L116"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "76ef1b4a292f27ccd904e80f0279a7a327f7399a21f2266ef3ea959e5339ffac"
 		score = 75
 		quality = 90
@@ -33975,8 +34290,8 @@ rule REVERSINGLABS_Win32_Ransomware_Paradise : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Paradise.yara#L1-L81"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Paradise.yara#L1-L81"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fc029bee999ec72416ac91d8386d4d270070035ad078bcab1dec11eea032c10b"
 		score = 75
 		quality = 90
@@ -34058,8 +34373,8 @@ rule REVERSINGLABS_Win32_Ransomware_Wsir : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2022-08-02"
 		modified = "2022-08-02"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.WsIR.yara#L1-L73"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.WsIR.yara#L1-L73"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c22c01f93945c7721ebfe5e7a09c3bf2b9d0ad95740bc0a76b4e61741f61d82c"
 		score = 75
 		quality = 90
@@ -34125,8 +34440,8 @@ rule REVERSINGLABS_Win32_Ransomware_Plague17 : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2021-02-19"
 		modified = "2021-02-19"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Plague17.yara#L1-L263"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Plague17.yara#L1-L263"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e0e518fc83a62d70b83df273c6ba469e6f0fdf9c035126428ec7561e04437b6f"
 		score = 75
 		quality = 90
@@ -34371,8 +34686,8 @@ rule REVERSINGLABS_Win32_Ransomware_Redeemer : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2022-01-17"
 		modified = "2022-01-17"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Redeemer.yara#L1-L105"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Redeemer.yara#L1-L105"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "28287f6620a2f7a90057d1f97947e065721119e26398fe659331dc5fe99761de"
 		score = 75
 		quality = 90
@@ -34468,8 +34783,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cicada3301 : TC_DETECTION MALICIOUS MALWARE
 		date = "2024-10-09"
 		modified = "2024-10-09"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Cicada3301.yara#L1-L309"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Cicada3301.yara#L1-L309"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9479667fd4c7f865607ece6af985ab6fa7b62f98738c338e4155059551db8a21"
 		score = 75
 		quality = 90
@@ -34751,8 +35066,8 @@ rule REVERSINGLABS_Win32_Ransomware_Asn1Encoder : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.ASN1Encoder.yara#L1-L136"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.ASN1Encoder.yara#L1-L136"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "000fd846fa5f09af19ead4623bb5a8eb51cdb4c751013569bf070710d3e0d61d"
 		score = 75
 		quality = 90
@@ -34879,8 +35194,8 @@ rule REVERSINGLABS_Linux_Ransomware_Gwisinlocker : TC_DETECTION MALICIOUS MALWAR
 		date = "2022-10-11"
 		modified = "2022-10-11"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Linux.Ransomware.GwisinLocker.yara#L1-L354"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Linux.Ransomware.GwisinLocker.yara#L1-L354"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c23c0b73bbefbd644ffe1398e1f14eec3a89945cb3c3ccbc6f46c57046b53505"
 		score = 75
 		quality = 90
@@ -35188,8 +35503,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Mcburglar : TC_DETECTION MALICIOUS M
 		date = "2021-09-27"
 		modified = "2021-09-27"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.McBurglar.yara#L1-L75"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.McBurglar.yara#L1-L75"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "57fefcdc1528fc1c8da36a431cd09774e33ea08a394ac4f8d19a27504e72676d"
 		score = 75
 		quality = 90
@@ -35252,8 +35567,8 @@ rule REVERSINGLABS_Win32_Ransomware_Torrentlocker : TC_DETECTION MALICIOUS MALWA
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.TorrentLocker.yara#L1-L98"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.TorrentLocker.yara#L1-L98"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f1aa523fa95e142b7e421286d26918e3da4bd3e268fef3f98f00820296291bfc"
 		score = 75
 		quality = 90
@@ -35348,8 +35663,8 @@ rule REVERSINGLABS_Win32_Ransomware_Acepy : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2022-08-04"
 		modified = "2022-08-04"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Acepy.yara#L1-L69"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Acepy.yara#L1-L69"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "92c543a0b8c3c884f83647119d32c7b46f5fe839694bb8a8de0146c5c77bc587"
 		score = 75
 		quality = 90
@@ -35409,8 +35724,8 @@ rule REVERSINGLABS_Win32_Ransomware_Outsider : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-10-23"
 		modified = "2020-10-23"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Outsider.yara#L1-L88"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Outsider.yara#L1-L88"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "80c5a93b5b72b7b66e36f1726486b0c7620588d05bd925510d76f020a40b124c"
 		score = 75
 		quality = 90
@@ -35490,8 +35805,8 @@ rule REVERSINGLABS_Win32_Ransomware_Kawaiilocker : TC_DETECTION MALICIOUS MALWAR
 		date = "2020-08-17"
 		modified = "2020-08-17"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.KawaiiLocker.yara#L1-L135"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.KawaiiLocker.yara#L1-L135"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d86b41ef1c43da55869ad26facd5efdf232277f0e33483690a69a04c4ba8f7da"
 		score = 75
 		quality = 90
@@ -35627,8 +35942,8 @@ rule REVERSINGLABS_Win32_Ransomware_Elpaco : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2025-02-27"
 		modified = "2025-02-27"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Elpaco.yara#L1-L316"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Elpaco.yara#L1-L316"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6b3fdd586c9f3e5c40782c814b5091b28e88f3d74032c392a6479182eb74327a"
 		score = 75
 		quality = 90
@@ -35919,8 +36234,8 @@ rule REVERSINGLABS_Win32_Ransomware_Lorenz : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2022-10-24"
 		modified = "2022-10-24"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Lorenz.yara#L1-L252"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Lorenz.yara#L1-L252"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b8668fcc560d264c37e3fbb52d5a5f1223a282abd9e984b3109efe9ab454be9f"
 		score = 75
 		quality = 90
@@ -36131,8 +36446,8 @@ rule REVERSINGLABS_Win32_Ransomware_Jsworm : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.JSWorm.yara#L1-L93"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.JSWorm.yara#L1-L93"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8ba5e2f29f5f06e6e6714bbba1129862da8c3a83bf7f296818eddee2593cae38"
 		score = 75
 		quality = 90
@@ -36225,8 +36540,8 @@ rule REVERSINGLABS_Win32_Ransomware_Spora : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Spora.yara#L1-L124"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Spora.yara#L1-L124"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4e18bb42277ce9194bf75fa45d95ea7e2bd51c5d7791d3d6e013fc07626e65b0"
 		score = 75
 		quality = 90
@@ -36348,8 +36663,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Fantom : TC_DETECTION MALICIOUS MALW
 		date = "2021-08-12"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Fantom.yara#L1-L97"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Fantom.yara#L1-L97"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f2aaa9776b7ca302052b3303d45df24cc151a4efc7ea9f4bb3c1f53d10ded03a"
 		score = 75
 		quality = 90
@@ -36441,8 +36756,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptowall : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.CryptoWall.yara#L3-L312"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.CryptoWall.yara#L3-L312"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "74baa04ee506732e0bb64a77cfd2d2216fcc978f13447ef07862e0116c093c14"
 		score = 75
 		quality = 88
@@ -36728,8 +37043,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hermes : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Hermes.yara#L1-L284"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Hermes.yara#L1-L284"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6db95c422ee2f9dd8a1795031ee8d7d5ed84e16cde47512becc006b6a849e890"
 		score = 75
 		quality = 90
@@ -36980,8 +37295,8 @@ rule REVERSINGLABS_Win32_Ransomware_Atlas : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Atlas.yara#L1-L99"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Atlas.yara#L1-L99"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1486f931ec096a00d913de0568ddd8aa5a091256445bc28aba90e3e194ebd045"
 		score = 75
 		quality = 90
@@ -37080,8 +37395,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zerocrypt : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.ZeroCrypt.yara#L1-L94"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.ZeroCrypt.yara#L1-L94"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "947925206ded187eac31c5046d75ab017869ae3f8dc906f2e5536d4db219f108"
 		score = 75
 		quality = 90
@@ -37177,8 +37492,8 @@ rule REVERSINGLABS_Win32_Ransomware_Loocipher : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.LooCipher.yara#L1-L87"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.LooCipher.yara#L1-L87"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "aa0598d63b5fad6aea0945a0aa2030d3d6e2cd9f1fea16f3dd17cdceb68323e3"
 		score = 75
 		quality = 90
@@ -37258,8 +37573,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Namaste : TC_DETECTION MALICIOUS MAL
 		date = "2021-08-12"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Namaste.yara#L1-L81"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Namaste.yara#L1-L81"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5a952276f41b5524bcb82a9ceb076983d2faf2864b3bbd0a06d49bbd5edc1e0e"
 		score = 75
 		quality = 90
@@ -37334,8 +37649,8 @@ rule REVERSINGLABS_Win32_Ransomware_Marsjoke : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.MarsJoke.yara#L1-L157"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.MarsJoke.yara#L1-L157"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "298b2fd99793a15b3537853289e1337648d3fa84f12038e6f6831741404b7c5c"
 		score = 75
 		quality = 90
@@ -37495,8 +37810,8 @@ rule REVERSINGLABS_Win32_Ransomware_Wannacry : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.WannaCry.yara#L3-L135"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.WannaCry.yara#L3-L135"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fed58b533a9f7c3eb1b3e4f8fbe1f519aab94d1c066ae6937c21876693be0eac"
 		score = 75
 		quality = 90
@@ -37621,8 +37936,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cybervolk : TC_DETECTION MALICIOUS MALWARE F
 		date = "2024-11-27"
 		modified = "2024-11-27"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.CyberVolk.yara#L1-L293"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.CyberVolk.yara#L1-L293"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "59ed7c4f576fa7cd4cceb724d14f258598c140e434ed309fe2e599c3aaa667d9"
 		score = 75
 		quality = 90
@@ -37887,8 +38202,8 @@ rule REVERSINGLABS_Win32_Ransomware_Blackmoon : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-11-11"
 		modified = "2020-11-11"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.BlackMoon.yara#L1-L70"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.BlackMoon.yara#L1-L70"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "428409096a8637978bf2a1efb3238e4ba87715a909693b0cd26c0f689d567a09"
 		score = 75
 		quality = 90
@@ -37954,8 +38269,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptojoker : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.CryptoJoker.yara#L1-L140"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.CryptoJoker.yara#L1-L140"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "42ee1e63ada1ae986f43a1300eda0b1fa7b54c26be31ef5637bb321defffbe40"
 		score = 75
 		quality = 90
@@ -38091,8 +38406,8 @@ rule REVERSINGLABS_Win32_Ransomware_Lolkek : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-10-23"
 		modified = "2020-10-23"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Lolkek.yara#L1-L106"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Lolkek.yara#L1-L106"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d18545b25a33bba1a6e01ab37768bd4f15fb125dcb8cbe7909d9a8bbe08e63fa"
 		score = 75
 		quality = 90
@@ -38189,8 +38504,8 @@ rule REVERSINGLABS_Win32_Ransomware_District : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.District.yara#L1-L194"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.District.yara#L1-L194"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9ce395636fd7719f503726df82998e1ac72e9e80fd7a4534bd2251ac9283af38"
 		score = 75
 		quality = 90
@@ -38367,8 +38682,8 @@ rule REVERSINGLABS_Win32_Ransomware_Velso : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Velso.yara#L1-L230"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Velso.yara#L1-L230"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "602be848a26106a1bd46cfc515578f0628687e6cb352e609a274220a61bcb620"
 		score = 75
 		quality = 90
@@ -38580,8 +38895,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bananacrypt : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-09-14"
 		modified = "2020-09-14"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.BananaCrypt.yara#L1-L103"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.BananaCrypt.yara#L1-L103"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6bde4430e438947b0d7f10c4de11216929ec03af81b3d74f8b7bb8ed134d08d2"
 		score = 75
 		quality = 90
@@ -38678,8 +38993,8 @@ rule REVERSINGLABS_Win32_Ransomware_NB65 : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2022-06-01"
 		modified = "2022-06-01"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.NB65.yara#L1-L68"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.NB65.yara#L1-L68"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f8a0e265fc72a9f017b37ce4b6dbb878285a5d298ab1b8c69f9fde7159426981"
 		score = 75
 		quality = 90
@@ -38740,8 +39055,8 @@ rule REVERSINGLABS_Win64_Ransomware_Pandora : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2022-06-01"
 		modified = "2022-06-01"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.Pandora.yara#L1-L95"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.Pandora.yara#L1-L95"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6576bde36ae9a9bc2e9dd878db788c608083b84d96d31e6898f48a264c6b7f1a"
 		score = 75
 		quality = 90
@@ -38828,8 +39143,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sevensevenseven : TC_DETECTION MALICIOUS MAL
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.SevenSevenSeven.yara#L1-L148"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.SevenSevenSeven.yara#L1-L148"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "583a8ac746cd749bd3927f10c864a3ac84f82f8bbd8d0ebf117e22b016d7ca94"
 		score = 75
 		quality = 90
@@ -38953,8 +39268,8 @@ rule REVERSINGLABS_Win32_Ransomware_Vanhelsing : TC_DETECTION MALICIOUS MALWARE
 		date = "2025-06-10"
 		modified = "2025-06-10"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.VanHelsing.yara#L1-L464"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.VanHelsing.yara#L1-L464"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8a04dac3ede0d2fb63db8f97fc20bb83372a2adf5e760ea7c29e5f563cee7442"
 		score = 75
 		quality = 88
@@ -39372,8 +39687,8 @@ rule REVERSINGLABS_Win32_Ransomware_Fuxsocy : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2021-03-01"
 		modified = "2021-03-01"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.FuxSocy.yara#L1-L114"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.FuxSocy.yara#L1-L114"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8b3c04eb5d60fcc82e47cb8e78da0a98642666546d6799baef24b56926e3aceb"
 		score = 75
 		quality = 90
@@ -39481,8 +39796,8 @@ rule REVERSINGLABS_Win64_Ransomware_Vovalex : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2021-03-12"
 		modified = "2021-03-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.Vovalex.yara#L1-L81"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.Vovalex.yara#L1-L81"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0c0f065224988bcba45b5aba2dceb080479b0bab235d544daabc3cae72e48318"
 		score = 75
 		quality = 90
@@ -39559,8 +39874,8 @@ rule REVERSINGLABS_Win64_Ransomware_Seedlocker : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.SeedLocker.yara#L1-L91"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.SeedLocker.yara#L1-L91"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a478efcfb03e3eeebe72d9a71629456cf061c3c779fbdde99539854caf8c7c33"
 		score = 75
 		quality = 90
@@ -39652,8 +39967,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Harpoonlocker : TC_DETECTION MALICIO
 		date = "2022-01-27"
 		modified = "2022-01-27"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.HarpoonLocker.yara#L1-L96"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.HarpoonLocker.yara#L1-L96"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "20587f9dce5981934498d9979843a090224ba649def8b694adf7799b7060cc25"
 		score = 75
 		quality = 90
@@ -39741,8 +40056,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Eternity : TC_DETECTION MALICIOUS MA
 		date = "2022-07-22"
 		modified = "2022-07-22"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Eternity.yara#L1-L74"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Eternity.yara#L1-L74"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a2298a26e9bbe2b779eb2afeeda28d4321bc2d26db46bbb377bf86abaf8fa929"
 		score = 75
 		quality = 90
@@ -39805,8 +40120,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hydracrypt : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.HydraCrypt.yara#L1-L174"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.HydraCrypt.yara#L1-L174"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "910a6f23f06cecb8d3115ebfed42a66412dbd0d3a519e39f21df81b0c2028f48"
 		score = 75
 		quality = 90
@@ -39961,8 +40276,8 @@ rule REVERSINGLABS_Win32_Ransomware_Magniber : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Magniber.yara#L1-L114"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Magniber.yara#L1-L114"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "05b516f9b466489ea3a30e2fe5eb08290e85ece7a63e29e8bbbeb81c87d0a6f1"
 		score = 75
 		quality = 90
@@ -40072,8 +40387,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptolocker : TC_DETECTION MALICIOUS MALWAR
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.CryptoLocker.yara#L3-L154"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.CryptoLocker.yara#L3-L154"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "08430b0c5689840d592bdda5dbc2ed06e0d0fa1e2c0f19aff4316580c6a0b23d"
 		score = 75
 		quality = 90
@@ -40212,8 +40527,8 @@ rule REVERSINGLABS_Win32_Ransomware_Princesslocker : TC_DETECTION MALICIOUS MALW
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.PrincessLocker.yara#L1-L92"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.PrincessLocker.yara#L1-L92"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5be4ca3bd0b0afed1d2f3a59e2951d74a8de94c5a4d5a2c6cc29add49eab9ec0"
 		score = 75
 		quality = 90
@@ -40307,8 +40622,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ophionlocker : TC_DETECTION MALICIOUS MALWAR
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.OphionLocker.yara#L1-L105"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.OphionLocker.yara#L1-L105"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3c54a948a6a45ec5f5bc32fbbdbc8822f402b1332e9109b20b90635464dbe2ac"
 		score = 75
 		quality = 90
@@ -40412,8 +40727,8 @@ rule REVERSINGLABS_Win32_Ransomware_Good : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Good.yara#L1-L82"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Good.yara#L1-L82"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6737853a77a6008f9fd2141bb6b13d595f1cb7e832be944596f709e1fcdf8003"
 		score = 75
 		quality = 90
@@ -40488,8 +40803,8 @@ rule REVERSINGLABS_Win32_Ransomware_Crypren : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Crypren.yara#L1-L144"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Crypren.yara#L1-L144"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7047d48782762e42544063fde6f2be62eb19f22853ea84abb5bce67c962da172"
 		score = 75
 		quality = 90
@@ -40620,8 +40935,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Timecrypt : TC_DETECTION MALICIOUS M
 		date = "2021-12-06"
 		modified = "2021-12-06"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.TimeCrypt.yara#L1-L69"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.TimeCrypt.yara#L1-L69"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6849d6d5010d7bcb4052c10d5bd7cc29320ffc986f36289b272a1e9a8d14fab9"
 		score = 75
 		quality = 90
@@ -40679,8 +40994,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Pacman : TC_DETECTION MALICIOUS MALW
 		date = "2021-08-12"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Pacman.yara#L1-L68"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Pacman.yara#L1-L68"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0634303a4db2631edb40a9435444f3bdc4bc6eb745c7e43a54478e54e7507403"
 		score = 75
 		quality = 90
@@ -40750,8 +41065,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zeppelin : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Zeppelin.yara#L1-L109"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Zeppelin.yara#L1-L109"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8fb07e49d2ff9d497fb36a5d901748315ae519f5ef845d1a5ec6341d0eb1f68c"
 		score = 75
 		quality = 90
@@ -40848,8 +41163,8 @@ rule REVERSINGLABS_Win32_Ransomware_Termite : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2020-08-31"
 		modified = "2020-08-31"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Termite.yara#L1-L151"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Termite.yara#L1-L151"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "df273de81fc58cb0bacf021ee539ec6dbfa1f1a3e13bd46519ee313595cafb4c"
 		score = 75
 		quality = 90
@@ -40992,8 +41307,8 @@ rule REVERSINGLABS_Win32_Ransomware_Thanatos : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-11-13"
 		modified = "2020-11-13"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Thanatos.yara#L1-L85"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Thanatos.yara#L1-L85"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a51fa9cf1a08e4cd252a8b385be3bfde909585e2a799baaede977e40ecff5313"
 		score = 75
 		quality = 90
@@ -41074,8 +41389,8 @@ rule REVERSINGLABS_Win32_Ransomware_Prometey : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2021-06-07"
 		modified = "2021-06-07"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Prometey.yara#L1-L156"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Prometey.yara#L1-L156"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f14c9605e2d375176b461fd396be66754b0ace7dcaada8ca33ad86f6eda10b73"
 		score = 75
 		quality = 90
@@ -41220,8 +41535,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hddcryptor : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.HDDCryptor.yara#L1-L157"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.HDDCryptor.yara#L1-L157"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "47915f315bb4956507362f56024f5632cb1bcec569ceaf77fe9d7cb9c25d1d8a"
 		score = 75
 		quality = 90
@@ -41348,8 +41663,8 @@ rule REVERSINGLABS_Win64_Ransomware_Hotcoffee : TC_DETECTION MALICIOUS MALWARE F
 		date = "2021-11-25"
 		modified = "2021-11-25"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.HotCoffee.yara#L1-L111"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.HotCoffee.yara#L1-L111"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "15ae428c37fcc5a09d324fd9be5a8df3a812e6459cb1ce8eec56eabf785b4c05"
 		score = 75
 		quality = 90
@@ -41448,8 +41763,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gandcrab : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.GandCrab.yara#L1-L892"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.GandCrab.yara#L1-L892"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "79381635681482fc90defe4e10e97bf16d534837518fc06ae579822e9d77b461"
 		score = 75
 		quality = 88
@@ -42298,8 +42613,8 @@ rule REVERSINGLABS_Win32_Ransomware_Targetcompany : TC_DETECTION MALICIOUS MALWA
 		date = "2021-09-27"
 		modified = "2021-09-27"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.TargetCompany.yara#L1-L141"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.TargetCompany.yara#L1-L141"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "05fa81afa8aa1e3b9955ad24a274ddef4fb32d678902af7aae6d6c67ed3bf0fd"
 		score = 75
 		quality = 90
@@ -42426,8 +42741,8 @@ rule REVERSINGLABS_Win32_Ransomware_Shadowcryptor : TC_DETECTION MALICIOUS MALWA
 		date = "2021-02-11"
 		modified = "2021-02-11"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.ShadowCryptor.yara#L1-L89"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.ShadowCryptor.yara#L1-L89"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "875150db9fc36cd992988bba7d0c05487418b901980bf428ebd427c82fbcacd7"
 		score = 75
 		quality = 90
@@ -42508,8 +42823,8 @@ rule REVERSINGLABS_Win32_Ransomware_Satana : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Satana.yara#L1-L123"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Satana.yara#L1-L123"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5deb6ac2e8b64fb6f7af8c41a9b9e695668ca66c96c65f0c7350b11cd4ae0c50"
 		score = 75
 		quality = 90
@@ -42623,8 +42938,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Cobralocker : TC_DETECTION MALICIOUS
 		date = "2021-08-12"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Bytecode.MSIL.Ransomware.CobraLocker.yara#L1-L59"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Bytecode.MSIL.Ransomware.CobraLocker.yara#L1-L59"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "95f4c645c7c237d23b5028f824f78a5f9f8f0a4737b391d877582afe08264d7e"
 		score = 75
 		quality = 90
@@ -42680,8 +42995,8 @@ rule REVERSINGLABS_Win32_Ransomware_Lechiffre : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.LeChiffre.yara#L1-L123"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.LeChiffre.yara#L1-L123"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0b96f5f48700f2cba22da91187b3111946074e9cc58a502f25d7b96059a043cb"
 		score = 75
 		quality = 90
@@ -42803,8 +43118,8 @@ rule REVERSINGLABS_Win64_Ransomware_Awesomescott : TC_DETECTION MALICIOUS MALWAR
 		date = "2020-09-16"
 		modified = "2020-09-16"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.AwesomeScott.yara#L1-L101"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.AwesomeScott.yara#L1-L101"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ed8096a4abbd015f79f4ec7239cd4070194ad70fa03da6714e499a41f9fb9423"
 		score = 75
 		quality = 90
@@ -42906,8 +43221,8 @@ rule REVERSINGLABS_Win32_Ransomware_Denizkizi : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.DenizKizi.yara#L1-L88"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.DenizKizi.yara#L1-L88"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fbeb01263d6f68141e094ba8fb1c1a54c601ab24292f5c6b0eb8cb0c49f46afc"
 		score = 75
 		quality = 90
@@ -42988,8 +43303,8 @@ rule REVERSINGLABS_Win64_Ransomware_Seth : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2021-04-02"
 		modified = "2021-04-02"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.Seth.yara#L1-L122"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.Seth.yara#L1-L122"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "72a9d902eea2381f40d42faa7f1686c4ca54d364af0cbd8711697bbc1a235646"
 		score = 75
 		quality = 90
@@ -43102,8 +43417,8 @@ rule REVERSINGLABS_Win32_Ransomware_Winword64 : TC_DETECTION MALICIOUS MALWARE F
 		date = "2021-02-11"
 		modified = "2021-02-11"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.WinWord64.yara#L1-L215"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.WinWord64.yara#L1-L215"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "73d8c4f1b3bed365320b26332f1f1b49404d8e6536f3e25042f5f64e5bc09bd4"
 		score = 75
 		quality = 90
@@ -43304,8 +43619,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Goodwill : TC_DETECTION MALICIOUS MA
 		date = "2022-06-28"
 		modified = "2022-06-28"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.GoodWill.yara#L1-L89"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.GoodWill.yara#L1-L89"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "94e2950f415ba737fe5ca9d32a3d850dd5744e547c4ca094ad28545e19033cb2"
 		score = 75
 		quality = 90
@@ -43382,8 +43697,8 @@ rule REVERSINGLABS_Win32_Ransomware_Kovter : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Kovter.yara#L1-L141"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Kovter.yara#L1-L141"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3082e036b54a73ce8397cfa6e8dc2a807c587d9f17286e75af6cdbe622fae1e1"
 		score = 75
 		quality = 90
@@ -43524,8 +43839,8 @@ rule REVERSINGLABS_Win32_Ransomware_Mountlocker : TC_DETECTION MALICIOUS MALWARE
 		date = "2021-03-25"
 		modified = "2021-03-25"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.MountLocker.yara#L1-L86"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.MountLocker.yara#L1-L86"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d203217c229d54802e96e19dc66d38ecb0443d19e0492efe337df471a99559dc"
 		score = 75
 		quality = 90
@@ -43606,8 +43921,8 @@ rule REVERSINGLABS_Win32_Ransomware_Howareyou : TC_DETECTION MALICIOUS MALWARE F
 		date = "2021-06-14"
 		modified = "2021-06-14"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.HowAreYou.yara#L1-L205"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.HowAreYou.yara#L1-L205"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "90568365aac61d120886f9efa9822ccc23df79a1a55e522c81db6e77477c4f04"
 		score = 75
 		quality = 90
@@ -43798,8 +44113,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zoldon : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Zoldon.yara#L1-L107"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Zoldon.yara#L1-L107"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4821b8506e7ba00987978f2744da1c532e03d73f3275cb15e39cdf87f6018223"
 		score = 75
 		quality = 90
@@ -43897,8 +44212,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bkransomware : TC_DETECTION MALICIOUS MALWAR
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.BKRansomware.yara#L1-L79"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.BKRansomware.yara#L1-L79"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3118098f05a13bd161af0cb1ec322878b371ff70b9f3815a04115a214c0965a2"
 		score = 75
 		quality = 90
@@ -43973,8 +44288,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptofortress : TC_DETECTION MALICIOUS MALW
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.CryptoFortress.yara#L1-L162"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.CryptoFortress.yara#L1-L162"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "474893b63523de5ff9eb8a0c91b0677b99ce65056af7f5d02a73e43fa65453c9"
 		score = 75
 		quality = 90
@@ -44121,8 +44436,8 @@ rule REVERSINGLABS_Linux_Ransomware_Kraken : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Kraken.yara#L1-L151"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Kraken.yara#L1-L151"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4a3867aba4dbdce5d008331a3058f57b00db246975fc4d77b79ab49d5f0bbb15"
 		score = 75
 		quality = 90
@@ -44260,8 +44575,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dualshot : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-11-20"
 		modified = "2020-11-20"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Dualshot.yara#L1-L112"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Dualshot.yara#L1-L112"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a401369357901f42ad83227b025d3b14b3acd1f50705da82afbe8e4f85501919"
 		score = 75
 		quality = 90
@@ -44364,8 +44679,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Hog : TC_DETECTION MALICIOUS MALWARE
 		date = "2021-10-12"
 		modified = "2021-10-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Hog.yara#L1-L70"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Hog.yara#L1-L70"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c5cbc79fee9083ed3befa6b0d348f2d38064bb9012b8f0ca11afd7137243866d"
 		score = 75
 		quality = 90
@@ -44427,8 +44742,8 @@ rule REVERSINGLABS_Win32_Ransomware_5Ss5C : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.5ss5c.yara#L1-L267"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.5ss5c.yara#L1-L267"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "74fcec568906a01dade7091c63cffbe4afa49c4705d9c1f21d10b4eee655a805"
 		score = 75
 		quality = 90
@@ -44677,8 +44992,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ouroboros : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Ouroboros.yara#L1-L175"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Ouroboros.yara#L1-L175"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b573f303318452010ff46f21a02b6290820f9a27bf4c51b72f6ed15263b5f433"
 		score = 75
 		quality = 90
@@ -44833,12 +45148,12 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Oct : TC_DETECTION MALICIOUS MALWARE
 		description = "Yara rule that detects Oct ransomware."
 		author = "ReversingLabs"
 		id = "e811a0ba-52df-5e88-ab71-df91d5cb584a"
-		date = "2025-10-02"
-		date = "2025-10-02"
+		date = "2025-10-04"
+		date = "2025-10-04"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Oct.yara#L1-L68"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Oct.yara#L1-L68"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3973794d6bf26eaa752cfc70a217c059a190c63a0dd92b06de7c0893d92d9e88"
 		score = 75
 		quality = 90
@@ -44898,8 +45213,8 @@ rule REVERSINGLABS_Win32_Ransomware_Mafia : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Mafia.yara#L1-L142"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Mafia.yara#L1-L142"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5c17b799f0b4f1f8f72a2e4203a6606f7783ceec2034694f8a21ff65e5afdb26"
 		score = 75
 		quality = 90
@@ -45030,8 +45345,8 @@ rule REVERSINGLABS_Win32_Ransomware_Wastedlocker : TC_DETECTION MALICIOUS MALWAR
 		date = "2020-12-07"
 		modified = "2020-12-07"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Wastedlocker.yara#L1-L86"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Wastedlocker.yara#L1-L86"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0899d3cc3bcea8eae60689a54f34e57bdc52088c879c8420b8e6d0b1969cb186"
 		score = 75
 		quality = 90
@@ -45112,8 +45427,8 @@ rule REVERSINGLABS_Linux_Ransomware_Redalert : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2022-09-01"
 		modified = "2022-09-01"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Linux.Ransomware.RedAlert.yara#L1-L146"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Linux.Ransomware.RedAlert.yara#L1-L146"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fe0d10c2ef1dacdb5374f319e470274b91f4f171db49de8c89e8aaa9aa75a45c"
 		score = 75
 		quality = 90
@@ -45246,8 +45561,8 @@ rule REVERSINGLABS_Win32_Ransomware_Jamper : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Jamper.yara#L1-L110"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Jamper.yara#L1-L110"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "826f8fa7cc92b279c609a9ab6a87c32940e37b4c2476854af75bbed29cb3eaf2"
 		score = 75
 		quality = 90
@@ -45349,8 +45664,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Janelle : TC_DETECTION MALICIOUS MAL
 		date = "2021-12-16"
 		modified = "2021-12-16"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Janelle.yara#L1-L96"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Janelle.yara#L1-L96"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "49f1eac82930606183ab9cf1d5c6c42534d58735876134793e9712e78eb5a4c7"
 		score = 75
 		quality = 90
@@ -45438,8 +45753,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Invert : TC_DETECTION MALICIOUS MALW
 		date = "2021-11-11"
 		modified = "2021-11-11"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Invert.yara#L1-L66"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Invert.yara#L1-L66"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1608b8bbfc03b18a79752e60f211da7d7703862bc06b2ddf094074ae5efd0d14"
 		score = 75
 		quality = 90
@@ -45498,8 +45813,8 @@ rule REVERSINGLABS_Win32_Ransomware_Techandstrat : TC_DETECTION MALICIOUS MALWAR
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.TechandStrat.yara#L1-L106"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.TechandStrat.yara#L1-L106"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "80e201cf91adeee100e05af3ba5227fc61968bb6e0ce602107ba1217a7a62856"
 		score = 75
 		quality = 90
@@ -45595,8 +45910,8 @@ rule REVERSINGLABS_Win32_Ransomware_MZP : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.MZP.yara#L1-L147"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.MZP.yara#L1-L147"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "724ae1033bfb8ff494b30e6b3333e6c848375f1b001b75e71c9444c9f9f31251"
 		score = 75
 		quality = 90
@@ -45726,8 +46041,8 @@ rule REVERSINGLABS_Win32_Ransomware_Darkside : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.DarkSide.yara#L1-L94"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.DarkSide.yara#L1-L94"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "128af9a1b143e4b0928dd2b243e69497be906175f44815cc5703f17cce48ec9d"
 		score = 75
 		quality = 90
@@ -45810,8 +46125,8 @@ rule REVERSINGLABS_Win64_Ransomware_Ako : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.Ako.yara#L1-L173"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.Ako.yara#L1-L173"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8321a4ace66ae48e3a6896daf02c184fa7767fa6bd10cd83b322ad01698008cf"
 		score = 75
 		quality = 90
@@ -45973,8 +46288,8 @@ rule REVERSINGLABS_Win32_Ransomware_Blitzkrieg : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Blitzkrieg.yara#L1-L127"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Blitzkrieg.yara#L1-L127"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "22dd16c886a1982186fe927e633be9951da7d7e664e877e11fa976696b2bc86f"
 		score = 75
 		quality = 90
@@ -46090,8 +46405,8 @@ rule REVERSINGLABS_Win32_Ransomware_Buran : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Buran.yara#L1-L91"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Buran.yara#L1-L91"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5606e0acecd99ccf2feaa995353211302903a09bb2c4ec65903566215e2d5ca4"
 		score = 75
 		quality = 90
@@ -46174,8 +46489,8 @@ rule REVERSINGLABS_Win32_Ransomware_Armage : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Armage.yara#L1-L128"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Armage.yara#L1-L128"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "aa8ddcbb0fdcad15e603e000db1d4f86eae7d42efce1c1d21dc3dd57ee9f4319"
 		score = 75
 		quality = 90
@@ -46293,8 +46608,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Retis : TC_DETECTION MALICIOUS MALWA
 		date = "2021-08-12"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Retis.yara#L1-L74"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Retis.yara#L1-L74"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3e3429041acc5730b009916efbcd35c7cfd2b2877dc1d2cf980f7fb7d399d532"
 		score = 75
 		quality = 90
@@ -46364,8 +46679,8 @@ rule REVERSINGLABS_Win32_Ransomware_Chichi : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2022-02-14"
 		modified = "2022-02-14"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.ChiChi.yara#L1-L66"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.ChiChi.yara#L1-L66"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "863a30e4c708e13ea0f4c6ad42a919de463926508783d6552c0cec746730baa5"
 		score = 75
 		quality = 90
@@ -46424,8 +46739,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Thanos : TC_DETECTION MALICIOUS MALW
 		date = "2021-08-12"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Thanos.yara#L1-L106"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Thanos.yara#L1-L106"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f6bc0c2188a04d2fb2a82a6b6d6cdf7763c32047bec725fe07f01415edf0b4cd"
 		score = 75
 		quality = 90
@@ -46522,8 +46837,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Policerecords : TC_DETECTION MALICIO
 		date = "2022-08-02"
 		modified = "2022-08-02"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.PoliceRecords.yara#L1-L79"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.PoliceRecords.yara#L1-L79"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "55cb1a5d030c47abb1a9ca9970fb19b3124128e409bc9515c173c33b2bb49a16"
 		score = 75
 		quality = 90
@@ -46591,8 +46906,8 @@ rule REVERSINGLABS_Win64_Ransomware_Whiteblackcrypt : TC_DETECTION MALICIOUS MAL
 		date = "2021-07-05"
 		modified = "2021-07-05"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.WhiteBlackCrypt.yara#L1-L91"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.WhiteBlackCrypt.yara#L1-L91"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "37b95cc3412f2f2d02d19c4c15b529c4f67453cb195627b5bab2f353e7602354"
 		score = 75
 		quality = 90
@@ -46675,8 +46990,8 @@ rule REVERSINGLABS_Win32_Ransomware_Notpetya : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.NotPetya.yara#L1-L73"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.NotPetya.yara#L1-L73"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "328f0e527fee2145879ee13c003d375db832f7f3eacf7a1eb303393c1c8b5a36"
 		score = 75
 		quality = 90
@@ -46749,8 +47064,8 @@ rule REVERSINGLABS_Win32_Ransomware_Pay2Key : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2021-04-14"
 		modified = "2021-04-14"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Pay2Key.yara#L1-L99"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Pay2Key.yara#L1-L99"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2497504f3afc99523cb29e51652a24f4374316d57d4baf5cde8d22e75a425585"
 		score = 75
 		quality = 90
@@ -46840,8 +47155,8 @@ rule REVERSINGLABS_Win32_Ransomware_Retmydata : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.RetMyData.yara#L1-L79"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.RetMyData.yara#L1-L79"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "54ce38d75e9ab82a77b9c338f75e180e19ac745f149289c7478a4aa3b44d70fd"
 		score = 75
 		quality = 90
@@ -46913,8 +47228,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dragon : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-10-30"
 		modified = "2020-10-30"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Dragon.yara#L1-L149"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Dragon.yara#L1-L149"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7298c5681deaf04abb6a656cefc09b5ee4096ff7a5028caab1d7b107e97be90a"
 		score = 75
 		quality = 90
@@ -47049,8 +47364,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bluelocker : TC_DETECTION MALICIOUS MALWARE
 		date = "2022-08-04"
 		modified = "2022-08-04"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.BlueLocker.yara#L1-L130"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.BlueLocker.yara#L1-L130"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fbe5f246f4554e63b5da6a0aca169e8221a84fce18fd437ae7ad9b068e9ca576"
 		score = 75
 		quality = 90
@@ -47170,8 +47485,8 @@ rule REVERSINGLABS_Win32_Ransomware_Wasplocker : TC_DETECTION MALICIOUS MALWARE
 		date = "2022-06-28"
 		modified = "2022-06-28"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.WaspLocker.yara#L1-L76"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.WaspLocker.yara#L1-L76"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "852ec52328fca36d651e3176ac33a57ce26cefecadc2aad27235548e5b9813c1"
 		score = 75
 		quality = 90
@@ -47240,8 +47555,8 @@ rule REVERSINGLABS_Win32_Ransomware_Braincrypt : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.BrainCrypt.yara#L1-L121"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.BrainCrypt.yara#L1-L121"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "85866d6ffa136bf3ed27bbab55ae5430af4a1363930ebacab0df9ad24f8734cb"
 		score = 75
 		quality = 90
@@ -47360,8 +47675,8 @@ rule REVERSINGLABS_Win32_Ransomware_Jormungand : TC_DETECTION MALICIOUS MALWARE
 		date = "2021-10-22"
 		modified = "2021-10-22"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Jormungand.yara#L1-L135"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Jormungand.yara#L1-L135"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "049eb4533b37d8d72e50dd1e803a897758386643770d47b3e7690f58e44d5236"
 		score = 75
 		quality = 90
@@ -47483,8 +47798,8 @@ rule REVERSINGLABS_Win32_Ransomware_Infodot : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2021-02-16"
 		modified = "2021-02-16"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.InfoDot.yara#L1-L115"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.InfoDot.yara#L1-L115"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "24a1c25c1d70c21323417ae0892c613361c4bfc829737ef86b6fa7616ae668c6"
 		score = 75
 		quality = 90
@@ -47594,8 +47909,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bitcrypt : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.BitCrypt.yara#L3-L112"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.BitCrypt.yara#L3-L112"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "66cfe16a182e7f20d6358be9569ada5e6c36c94d44781d8c741638e1b174d44e"
 		score = 75
 		quality = 90
@@ -47701,8 +48016,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sherminator : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Sherminator.yara#L1-L157"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Sherminator.yara#L1-L157"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "22ac61b95f6ca4530e81a23fdd05be93e368647ca7100097a94eae3c6ce3b7d1"
 		score = 75
 		quality = 90
@@ -47847,8 +48162,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dearcry : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2021-03-12"
 		modified = "2021-03-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.DearCry.yara#L1-L96"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.DearCry.yara#L1-L96"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "40dde232255018e1bc0aadf2378a7a86a99327d13dda58d8ffc5bb38e164de26"
 		score = 75
 		quality = 90
@@ -47939,8 +48254,8 @@ rule REVERSINGLABS_Win32_Ransomware_Clop : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Clop.yara#L1-L109"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Clop.yara#L1-L109"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0b63db16a4b1cae27a97d0ff9df692a63f1a11120ffac69c05a5c71fbd224007"
 		score = 75
 		quality = 90
@@ -48040,8 +48355,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Zerolocker : TC_DETECTION MALICIOUS
 		date = "2021-08-12"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.ZeroLocker.yara#L1-L70"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.ZeroLocker.yara#L1-L70"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "147e4b390bcfaff8f05059c1d9a98b50f544fc32e820406417894fe5046e0f71"
 		score = 75
 		quality = 90
@@ -48113,8 +48428,8 @@ rule REVERSINGLABS_Win32_Ransomware_Motocos : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2021-09-17"
 		modified = "2021-09-17"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Motocos.yara#L1-L75"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Motocos.yara#L1-L75"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "34b99847f029a291808f08ba6e6ae62a54e6fed5acc928fe4828054801786881"
 		score = 75
 		quality = 90
@@ -48182,8 +48497,8 @@ rule REVERSINGLABS_Win32_Ransomware_Monalisa : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2022-05-13"
 		modified = "2022-05-13"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Monalisa.yara#L1-L83"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Monalisa.yara#L1-L83"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0bcb79dff111ec05ac93bbe9a777546bd6234dc60d9f6982c03cd0bc3b26b038"
 		score = 75
 		quality = 90
@@ -48255,8 +48570,8 @@ rule REVERSINGLABS_Win32_Ransomware_Nanolocker : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.NanoLocker.yara#L1-L79"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.NanoLocker.yara#L1-L79"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7fdb021f22d97bf8a00fd856ef913695a0d6fbaad1138b5a5cc2cc8768b130be"
 		score = 75
 		quality = 90
@@ -48335,8 +48650,8 @@ rule REVERSINGLABS_Win32_Ransomware_Vhdlocker : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.VHDLocker.yara#L1-L152"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.VHDLocker.yara#L1-L152"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "39d1fbfc79d5ea866498bb1e40d2290469df774ce65b1da04a85c0e4e5b4493c"
 		score = 75
 		quality = 90
@@ -48477,8 +48792,8 @@ rule REVERSINGLABS_Win32_Ransomware_FCT : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.FCT.yara#L1-L86"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.FCT.yara#L1-L86"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b158ad56c92a926f7398a27b3576c259e39c9716ef192fa5944ce3cffdc6d7d0"
 		score = 75
 		quality = 90
@@ -48559,8 +48874,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dmalocker : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.DMALocker.yara#L1-L149"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.DMALocker.yara#L1-L149"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "107dbc4cacd9d451e9c6fe8aa91cd612f70ac767ee70f74f3a77d1e5548b054f"
 		score = 75
 		quality = 90
@@ -48700,8 +49015,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dogecrypt : TC_DETECTION MALICIOUS MALWARE F
 		date = "2021-04-28"
 		modified = "2021-04-28"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.DogeCrypt.yara#L1-L114"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.DogeCrypt.yara#L1-L114"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1c19862884cf1e59d12c84f5ff6f799a4087ddc8bd887e0d2ce7da053642b851"
 		score = 75
 		quality = 90
@@ -48807,8 +49122,8 @@ rule REVERSINGLABS_Win32_Ransomware_Antefrigus : TC_DETECTION MALICIOUS MALWARE
 		date = "2021-03-05"
 		modified = "2021-03-05"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.AnteFrigus.yara#L1-L210"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.AnteFrigus.yara#L1-L210"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b84c01da0ee97a4eb8bf099c71094f994feb4c7185ad75b8b2ccda5eee283a92"
 		score = 75
 		quality = 90
@@ -49004,8 +49319,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gpcode : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Gpcode.yara#L1-L67"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Gpcode.yara#L1-L67"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "329309873977f73a8ebe758018ebc8ba42e15c3c7cbb9a65865631d235f5bb48"
 		score = 75
 		quality = 90
@@ -49070,8 +49385,8 @@ rule REVERSINGLABS_Win32_Ransomware_Archiveus : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Archiveus.yara#L3-L50"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Archiveus.yara#L3-L50"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2b8a42b98ab3e8b97d2e226e979f342a6a72f21d8f068f59c21ad95764077f8a"
 		score = 75
 		quality = 90
@@ -49119,8 +49434,8 @@ rule REVERSINGLABS_Win32_Ransomware_Marlboro : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-23"
 		modified = "2020-07-23"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Marlboro.yara#L1-L117"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Marlboro.yara#L1-L117"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d36c3cf52af47e9f638f58aabc19298e8c58831c3083f82e4c194319503eeaaa"
 		score = 75
 		quality = 90
@@ -49231,8 +49546,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sifreli : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2020-10-08"
 		modified = "2020-10-08"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Sifreli.yara#L1-L119"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Sifreli.yara#L1-L119"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "48f6cc678bea81afece0ae203fb27b61e2c6e4f7188a3bd260190f568c9a8a06"
 		score = 75
 		quality = 90
@@ -49340,8 +49655,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Chupacabra : TC_DETECTION MALICIOUS
 		date = "2021-10-12"
 		modified = "2021-10-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.ChupaCabra.yara#L1-L90"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.ChupaCabra.yara#L1-L90"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7f247778e0bd8057670abf42b2d1011ebae891ffcb21ebad50060f9a7986bf93"
 		score = 75
 		quality = 90
@@ -49422,8 +49737,8 @@ rule REVERSINGLABS_Win32_Ransomware_Desucrypt : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.DesuCrypt.yara#L1-L93"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.DesuCrypt.yara#L1-L93"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bd3ba8ea0fc16aad859a73628d0eda180d49298162fe239acf81c7c4e371eaad"
 		score = 75
 		quality = 90
@@ -49513,8 +49828,8 @@ rule REVERSINGLABS_Win32_Ransomware_DMR : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.DMR.yara#L1-L214"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.DMR.yara#L1-L214"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "55e19f3017c2cc8355c27f9a516e611b58b108f15bfed41b88d5662b55677a59"
 		score = 75
 		quality = 90
@@ -49716,8 +50031,8 @@ rule REVERSINGLABS_Win32_Ransomware_Nefilim : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Nefilim.yara#L1-L150"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Nefilim.yara#L1-L150"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fae0350e51aee2777475d2222848b30fd39fa39ceea260132b0c7fbc536b3a86"
 		score = 75
 		quality = 90
@@ -49852,8 +50167,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cryptobit : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.CryptoBit.yara#L1-L113"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.CryptoBit.yara#L1-L113"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ccc8a0f1c5e11211649992d0f2b309968c97b49f1c7359e62d622f364e117429"
 		score = 75
 		quality = 90
@@ -49957,8 +50272,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ragnarlocker : TC_DETECTION MALICIOUS MALWAR
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.RagnarLocker.yara#L1-L108"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.RagnarLocker.yara#L1-L108"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "398f0e5e003f87edf90cdea718be6b10470df317214d00db4dc6c4cccc5b6748"
 		score = 75
 		quality = 90
@@ -50059,8 +50374,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Apis : TC_DETECTION MALICIOUS MALWAR
 		date = "2021-11-25"
 		modified = "2021-11-25"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Apis.yara#L1-L75"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Apis.yara#L1-L75"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0915469884a268f124da348d6a182eb4a0f69063d4041b46628794ab011227ef"
 		score = 75
 		quality = 90
@@ -50128,8 +50443,8 @@ rule REVERSINGLABS_Win64_Ransomware_DST : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2021-12-06"
 		modified = "2021-12-06"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.DST.yara#L1-L170"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.DST.yara#L1-L170"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b658093232a2265d425e3b38758268c116bbac51fa5eed372b5b4f00de4c6880"
 		score = 75
 		quality = 90
@@ -50287,8 +50602,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ransomplus : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.RansomPlus.yara#L1-L95"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.RansomPlus.yara#L1-L95"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8ab18c6bcb939eac0e74f015dea773141b5086c5fcb4783666eeac1f395bc208"
 		score = 75
 		quality = 90
@@ -50384,8 +50699,8 @@ rule REVERSINGLABS_Win32_Ransomware_Serpent : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Serpent.yara#L1-L122"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Serpent.yara#L1-L122"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5e1917e8d23a5edc65ac423f3d18cc78c3848bd6c1ccc67d052eb37172857081"
 		score = 75
 		quality = 90
@@ -50508,8 +50823,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ragnarok : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Ragnarok.yara#L1-L110"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Ragnarok.yara#L1-L110"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "aaa17ab98b59a5c8c71a2b82a9bf29dd3a1a1719deaf08a3bafa77895bc10311"
 		score = 75
 		quality = 90
@@ -50610,8 +50925,8 @@ rule REVERSINGLABS_Win64_Ransomware_Cactus : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2023-12-15"
 		modified = "2023-12-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.Cactus.yara#L1-L190"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.Cactus.yara#L1-L190"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2953b67e926cb653df0de208b098da3d5c16e6690842ab28fbf8c37cd16f54d7"
 		score = 75
 		quality = 90
@@ -50785,8 +51100,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ransomexx : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-11-26"
 		modified = "2020-11-26"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Ransomexx.yara#L1-L147"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Ransomexx.yara#L1-L147"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "27b4132b7f16cafc40687e96a552ce59cc24ebf7679575680f170e3beee8a0a9"
 		score = 75
 		quality = 90
@@ -50922,8 +51237,8 @@ rule REVERSINGLABS_Win32_Ransomware_Koxic : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2022-04-21"
 		modified = "2022-04-21"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Koxic.yara#L1-L87"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Koxic.yara#L1-L87"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "739faf047b95fd538422a42943fcaad6538549bf4cf33ed91385c61365af4f09"
 		score = 75
 		quality = 90
@@ -51002,8 +51317,8 @@ rule REVERSINGLABS_Win32_Ransomware_Avaddon : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2020-10-19"
 		modified = "2020-10-19"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Avaddon.yara#L1-L148"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Avaddon.yara#L1-L148"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1b2c449d5bad02dd06cb4a980fcca1feaf02b1d8127096bb39deecbc544272a6"
 		score = 75
 		quality = 90
@@ -51135,8 +51450,8 @@ rule REVERSINGLABS_Win32_Ransomware_PXJ : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.PXJ.yara#L1-L158"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.PXJ.yara#L1-L158"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e88d27dcd7ad3af459bd7e34fcc827822365441446b0e4e7bbec399c9a948cb7"
 		score = 75
 		quality = 90
@@ -51283,8 +51598,8 @@ rule REVERSINGLABS_Win32_Ransomware_Gpgqwerty : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.GPGQwerty.yara#L1-L83"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.GPGQwerty.yara#L1-L83"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e59adadd66b4d242ac7337ce4b3c3ec6c60724f4cf5b86305f1e31b88745928c"
 		score = 75
 		quality = 90
@@ -51363,8 +51678,8 @@ rule REVERSINGLABS_Win32_Ransomware_Badbeeteam : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-11-13"
 		modified = "2020-11-13"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Badbeeteam.yara#L1-L137"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Badbeeteam.yara#L1-L137"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9b5367655c7c70958332d31524833d96d03027aab693393b19f478a80482abd0"
 		score = 75
 		quality = 90
@@ -51491,8 +51806,8 @@ rule REVERSINGLABS_Win32_Ransomware_HDMR : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.HDMR.yara#L1-L161"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.HDMR.yara#L1-L161"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "035c6596db8dc14a663679c1f7e682b85963927cc034b01e390cc22fdee3334a"
 		score = 75
 		quality = 90
@@ -51641,8 +51956,8 @@ rule REVERSINGLABS_Win32_Ransomware_Farattack : TC_DETECTION MALICIOUS MALWARE F
 		date = "2022-06-21"
 		modified = "2022-06-21"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.FarAttack.yara#L1-L93"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.FarAttack.yara#L1-L93"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "af22b8110c2b545f083b443c7a1fa7e7639324e9188eefadfe1fe70ebb1bb7fb"
 		score = 75
 		quality = 90
@@ -51727,8 +52042,8 @@ rule REVERSINGLABS_Win64_Ransomware_Hermeticransom : TC_DETECTION MALICIOUS MALW
 		date = "2022-05-13"
 		modified = "2022-05-13"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.HermeticRansom.yara#L1-L105"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.HermeticRansom.yara#L1-L105"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "123d569a9d9b9d855b3baafd6194f102d82a594fd7a2bba073843a8654a317cb"
 		score = 75
 		quality = 90
@@ -51825,8 +52140,8 @@ rule REVERSINGLABS_Win64_Ransomware_Solaso : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2021-11-02"
 		modified = "2021-11-02"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.Solaso.yara#L1-L171"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.Solaso.yara#L1-L171"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "368a80a9f2e264d17c61d6ed4c22baec838ba0b0bc2e5c79344830bf861aa5a2"
 		score = 75
 		quality = 90
@@ -51987,8 +52302,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sepsis : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Sepsis.yara#L1-L126"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Sepsis.yara#L1-L126"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "171ad074a780b45195c6e02b111b3883c58a4028e635c4d6b8ce27c5e05e35d7"
 		score = 75
 		quality = 90
@@ -52104,8 +52419,8 @@ rule REVERSINGLABS_Win32_Ransomware_Guscrypter : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-11-26"
 		modified = "2020-11-26"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.GusCrypter.yara#L1-L129"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.GusCrypter.yara#L1-L129"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cfe6005028c0e5f5d713af2a549574203678bab2ee48acc1727702bcf91522b1"
 		score = 75
 		quality = 90
@@ -52224,8 +52539,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Venom : TC_DETECTION MALICIOUS MALWA
 		date = "2022-06-06"
 		modified = "2022-06-06"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Venom.yara#L1-L68"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Venom.yara#L1-L68"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "5817ece6a1cc304835f7fc243c4cfdc3c7cacd2251a9ac294a6662b58d2552e8"
 		score = 75
 		quality = 90
@@ -52286,8 +52601,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Cring : TC_DETECTION MALICIOUS MALWA
 		date = "2021-08-12"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Cring.yara#L1-L66"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Cring.yara#L1-L66"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "05cf60ad39c9dcc592345f13b63c99b153b9253297a8ad9e52e0439081d8c796"
 		score = 75
 		quality = 90
@@ -52349,8 +52664,8 @@ rule REVERSINGLABS_Win32_Ransomware_Henry : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2021-06-14"
 		modified = "2021-06-14"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Henry.yara#L1-L80"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Henry.yara#L1-L80"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "e6ab2a8a344d40407118e29ff78f5a0144f42a0fbdee19a80b341b59f056d292"
 		score = 75
 		quality = 90
@@ -52419,8 +52734,8 @@ rule REVERSINGLABS_Win32_Ransomware_Teslacrypt : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Teslacrypt.yara#L1-L665"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Teslacrypt.yara#L1-L665"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "cc054be68d833d9f29a4ebd1c202922881b0d22a2605edc7def1048dc08f6325"
 		score = 75
 		quality = 65
@@ -53012,8 +53327,8 @@ rule REVERSINGLABS_Win32_Ransomware_Cuba : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Cuba.yara#L1-L126"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Cuba.yara#L1-L126"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "0a8dea6e38a6407897b994ea119bc8b0712a94363b7b3942dcd32c65ee5548d4"
 		score = 75
 		quality = 90
@@ -53130,8 +53445,8 @@ rule REVERSINGLABS_Win32_Ransomware_Regretlocker : TC_DETECTION MALICIOUS MALWAR
 		date = "2021-04-02"
 		modified = "2021-04-02"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.RegretLocker.yara#L1-L206"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.RegretLocker.yara#L1-L206"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3927dfecacd74f60a169f82b68df5747daa90eaba77f24c5e730ce4c48d426a3"
 		score = 75
 		quality = 90
@@ -53324,8 +53639,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Ghostencryptor : TC_DETECTION MALICI
 		date = "2021-08-12"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.GhosTEncryptor.yara#L1-L69"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.GhosTEncryptor.yara#L1-L69"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "85c1f6e5acf746388b0a9ddeb1f0ad1d2219fff7358c9a981849863155c13e3c"
 		score = 75
 		quality = 90
@@ -53386,8 +53701,8 @@ rule REVERSINGLABS_Win32_Ransomware_Petya : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Petya.yara#L3-L58"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Petya.yara#L3-L58"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d2adafcb21b627d614eab79e64e2b96ad09fae796d0670452a19490d8781ce99"
 		score = 75
 		quality = 90
@@ -53443,8 +53758,8 @@ rule REVERSINGLABS_Win32_Ransomware_Blackcat : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2022-02-14"
 		modified = "2022-02-14"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.BlackCat.yara#L1-L109"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.BlackCat.yara#L1-L109"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "24932baa625aedd14b5776ba3209c9ee330e84538c5267eeb5e09e352f655835"
 		score = 75
 		quality = 90
@@ -53540,8 +53855,8 @@ rule REVERSINGLABS_Win32_Ransomware_Conti : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-12-14"
 		modified = "2020-12-14"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Conti.yara#L1-L74"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Conti.yara#L1-L74"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4f2b96c8eaf8d112a7bb60647db49616935a336396c705d39d5bb51dfd90c60b"
 		score = 75
 		quality = 90
@@ -53611,8 +53926,8 @@ rule REVERSINGLABS_Win32_Ransomware_FLKR : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.FLKR.yara#L1-L71"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.FLKR.yara#L1-L71"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4ab00ba82baceec9899556d3a774ec08c83c10930cec194e18e3b4e16ebacb58"
 		score = 75
 		quality = 90
@@ -53685,8 +54000,8 @@ rule REVERSINGLABS_Win32_Ransomware_Rokku : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Rokku.yara#L1-L147"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Rokku.yara#L1-L147"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fefb342f8a9afac3b40c343b830f334225ff4198d55504846aa855acf5dfc9ba"
 		score = 75
 		quality = 90
@@ -53823,8 +54138,8 @@ rule REVERSINGLABS_Win32_Ransomware_Juicylemon : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-08-17"
 		modified = "2020-08-17"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.JuicyLemon.yara#L1-L116"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.JuicyLemon.yara#L1-L116"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "596d89843793307f4940dbb85b2e7081f02250f6adfdcd01f2d3c5f2b8b90875"
 		score = 75
 		quality = 90
@@ -53942,8 +54257,8 @@ rule REVERSINGLABS_Win64_Ransomware_Warlock : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2025-09-22"
 		modified = "2025-09-22"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.Warlock.yara#L1-L162"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.Warlock.yara#L1-L162"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c0cf1491dba387c5b50ab9adfb2af978aacab19b13fbef78757544ad3a7f2475"
 		score = 75
 		quality = 90
@@ -54091,8 +54406,8 @@ rule REVERSINGLABS_Win32_Ransomware_Revil : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Revil.yara#L1-L101"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Revil.yara#L1-L101"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "24a79477eb797d7a7121d1248ebbece833ccd256de55729ff96084135ce8d426"
 		score = 75
 		quality = 90
@@ -54182,8 +54497,8 @@ rule REVERSINGLABS_Win64_Ransomware_Blackbasta : TC_DETECTION MALICIOUS MALWARE
 		date = "2022-12-13"
 		modified = "2022-12-13"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.BlackBasta.yara#L1-L293"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.BlackBasta.yara#L1-L293"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "79c81a4470e9eabbd714b1a91621c7b2bbe42d5371ba2c799529662d5f5c479a"
 		score = 75
 		quality = 90
@@ -54429,8 +54744,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sage : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Sage.yara#L1-L77"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Sage.yara#L1-L77"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "69079b7176050096cdbaaaff30dd0359366b3a6a74e8bc17db348794388f71ba"
 		score = 75
 		quality = 90
@@ -54500,8 +54815,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Moisha : TC_DETECTION MALICIOUS MALW
 		date = "2022-10-11"
 		modified = "2022-10-11"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Moisha.yara#L1-L86"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Moisha.yara#L1-L86"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "89cefbbb8ec722216721bb43eb14cc33fcd4671585051359a06b62236cbf3a6c"
 		score = 75
 		quality = 90
@@ -54578,8 +54893,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Wildfire : TC_DETECTION MALICIOUS MA
 		date = "2021-08-12"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.WildFire.yara#L1-L77"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.WildFire.yara#L1-L77"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "d3be2eac7967853aae6e1317d9c22d95a3dc4b3e5bf8acbe97a7bbeabc9eab38"
 		score = 75
 		quality = 90
@@ -54657,8 +54972,8 @@ rule REVERSINGLABS_Win32_Ransomware_Maktub : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Maktub.yara#L1-L116"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Maktub.yara#L1-L116"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ee3213213e9521f7d19ce6340cd2f98057c22b1188ceefc30c17c18b6ec54e20"
 		score = 75
 		quality = 90
@@ -54776,8 +55091,8 @@ rule REVERSINGLABS_Win32_Ransomware_Bandarchor : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.BandarChor.yara#L1-L97"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.BandarChor.yara#L1-L97"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1c0c33ef7de089fc7ed6b364c7693499d1a93f79a48d6f2a5c375e47aea176bc"
 		score = 75
 		quality = 90
@@ -54871,8 +55186,8 @@ rule REVERSINGLABS_Win32_Ransomware_Jemd : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Jemd.yara#L1-L105"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Jemd.yara#L1-L105"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "552e0fc118031e953dee2e7c6bf8234a5a90de8c34b0e2724dfe99f2b28b8c51"
 		score = 75
 		quality = 90
@@ -54968,8 +55283,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zeoticus : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2021-03-19"
 		modified = "2021-03-19"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Zeoticus.yara#L1-L90"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Zeoticus.yara#L1-L90"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "adf42b96139ad98f4253f3eba2c4af1be9545825605e0851185cc15284d9e9a0"
 		score = 75
 		quality = 90
@@ -55051,8 +55366,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sifrelendi : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Sifrelendi.yara#L1-L67"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Sifrelendi.yara#L1-L67"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "430d3877c10c86fcb19b5624dd8886d61e54ccd0453678329309b49712c6d5c6"
 		score = 75
 		quality = 90
@@ -55116,8 +55431,8 @@ rule REVERSINGLABS_Win32_Ransomware_Major : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2021-01-26"
 		modified = "2021-01-26"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Major.yara#L1-L261"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Major.yara#L1-L261"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "16fb7763e3806fca6937fef7e8b3d8bccd61cb39549061d359d630c7d266c270"
 		score = 75
 		quality = 90
@@ -55363,8 +55678,8 @@ rule REVERSINGLABS_Win32_Ransomware_Killdisk : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.KillDisk.yara#L1-L80"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.KillDisk.yara#L1-L80"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6148e6fc1363ff8995a9100e07139bfa658c72892db4d30a973bad0f2b3e6c3f"
 		score = 75
 		quality = 90
@@ -55446,8 +55761,8 @@ rule REVERSINGLABS_Win64_Ransomware_Rook : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2022-01-17"
 		modified = "2022-01-17"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.Rook.yara#L1-L122"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.Rook.yara#L1-L122"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "dc8b37e55b634de52855dd851dbaaf3e690adfb2e875d0e0c9ef5f4846c6ff30"
 		score = 75
 		quality = 90
@@ -55556,8 +55871,8 @@ rule REVERSINGLABS_Win32_Ransomware_Hentaioniichan : TC_DETECTION MALICIOUS MALW
 		date = "2021-03-05"
 		modified = "2021-03-05"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.HentaiOniichan.yara#L1-L140"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.HentaiOniichan.yara#L1-L140"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "153526e5a2f05bc8e3f77d83eefce6b4cd962ea093b6f1c0ab8fcabe8d8a7ad9"
 		score = 75
 		quality = 90
@@ -55684,8 +55999,8 @@ rule REVERSINGLABS_Win32_Ransomware_Horsedeal : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-10-01"
 		modified = "2020-10-01"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Horsedeal.yara#L1-L106"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Horsedeal.yara#L1-L106"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "fa8c425b08606399b5dc7673f3898e3dba7efb6a62e56db8f500cf5072bb590b"
 		score = 75
 		quality = 90
@@ -55779,8 +56094,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Khonsari : TC_DETECTION MALICIOUS MA
 		date = "2022-01-27"
 		modified = "2022-01-27"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Khonsari.yara#L1-L68"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Khonsari.yara#L1-L68"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f1003b7863215bcd8e5cdce8ce40551105fb668ea2b8ac765909f9fa5373e6ca"
 		score = 75
 		quality = 90
@@ -55841,8 +56156,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Tarrak : TC_DETECTION MALICIOUS MALW
 		date = "2021-09-06"
 		modified = "2021-09-06"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.TaRRaK.yara#L1-L96"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.TaRRaK.yara#L1-L96"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a8c4c4a501d94da94ae4a2e1eb2846e841249659be64dd45f46584885d000635"
 		score = 75
 		quality = 90
@@ -55923,8 +56238,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ryuk : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Ryuk.yara#L1-L199"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Ryuk.yara#L1-L199"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "bf93892b281be20917656e242cbb0f3b3694439556b7e5e40a424ba1aa909105"
 		score = 75
 		quality = 90
@@ -56110,8 +56425,8 @@ rule REVERSINGLABS_Linux_Ransomware_Helldown : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2025-01-20"
 		modified = "2025-01-20"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Linux.Ransomware.Helldown.yara#L1-L127"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Linux.Ransomware.Helldown.yara#L1-L127"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b5572f537c87d113886d79768cfe89e46c00063333de612a4547c9a80f5826e1"
 		score = 75
 		quality = 90
@@ -56226,8 +56541,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dirtydecrypt : TC_DETECTION MALICIOUS MALWAR
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.DirtyDecrypt.yara#L3-L112"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.DirtyDecrypt.yara#L3-L112"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "eb6a1c376b0739848b523e741d0d1ebdbc87056d51931fb94c744aa094d6479f"
 		score = 75
 		quality = 90
@@ -56332,8 +56647,8 @@ rule REVERSINGLABS_Win32_Ransomware_Knot : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2021-03-19"
 		modified = "2021-03-19"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Knot.yara#L1-L118"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Knot.yara#L1-L118"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a7a3e13139d68314e583ec225a5d56373a551e67d46984dcf9a228a1f7275f14"
 		score = 75
 		quality = 90
@@ -56442,8 +56757,8 @@ rule REVERSINGLABS_Win32_Ransomware_Reveton : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Reveton.yara#L1-L118"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Reveton.yara#L1-L118"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "2d316c558cdb5591788ef89c6e20327882a118f2928f4a31fb5b8b3083931ac5"
 		score = 75
 		quality = 90
@@ -56554,8 +56869,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Povlsomware : TC_DETECTION MALICIOUS
 		date = "2021-08-12"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Povlsomware.yara#L1-L64"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Povlsomware.yara#L1-L64"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "465dc1b1d7e9eb3091f36efb51029cd3383d05ece054e814b18f379e58c7e457"
 		score = 75
 		quality = 90
@@ -56609,12 +56924,12 @@ rule REVERSINGLABS_Win32_Ransomware_ONI : TC_DETECTION MALICIOUS MALWARE FILE
 		description = "Yara rule that detects Oni ransomware."
 		author = "ReversingLabs"
 		id = "9190aee2-1119-546e-82ca-a7aba44a9d7f"
-		date = "2025-11-02"
-		date = "2025-11-02"
+		date = "2025-11-04"
+		date = "2025-11-04"
 		modified = "2020-12-07"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Oni.yara#L1-L82"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Oni.yara#L1-L82"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "685abf5a5edba5bae19faaf6521ce617370cdab1404fe84d846e82a60182dfff"
 		score = 75
 		quality = 90
@@ -56688,8 +57003,8 @@ rule REVERSINGLABS_Win32_Ransomware_Vegalocker : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.VegaLocker.yara#L1-L100"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.VegaLocker.yara#L1-L100"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8616e72fc435676179e83a304d4111c8f29ebf3cd79ff5b2d229cca8fc97c2a3"
 		score = 75
 		quality = 90
@@ -56784,8 +57099,8 @@ rule REVERSINGLABS_Win32_Ransomware_IFN643 : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.IFN643.yara#L1-L90"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.IFN643.yara#L1-L90"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ced234018f1f05601dd3be55eaecd2a1e116ad0b7bb9e0292434f11f19916ebe"
 		score = 75
 		quality = 90
@@ -56876,8 +57191,8 @@ rule REVERSINGLABS_Win32_Ransomware_Balaclava : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-10-01"
 		modified = "2020-10-01"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Balaclava.yara#L1-L113"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Balaclava.yara#L1-L113"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "01b43e6ea7ceebdbdda7e1f7c5bd2439a460b8aed4a1837755fa3679e9893ff3"
 		score = 75
 		quality = 90
@@ -56981,8 +57296,8 @@ rule REVERSINGLABS_Win32_Ransomware_Teslarvng : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-12-14"
 		modified = "2020-12-14"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Teslarvng.yara#L1-L137"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Teslarvng.yara#L1-L137"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "670621aa196a80fbb694e4b1690d7da60e881c5b826133939e61cd6c2406ea98"
 		score = 75
 		quality = 90
@@ -57109,8 +57424,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Dusk : TC_DETECTION MALICIOUS MALWAR
 		date = "2021-08-12"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Dusk.yara#L1-L73"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Dusk.yara#L1-L73"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "b6b0b3be7c17115dc5f225a13228f8a4811d84ae095c3ceba2d89f569f2d40c7"
 		score = 75
 		quality = 90
@@ -57175,8 +57490,8 @@ rule REVERSINGLABS_Win32_Ransomware_Garrantydecrypt : TC_DETECTION MALICIOUS MAL
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.GarrantyDecrypt.yara#L1-L79"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.GarrantyDecrypt.yara#L1-L79"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7194c1e0e15a89f2c691a7d586b9db68295cc52a5f042d0f7eb558c326430444"
 		score = 75
 		quality = 90
@@ -57257,8 +57572,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Ghostbin : TC_DETECTION MALICIOUS MA
 		date = "2021-09-06"
 		modified = "2021-09-06"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/ByteCode.MSIL.Ransomware.Ghostbin.yara#L1-L61"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/ByteCode.MSIL.Ransomware.Ghostbin.yara#L1-L61"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "3881e1c83ac2a31fdd8a081d3e6e6ea759771dbc183c3af9528930619bcddf9e"
 		score = 75
 		quality = 90
@@ -57312,8 +57627,8 @@ rule REVERSINGLABS_Win32_Ransomware_Delphimorix : TC_DETECTION MALICIOUS MALWARE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Delphimorix.yara#L1-L67"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Delphimorix.yara#L1-L67"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6d401d488d57b2d75e93a1dfd47ece687a5791d1f0a52768300f4af8a8787212"
 		score = 75
 		quality = 90
@@ -57376,8 +57691,8 @@ rule REVERSINGLABS_Win32_Ransomware_Encoded01 : TC_DETECTION MALICIOUS MALWARE F
 		date = "2021-12-16"
 		modified = "2021-12-16"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Encoded01.yara#L1-L141"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Encoded01.yara#L1-L141"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "f6f872290f15f4c564911bb099824c47cb13164457e1bcdb02dee441bc2d6b6a"
 		score = 75
 		quality = 90
@@ -57505,8 +57820,8 @@ rule REVERSINGLABS_Win32_Ransomware_Saturn : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-10-19"
 		modified = "2020-10-19"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Saturn.yara#L1-L105"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Saturn.yara#L1-L105"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "efa748346ad8c46e654542d302e81d633a2d12f421636c477431a12a34636132"
 		score = 75
 		quality = 90
@@ -57605,8 +57920,8 @@ rule REVERSINGLABS_Win32_Ransomware_MRAC : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2022-02-21"
 		modified = "2022-02-21"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.MRAC.yara#L1-L69"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.MRAC.yara#L1-L69"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "04e8364dc9c726f4bb2d3035e5b7e8dab4cae124b2f047be6f11b865fab557a7"
 		score = 75
 		quality = 90
@@ -57668,8 +57983,8 @@ rule REVERSINGLABS_Win32_Ransomware_Tblocker : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.TBLocker.yara#L1-L85"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.TBLocker.yara#L1-L85"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "81f0077655ac0e59cd8dc05be602ae500c938668bd57d3cf4a51fbff2a5b6b83"
 		score = 75
 		quality = 90
@@ -57748,8 +58063,8 @@ rule REVERSINGLABS_Win32_Ransomware_Globeimposter : TC_DETECTION MALICIOUS MALWA
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.GlobeImposter.yara#L1-L171"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.GlobeImposter.yara#L1-L171"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4345a767f270428f3b509fdad5a96bf9b494b190d3a836c4bf53dfd75da5bacb"
 		score = 75
 		quality = 90
@@ -57900,8 +58215,8 @@ rule REVERSINGLABS_Win32_Ransomware_Defray : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Defray.yara#L1-L157"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Defray.yara#L1-L157"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "82d883c77f49e50edbc7af05a108d4d54a46dca7661e4d0cd8aeffa19cb8df98"
 		score = 75
 		quality = 90
@@ -58041,8 +58356,8 @@ rule REVERSINGLABS_Win32_Ransomware_Dharma : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Dharma.yara#L1-L108"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Dharma.yara#L1-L108"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "6f33281523b462aaff68bb04f2f6869c3e6cd60cd9306ed80bb0c3e3b699f315"
 		score = 75
 		quality = 90
@@ -58150,8 +58465,8 @@ rule REVERSINGLABS_Win64_Ransomware_Curator : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2021-04-22"
 		modified = "2021-04-22"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.Curator.yara#L1-L94"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.Curator.yara#L1-L94"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "8bd29195cea0f1194e27c48ed07c52100abb7dd3de2ef7f51a645d32c3527eb3"
 		score = 75
 		quality = 90
@@ -58237,8 +58552,8 @@ rule REVERSINGLABS_Win32_Ransomware_Crypmic : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Crypmic.yara#L1-L56"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Crypmic.yara#L1-L56"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "ee97c4d35cee68e080a4e9e0a21ecd3698da638463881a58f5daaf906ef86f75"
 		score = 75
 		quality = 90
@@ -58294,8 +58609,8 @@ rule REVERSINGLABS_Win32_Ransomware_Telecrypt : TC_DETECTION MALICIOUS MALWARE F
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.TeleCrypt.yara#L1-L109"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.TeleCrypt.yara#L1-L109"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "9d856eae4369cd7ba1d88bd6ef37931e069127e2c05a84a44f5274f681e83fc0"
 		score = 75
 		quality = 90
@@ -58402,8 +58717,8 @@ rule REVERSINGLABS_Win32_Ransomware_Zhen : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2021-04-28"
 		modified = "2021-04-28"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Zhen.yara#L1-L176"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Zhen.yara#L1-L176"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "17b24e7baeccd90b8695eb8d21d9ee4a317806ed7713252d315d06bee3f93e65"
 		score = 75
 		quality = 90
@@ -58567,8 +58882,8 @@ rule REVERSINGLABS_Win32_Ransomware_Flamingo : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2021-04-14"
 		modified = "2021-04-14"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Flamingo.yara#L1-L54"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Flamingo.yara#L1-L54"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "446c0d332af01c0fceb0356d5ab273eb55764869cc8343468b75625e5d4d1036"
 		score = 75
 		quality = 90
@@ -58619,8 +58934,8 @@ rule REVERSINGLABS_Win32_Ransomware_Avoslocker : TC_DETECTION MALICIOUS MALWARE
 		date = "2021-10-22"
 		modified = "2021-10-22"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.AvosLocker.yara#L1-L108"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.AvosLocker.yara#L1-L108"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "4d81b801a95a54a35989c4a985d92578971568d1412f625bca911d0fa1eee1fe"
 		score = 75
 		quality = 90
@@ -58717,8 +59032,8 @@ rule REVERSINGLABS_Win32_Ransomware_Skystars : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2020-11-20"
 		modified = "2020-11-20"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Skystars.yara#L1-L97"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Skystars.yara#L1-L97"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "352d22183b0974908ce684725fe85b4714ac5959c3bddf093b54383195881a5a"
 		score = 75
 		quality = 90
@@ -58807,8 +59122,8 @@ rule REVERSINGLABS_Win64_Ransomware_Nokoyawa : TC_DETECTION MALICIOUS MALWARE FI
 		date = "2022-06-06"
 		modified = "2022-06-06"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win64.Ransomware.Nokoyawa.yara#L1-L104"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win64.Ransomware.Nokoyawa.yara#L1-L104"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "85b7d93db06007d0043b1489b532410ccc700cf082b641fff8a09de2ffe9101d"
 		score = 75
 		quality = 90
@@ -58904,8 +59219,8 @@ rule REVERSINGLABS_Win32_Ransomware_Lockbit : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2022-03-31"
 		modified = "2022-03-31"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.LockBit.yara#L1-L282"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.LockBit.yara#L1-L282"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "030222bd659c7e0e03858fa062067b1483aca3b7973cce19a1e7cdbb48d4405c"
 		score = 75
 		quality = 90
@@ -59147,8 +59462,8 @@ rule REVERSINGLABS_Win32_Ransomware_Blackbasta : TC_DETECTION MALICIOUS MALWARE
 		date = "2022-12-13"
 		modified = "2022-12-13"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.BlackBasta.yara#L1-L531"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.BlackBasta.yara#L1-L531"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "c68671e51489af00e9e0cf28373e5ec01bda042653dbcca8843357eede41f27f"
 		score = 75
 		quality = 88
@@ -59551,8 +59866,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sanwai : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2021-11-11"
 		modified = "2021-11-11"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Sanwai.yara#L1-L71"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Sanwai.yara#L1-L71"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "a7a95b2403fe539dce0d856cc1c04d15440677ea39c0a22e818b42333a64e92c"
 		score = 75
 		quality = 90
@@ -59616,8 +59931,8 @@ rule REVERSINGLABS_Win32_Ransomware_Ransoc : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2020-07-15"
 		modified = "2020-07-15"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Ransoc.yara#L1-L114"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Ransoc.yara#L1-L114"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "1f48f1b713c18b099e863d8a11e872ae84df0ea355f01cba765e8333d8d98575"
 		score = 75
 		quality = 90
@@ -59732,8 +60047,8 @@ rule REVERSINGLABS_Win32_Ransomware_Sarbloh : TC_DETECTION MALICIOUS MALWARE FIL
 		date = "2021-05-21"
 		modified = "2021-05-21"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Sarbloh.yara#L1-L88"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Sarbloh.yara#L1-L88"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "7259aa9d1fe657db220ee50f1610e6439ff61673d92f46ebc3b8cadd990f002c"
 		score = 75
 		quality = 90
@@ -59816,8 +60131,8 @@ rule REVERSINGLABS_Win32_Ransomware_Babuk : TC_DETECTION MALICIOUS MALWARE FILE
 		date = "2021-01-26"
 		modified = "2021-01-26"
 		reference = "ReversingLabs"
-		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/yara/ransomware/Win32.Ransomware.Babuk.yara#L1-L117"
-		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/af35d842f569bd9f726a9a77f947dda7763f87ec/LICENSE"
+		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/yara/ransomware/Win32.Ransomware.Babuk.yara#L1-L117"
+		license_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/e0a0be54aa1e11ccfd6854e4f19e9476f328fd84/LICENSE"
 		logic_hash = "70327b3f9d0b0505ade7ee6de6d7facf56820c7e8477bd172f738f374311144f"
 		score = 75
 		quality = 90
@@ -59920,7 +60235,7 @@ rule REVERSINGLABS_Win32_Ransomware_Babuk : TC_DETECTION MALICIOUS MALWARE FILE
  * YARA Rule Set
  * Repository Name: R3c0nst
  * Repository: https://github.com/fboldewin/YARA-rules/
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 54e9e6899b258b72074b2b4db6909257683240c2
  * Number of Rules: 26
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -60679,9 +60994,9 @@ rule R3C0NST_Exploit_Outlook_CVE_2023_23397 : CVE_2023_23397 FILE
  * YARA Rule Set
  * Repository Name: CAPE
  * Repository: https://github.com/kevoreilly/CAPEv2
- * Retrieval Date: 2025-11-02
- * Git Commit: 724bafc14f078ad7a6fb8e5233ef7b58c19a858e
- * Number of Rules: 180
+ * Retrieval Date: 2025-11-04
+ * Git Commit: c75cb937573d6a4f91a4d8f620fda1575ed33f23
+ * Number of Rules: 183
  * Skipped: 0 (age), 16 (quality), 3 (score), 0 (importance)
  *
  *
@@ -61362,8 +61677,8 @@ rule CAPE_Formhooka
 		date = "2025-07-16"
 		modified = "2025-07-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Formbook.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Formbook.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "21b8101a7039cfad0e9d49cc1f055bc23a2eb4c973dcda2a81a007e452d77a6d"
 		score = 75
 		quality = 70
@@ -61388,8 +61703,8 @@ rule CAPE_Formconfa
 		date = "2025-07-16"
 		modified = "2025-07-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Formbook.yar#L32-L44"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Formbook.yar#L32-L44"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "b0aa4cec55a21245d8104380c531dd6cc0fdef64fbefd79616eadfb4e95b2d75"
 		score = 75
 		quality = 70
@@ -61413,8 +61728,8 @@ rule CAPE_Formhelper
 		date = "2025-07-16"
 		modified = "2025-07-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Formbook.yar#L46-L58"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Formbook.yar#L46-L58"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "77cdfc94aac089c4f2590f4afbab35351fc6e104e67813548c68c59d27019a63"
 		score = 75
 		quality = 70
@@ -61438,8 +61753,8 @@ rule CAPE_Formconfb
 		date = "2025-07-16"
 		modified = "2025-07-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Formbook.yar#L60-L75"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Formbook.yar#L60-L75"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "bb8f54220394420e698b5eac9276c3d0ab03148808cfb9e98feb56437ce2a5a7"
 		score = 75
 		quality = 70
@@ -61466,8 +61781,8 @@ rule CAPE_Xworm
 		date = "2023-11-07"
 		modified = "2023-11-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/XWorm.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/XWorm.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "d8e103f3470e83d71cd4992b74698c0721b8a69d764fdb7a4543997b2853014a"
 		score = 75
 		quality = 70
@@ -61489,8 +61804,8 @@ rule CAPE_Modiloader : FILE
 		date = "2025-01-31"
 		modified = "2025-01-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/ModiLoader.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/ModiLoader.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "1f0cbf841a6bc18d632e0bc3c591266e77c99a7717a15fc4b84d3e936605761f"
 		logic_hash = "9e64e0c40192cc832a1ffa7b3ac65a704596af82515d03706cd7aa1f4498f32f"
 		score = 75
@@ -61514,8 +61829,8 @@ rule CAPE_Modiloaderold : FILE
 		date = "2025-01-31"
 		modified = "2025-01-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/ModiLoader.yar#L15-L53"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/ModiLoader.yar#L15-L53"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "fc006377e6d41515503b0b234ff87f59d930a7d9f8b32d2e072de79b9c52ddc4"
 		score = 75
 		quality = 66
@@ -61559,8 +61874,8 @@ rule CAPE_Vbcrypter
 		date = "2021-03-28"
 		modified = "2021-03-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/VBCrypter.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/VBCrypter.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "a62bca62ab624ab1a2c2e612c5b7e6d543006026a49c07c46800499e31e41c4e"
 		score = 75
 		quality = 70
@@ -61582,8 +61897,8 @@ rule CAPE_Bumblebee : FILE
 		date = "2023-02-08"
 		modified = "2023-02-08"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/BumbleBee.yar#L34-L46"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/BumbleBee.yar#L34-L46"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "0a632a0b30b28d544880eb1cfdd85e95f455c343d60f8d6922d4196ef7415961"
 		score = 75
 		quality = 70
@@ -61607,8 +61922,8 @@ rule CAPE_Zloader : FILE
 		date = "2024-05-03"
 		modified = "2024-05-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Zloader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Zloader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "319adca805083c7f5854fe840447cf961addbd748f1f25eb8ec8cdeed7af38aa"
 		score = 75
 		quality = 70
@@ -61631,8 +61946,8 @@ rule CAPE_Zloader_2024 : FILE
 		date = "2024-05-03"
 		modified = "2024-05-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Zloader.yar#L14-L26"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Zloader.yar#L14-L26"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "38d555ef5f613cf7ca043697c479100a7a22e7f043acf8b6a46f8009eb92fd7e"
 		score = 75
 		quality = 70
@@ -61656,8 +61971,8 @@ rule CAPE_Buerloader : FILE
 		date = "2021-03-13"
 		modified = "2021-03-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/BuerLoader.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/BuerLoader.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "6f9f9b4c01251c0643c61701084cca2bdfeea08ca95f982355565cf05483d940"
 		score = 75
 		quality = 70
@@ -61679,8 +61994,8 @@ rule CAPE_Heavenssyscall : FILE
 		date = "2024-03-25"
 		modified = "2024-03-25"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/HeavensSyscall.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/HeavensSyscall.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "aeb981fcba0936ff8b1be4c601445fd45e5d3b74856a9439d351edd57f5a50c3"
 		score = 75
 		quality = 70
@@ -61704,8 +62019,8 @@ rule CAPE_Gettickcountantivm
 		date = "2022-02-25"
 		modified = "2022-02-25"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/GetTickCountAntiVM.yar#L1-L20"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/GetTickCountAntiVM.yar#L1-L20"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "662bc7839ed7ddd82d5fdafa29fafd9a9ec299c28820fe4104fbba9be1a09c42"
 		hash = "00f1537b13933762e1146e41f3bac668123fac7eacd0aa1f7be0aa37a91ef3ce"
 		hash = "549bca48d0bac94b6a1e6eb36647cd007fed5c0e75a0e4aa315ceabdafe46541"
@@ -61736,8 +62051,8 @@ rule CAPE_Doomedloader : FILE
 		date = "2024-07-25"
 		modified = "2024-07-25"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/DoomedLoader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/DoomedLoader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "54a5962ef49ebf987908c4ea1559788f7c96a7e4ea61d2973636e998a0239c77"
 		score = 75
 		quality = 70
@@ -61761,8 +62076,8 @@ rule CAPE_Emotetpacker : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/EmotetPacker.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/EmotetPacker.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "5a95d1d87ce69881b58a0e3aafc1929861e2633cdd960021d7b23e2a36409e0d"
 		logic_hash = "5f27d9d18884f7e0805f69960869b332c1577bf8be8ac103285e8bf98cda0ffd"
 		score = 75
@@ -61786,8 +62101,8 @@ rule CAPE_Smokeloader : FILE
 		date = "2023-02-06"
 		modified = "2023-02-06"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/SmokeLoader.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/SmokeLoader.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "4b15162f4b754cdd6a9124f29f0fd979085734063a0b17f2a97a9750f29e2e0b"
 		score = 75
 		quality = 70
@@ -61809,8 +62124,8 @@ rule CAPE_Slowloader
 		date = "2024-09-23"
 		modified = "2024-09-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/SlowLoader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/SlowLoader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "f07528c646ebd980a5e843caa4a4715e31b22c3cd091576600e9fe45d7fc2fe4"
 		score = 75
 		quality = 70
@@ -61833,8 +62148,8 @@ rule CAPE_Anticuckoo : FILE
 		date = "2023-03-17"
 		modified = "2023-03-17"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/AntiCuckoo.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/AntiCuckoo.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "ad5e52f144bb4a1dae3090978c6ecb4c7732538c9b62a6cedd32eccee6094be5"
 		logic_hash = "a039aeca2dae44980e8bffafacfda90975e107001be50f11ac916b35ad43592e"
 		score = 75
@@ -61854,11 +62169,11 @@ rule CAPE_Rhadamanthys
 		description = "No description has been set in the source file - CAPE"
 		author = "kevoreilly"
 		id = "d9d387e1-76b3-55f6-a40f-a8c9cb9e9bea"
-		date = "2023-04-18"
-		modified = "2023-04-18"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Rhadamanthys.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Rhadamanthys.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "3c8fbfe14f81e099fc900023d9c856e3f45b99af38889ed952b2ac67a636f51d"
 		score = 75
 		quality = 70
@@ -61874,6 +62189,29 @@ rule CAPE_Rhadamanthys
 	condition:
 		2 of them
 }
+rule CAPE_Rhadaanti
+{
+	meta:
+		description = "No description has been set in the source file - CAPE"
+		author = "kevoreilly"
+		id = "25c31ccc-63e7-56f0-a62f-e64d992c34b5"
+		date = "2025-11-03"
+		modified = "2025-11-03"
+		reference = "https://github.com/kevoreilly/CAPEv2"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Rhadamanthys.yar#L15-L24"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
+		logic_hash = "b54fd25e3297d358f2a8ec3a868bb4d233ee32d6942f21a53c3d25d35164530b"
+		score = 75
+		quality = 70
+		tags = ""
+		cape_options = "bp0=$anti,action0=jmp,count=0,ntdll-protect=0,dump-limit=0"
+
+	strings:
+		$anti = {74 0E FF 75 ?? 8D 45 ?? 50 E8 [4] 59 59 8D 45 ?? 50 56 68 04 01 00 00}
+
+	condition:
+		all of them
+}
 rule CAPE_Pikahook : FILE
 {
 	meta:
@@ -61883,8 +62221,8 @@ rule CAPE_Pikahook : FILE
 		date = "2024-03-12"
 		modified = "2024-03-12"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Pikabot.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Pikabot.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "2a50a5f2d905122a5b7ac8ca3666b47caa24d325e246841129e53807daf2a1dd"
 		score = 75
 		quality = 70
@@ -61909,8 +62247,8 @@ rule CAPE_Pikexport : FILE
 		date = "2024-03-12"
 		modified = "2024-03-12"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Pikabot.yar#L16-L28"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Pikabot.yar#L16-L28"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "238dcc5611ed9066b63d2d0109c9b623f54f8d7b61d5f9de59694cfc60a4e646"
 		logic_hash = "33f58703a0e40c2361343dbdcc17111aafbf5cc912393edda79005c6ec566f42"
 		score = 75
@@ -61934,8 +62272,8 @@ rule CAPE_Risepro : FILE
 		date = "2023-12-16"
 		modified = "2023-12-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/RisePro.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/RisePro.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "1b69a1dd5961241b926605f0a015fa17149c3b2759fb077a30a22d4ddcc273f6"
 		logic_hash = "055ca8328923b91f93c116e4a856366356fa11155f4e9fde95da31129b51386a"
 		score = 75
@@ -61960,8 +62298,8 @@ rule CAPE_Lumma : FILE
 		date = "2024-05-09"
 		modified = "2024-05-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Lumma.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Lumma.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "a8f9212b619796f91f14c4164e4d2f30c66b51118f22f3d6c310841b6707b7b0"
 		score = 75
 		quality = 70
@@ -61986,8 +62324,8 @@ rule CAPE_Lummaremap
 		date = "2024-05-09"
 		modified = "2024-05-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Lumma.yar#L16-L27"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Lumma.yar#L16-L27"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "51093379fbd041f75bdfe161bc9dfcc7d782c23ce16d625ca558bb58d8d57713"
 		score = 75
 		quality = 70
@@ -62010,8 +62348,8 @@ rule CAPE_Rdtscpantivm
 		date = "2021-12-11"
 		modified = "2021-12-11"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/RdtscpAntiVM.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/RdtscpAntiVM.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "be0f9b52fb630730a38160f4ad2d50b6b4bea5edd82e3ea4d1e257cf7b090910"
 		score = 75
 		quality = 70
@@ -62033,8 +62371,8 @@ rule CAPE_Privateloader
 		date = "2024-10-04"
 		modified = "2024-10-04"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/PrivateLoader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/PrivateLoader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "204a86bb3743f19fed0fe55ff5ccd716661f7f315b5966a29e434ccb3e160526"
 		score = 75
 		quality = 70
@@ -62057,8 +62395,8 @@ rule CAPE_Singlestepantihook
 		date = "2021-08-26"
 		modified = "2021-08-26"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/SingleStepAntiHook.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/SingleStepAntiHook.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "fc9f36b0ecc13192fe8b6caaff256ac52c1f14480223d629a38ba84e90dd0809"
 		score = 75
 		quality = 70
@@ -62080,8 +62418,8 @@ rule CAPE_Darkgateloader
 		date = "2025-04-07"
 		modified = "2025-04-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/DarkGateLoader.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/DarkGateLoader.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "00692123615d2f7eaf8aea07754fc9439cf58e1fb8eb4f44f0428b362f27e794"
 		score = 75
 		quality = 70
@@ -62107,8 +62445,8 @@ rule CAPE_Guloaderprecursor : FILE
 		date = "2023-10-02"
 		modified = "2023-10-02"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Guloader.yar#L17-L28"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Guloader.yar#L17-L28"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "ea05c352739366a03da302074b01537382ba26f7fd5049004f156e47d284f070"
 		score = 75
 		quality = 70
@@ -62131,8 +62469,8 @@ rule CAPE_Mysterysnail
 		date = "2021-10-16"
 		modified = "2021-10-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/MysterySnail.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/MysterySnail.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "9402dbbbfdd286e2309ee83fc08194f70f73657a3a4e3785dfbcb564dbee86a8"
 		score = 75
 		quality = 70
@@ -62154,8 +62492,8 @@ rule CAPE_Blister : FILE
 		date = "2024-05-09"
 		modified = "2024-05-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Blister.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Blister.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "aba379b93c85241cf250829832b2c8a5eaafb3abd0ff955dbaf0d06489c00deb"
 		score = 75
 		quality = 70
@@ -62183,8 +62521,8 @@ rule CAPE_Darkgate
 		date = "2024-02-26"
 		modified = "2024-02-26"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/DarkGate.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/DarkGate.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "c1d35921f4fc3bac681a3d5148f517dc0ec90ab8c51e267c8c6cd5b1ca3dc085"
 		logic_hash = "25c0e77a83676c6a18445f8df0b1f7a9148de5f64eeb532f9a4f4d4652dd8191"
 		score = 75
@@ -62212,8 +62550,8 @@ rule CAPE_Aurastealerbypass
 		date = "2025-09-02"
 		modified = "2025-09-02"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/AuraStealer.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/AuraStealer.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "ae174c96c262b1734c58bd6c5f7112221b08596c180612e4970acada35dbd070"
 		score = 75
 		quality = 70
@@ -62238,8 +62576,8 @@ rule CAPE_Loadersyscall
 		date = "2025-07-23"
 		modified = "2025-07-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/NitrogenLoader.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/NitrogenLoader.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "3c7ffd8b95032cffecff7fa7e5f5f561cce13e1109f6a9b30bc743642b495e45"
 		score = 75
 		quality = 70
@@ -62263,8 +62601,8 @@ rule CAPE_Nitrogenloaderaes
 		date = "2025-07-23"
 		modified = "2025-07-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/NitrogenLoader.yar#L15-L27"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/NitrogenLoader.yar#L15-L27"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "de8ed0e98948cfadfd579e334fd9ce9f777ddbd988de897529ba71cb5eb2d396"
 		score = 75
 		quality = 70
@@ -62288,8 +62626,8 @@ rule CAPE_Nitrogenloaderbypass
 		date = "2025-07-23"
 		modified = "2025-07-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/NitrogenLoader.yar#L29-L41"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/NitrogenLoader.yar#L29-L41"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "3a034d3ddd18723ea1f91814c8c2a2c47a749dfd1496a5d4777d8ff8bfab3457"
 		score = 75
 		quality = 70
@@ -62313,8 +62651,8 @@ rule CAPE_Nitrogenloaderconfig
 		date = "2025-07-23"
 		modified = "2025-07-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/NitrogenLoader.yar#L43-L66"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/NitrogenLoader.yar#L43-L66"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "06d49ebf3f67476c83a77734dff0245a51027a35d92e5af07bb9146db5b156ca"
 		score = 75
 		quality = 70
@@ -62349,8 +62687,8 @@ rule CAPE_Agentteslav4Jit
 		date = "2024-02-27"
 		modified = "2024-02-27"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/AgentTesla.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/AgentTesla.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "8f7144d2a989ce8d291af926b292f5f0f7772e707b0e49797eba13ecf91b90bc"
 		score = 75
 		quality = 70
@@ -62375,8 +62713,8 @@ rule CAPE_Agentteslav3Jit
 		date = "2024-02-27"
 		modified = "2024-02-27"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/AgentTesla.yar#L16-L26"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/AgentTesla.yar#L16-L26"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "62a49cf4295df637f96ba7c127cfc4aeb9af2fcced497fdf34d726a062edc1ec"
 		score = 75
 		quality = 70
@@ -62398,8 +62736,8 @@ rule CAPE_Icedidsyscallwritemem : FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/IcedID.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/IcedID.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "6b068106b038e9efeb9057cadf314d400c1ada1a1cc70336d3272da3a212c993"
 		score = 75
 		quality = 70
@@ -62423,8 +62761,8 @@ rule CAPE_Icedidhook
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/IcedID.yar#L15-L25"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/IcedID.yar#L15-L25"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "fd62e0ed6f2a18472fa9336daee0e8a3a55e21779a8385394e85f96da928e24f"
 		score = 75
 		quality = 70
@@ -62446,8 +62784,8 @@ rule CAPE_Icedidpackera : FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/IcedID.yar#L27-L40"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/IcedID.yar#L27-L40"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe"
 		logic_hash = "aa0681e7794546355e6d61f739c49035a493cdfca7e666531d74e3835ec44408"
 		score = 75
@@ -62472,8 +62810,8 @@ rule CAPE_Icedidpackerb : FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/IcedID.yar#L42-L56"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/IcedID.yar#L42-L56"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "6517ef2c579002ec62ddeb01a3175917c75d79ceca355c415a4462922c715cb6"
 		logic_hash = "fde1e2c0124d180b2fa3d0675b35e8d78fdd7b06cd27e9228c148aa29ce30ee7"
 		score = 75
@@ -62498,8 +62836,8 @@ rule CAPE_Icedidpackerc : FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/IcedID.yar#L58-L71"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/IcedID.yar#L58-L71"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "c06805b6efd482c1a671ec60c1469e47772c8937ec0496f74e987276fa9020a5"
 		hash = "265c1857ac7c20432f36e3967511f1be0b84b1c52e4867889e367c0b5828a844"
 		logic_hash = "f1e75e380ab0947fdfda012b7a5077a1c2ef51163239846ab2dc29cac95ba166"
@@ -62524,8 +62862,8 @@ rule CAPE_Icedidpackerd : FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/IcedID.yar#L73-L86"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/IcedID.yar#L73-L86"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "7b226f8cc05fa7d846c52eb0ec386ab37f9bae04372372509daa6bacc9f885d8"
 		logic_hash = "6685e0246f5a11ce0ca33447837de06506b447a5f8591423e2b76f2ab0274dc7"
 		score = 75
@@ -62550,8 +62888,8 @@ rule CAPE_Icedsleep : FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/IcedID.yar#L88-L99"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/IcedID.yar#L88-L99"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "0b1a8be95b1b8a3b066837f9e47561ee8202d741b39d64e626c0461c2fbf7c70"
 		score = 75
 		quality = 70
@@ -62574,8 +62912,8 @@ rule CAPE_Stealcanti : FILE
 		date = "2025-09-01"
 		modified = "2025-09-01"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Stealc.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Stealc.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d"
 		logic_hash = "4132e8094b0b49a89e9f40a8b1a6abbf105bbb04e4ddf3ce739e39fc2baf0d13"
 		score = 75
@@ -62599,8 +62937,8 @@ rule CAPE_Stealcstrings : FILE
 		date = "2025-09-01"
 		modified = "2025-09-01"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Stealc.yar#L15-L26"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Stealc.yar#L15-L26"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "6d402446a979c00b6257ace9924db381d98c530b22968bd2776c66d58c7faefc"
 		score = 75
 		quality = 70
@@ -62623,8 +62961,8 @@ rule CAPE_Stealcv2Strings : FILE
 		date = "2025-09-01"
 		modified = "2025-09-01"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Stealc.yar#L28-L43"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Stealc.yar#L28-L43"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "923f70edb3ad70957576994008729bf7a087479eed1973c42161aa96fa694baa"
 		score = 75
 		quality = 70
@@ -62651,8 +62989,8 @@ rule CAPE_Stealcv2Datecheck : FILE
 		date = "2025-09-01"
 		modified = "2025-09-01"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Stealc.yar#L45-L56"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Stealc.yar#L45-L56"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "f074aceb7c111156752891acac8690c00dad7c26240fb0752cc12a9a65aa3d30"
 		score = 75
 		quality = 70
@@ -62675,8 +63013,8 @@ rule CAPE_Latrodectus : FILE
 		date = "2024-02-26"
 		modified = "2024-02-26"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Latrodectus.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Latrodectus.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "378d220bc863a527c2bca204daba36f10358e058df49ef088f8b1045604d9d05"
 		logic_hash = "c2c9f23e287253d766425c05eb774f6e07bdcbabc259e04b723a1a87c8b91fbd"
 		score = 75
@@ -62699,8 +63037,8 @@ rule CAPE_Dridexloader : FILE
 		date = "2021-03-09"
 		modified = "2021-03-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/DridexLoader.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/DridexLoader.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "00a3e4e80a2558ee52035f091e2339fa2dad6f6515b9dc099f2f3800e4c70bce"
 		score = 75
 		quality = 70
@@ -62722,8 +63060,8 @@ rule CAPE_Bruteratelsyscall
 		date = "2024-07-22"
 		modified = "2024-07-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/BruteRatel.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/BruteRatel.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "5ed054b3cd5d2659c250945d55d6adac90945963c34ad2af0f8d7436141e86b6"
 		score = 75
 		quality = 70
@@ -62746,8 +63084,8 @@ rule CAPE_Bruteratelpacker
 		date = "2024-07-22"
 		modified = "2024-07-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/BruteRatel.yar#L14-L26"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/BruteRatel.yar#L14-L26"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "2ccb17efe378d034df34d20d7580c58171d0fd11c18fef6c9a23f1ba238514e6"
 		score = 75
 		quality = 70
@@ -62771,8 +63109,8 @@ rule CAPE_Bruterateldate
 		date = "2024-07-22"
 		modified = "2024-07-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/BruteRatel.yar#L28-L39"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/BruteRatel.yar#L28-L39"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "88589b2d08aea03565668ff1b9af20b6fe11cda50d867c60db7cb4d1826b0fd7"
 		score = 75
 		quality = 70
@@ -62795,8 +63133,8 @@ rule CAPE_Bruteratelconfig
 		date = "2024-07-22"
 		modified = "2024-07-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/BruteRatel.yar#L41-L51"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/BruteRatel.yar#L41-L51"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "b1815aafec940ab6c8daafc68ccf294845221ada260de5209dcb7e49ccd061c7"
 		score = 75
 		quality = 70
@@ -62818,8 +63156,8 @@ rule CAPE_Themida : FILE
 		date = "2024-09-11"
 		modified = "2024-09-11"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Themida.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Themida.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "c4f1e01a3fe3cb66062ce03253bfe9edc09dc6f1a77db99b281106e8ceff9257"
 		score = 75
 		quality = 70
@@ -62842,8 +63180,8 @@ rule CAPE_Amatera : FILE
 		date = "2025-06-25"
 		modified = "2025-06-25"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Amatera.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Amatera.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "35eb93548a0c037d392f870c05e0e9fb1aeff3a5a505e1d4a087f7465ed1f6af"
 		logic_hash = "1c02f04846568b85acbd4101b2e944dc824179f7cff1bceaec1c657939b610d5"
 		score = 75
@@ -62868,8 +63206,8 @@ rule CAPE_Cargobayloader : FILE
 		date = "2023-02-20"
 		modified = "2023-02-20"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/CargoBayLoader.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/CargoBayLoader.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "75e975031371741498c5ba310882258c23b39310bd258239277708382bdbee9c"
 		logic_hash = "1d5c4ca79f97e1fac358189a8c6530be12506974fc2fb42f63b0b621536a45c9"
 		score = 75
@@ -62893,8 +63231,8 @@ rule CAPE_Socks5Systemz : FILE
 		date = "2025-05-23"
 		modified = "2025-05-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/Socks5Systemz.yar#L1-L19"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/Socks5Systemz.yar#L1-L19"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "7e324bacd1ea57585435b6a5a4c93bda63ca146c100f2361a1c5530b87668299"
 		score = 75
 		quality = 70
@@ -62924,8 +63262,8 @@ rule CAPE_Ursnifv3
 		date = "2023-03-23"
 		modified = "2023-03-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/UrsnifV3.yar#L1-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/UrsnifV3.yar#L1-L16"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "d679546e37ee58087fce75920b2ce4e6d2b9ae55fb1ef80d14ec14309396757c"
 		score = 75
 		quality = 70
@@ -62952,8 +63290,8 @@ rule CAPE_Qakbot5 : FILE
 		date = "2024-02-16"
 		modified = "2024-02-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/QakBot.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/QakBot.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "303ea2d8d1a7f0fd0ca5508dae2c1b83c03b1e3e975760f15d36d93bcc152767"
 		score = 75
 		quality = 70
@@ -62977,8 +63315,8 @@ rule CAPE_Qakbot4 : FILE
 		date = "2024-02-16"
 		modified = "2024-02-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/QakBot.yar#L15-L29"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/QakBot.yar#L15-L29"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "ad75b07b9b786f634fd46cbe6dc089d3f732673320e70714e8ab058f0392c9f5"
 		score = 75
 		quality = 70
@@ -63004,8 +63342,8 @@ rule CAPE_Qakbotloader : FILE
 		date = "2024-02-16"
 		modified = "2024-02-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/QakBot.yar#L31-L46"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/QakBot.yar#L31-L46"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a"
 		logic_hash = "00869c0a9bf62cde3f46ca915b0ef689557b09dc58d6de34609e3998abfa7e98"
 		score = 75
@@ -63032,8 +63370,8 @@ rule CAPE_Qakbotantivm
 		date = "2024-02-16"
 		modified = "2024-02-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/analyzer/windows/data/yara/QakBot.yar#L48-L59"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/analyzer/windows/data/yara/QakBot.yar#L48-L59"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "e269497ce458b21c8427b3f6f6594a25d583490930af2d3395cb013b20d08ff7"
 		logic_hash = "20f1cd28f38945a3aa328e77e78525fb1ffc47ecf54d5a40c2f18264c3973989"
 		score = 75
@@ -63056,8 +63394,8 @@ rule CAPE_Formbook
 		date = "2023-10-13"
 		modified = "2023-10-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Formbook.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Formbook.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "63ee4dd6fe5ed2a3e5ee88ba7de48d2c9e0024961a550d0fdb68891c9885e05e"
 		score = 75
 		quality = 70
@@ -63086,8 +63424,8 @@ rule CAPE_Wanacry : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/WanaCry.yar#L1-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/WanaCry.yar#L1-L16"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "16d5e39f043d27bbf22f8f21e13971b7e0709b07e44746dd157d11ee4cc51944"
 		score = 75
 		quality = 70
@@ -63113,8 +63451,8 @@ rule CAPE_Zeuspanda : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/ZeusPanda.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/ZeusPanda.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "43d8a56cae9fd23c053f6956851734d3270b46a906236854502c136e3bb1e761"
 		score = 75
 		quality = 70
@@ -63137,8 +63475,8 @@ rule CAPE_Oyster
 		date = "2024-05-30"
 		modified = "2024-05-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Oyster.yar#L1-L19"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Oyster.yar#L1-L19"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "8bae0fa9f589cd434a689eebd7a1fde949cc09e6a65e1b56bb620998246a1650"
 		logic_hash = "23ab1518712dbce8319b87785d7ffc0c2b61de82c2bbf533ebf0aae39ec33540"
 		score = 75
@@ -63159,6 +63497,35 @@ rule CAPE_Oyster
 	condition:
 		4 of them
 }
+rule CAPE_Nitrobunnydownloader : FILE
+{
+	meta:
+		description = "NitroBunnyDownloader"
+		author = "enzok"
+		id = "dd984fb4-a822-560e-9688-3847574c8df8"
+		date = "2025-10-28"
+		modified = "2025-10-28"
+		reference = "https://github.com/kevoreilly/CAPEv2"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/NitroBunnyDownloader.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
+		hash = "960e59200ec0a4b5fb3b44e6da763f5fec4092997975140797d4eec491de411b"
+		logic_hash = "ccac428aef5382a3f82c986034549c459bbd666cedff49409b9ff4fef8e37744"
+		score = 75
+		quality = 70
+		tags = "FILE"
+		cape_type = "NitroBunnyDownloader Payload"
+
+	strings:
+		$config = {E8 [3] 00 41 B8 ?? ?? 00 00 48 8D 15 [3] 00 48 89 C1 48 89 ?? E8 [3] 00}
+		$string1 = "X-Amz-User-Agent:" wide
+		$string2 = "Amz-Security-Flag:" wide
+		$string3 = "/cart" wide
+		$string4 = "Cookie: " wide
+		$string5 = "wishlist" wide
+
+	condition:
+		uint16( 0 ) == 0x5A4D and $config and 2 of ( $string* )
+}
 rule CAPE_Kronos : FILE
 {
 	meta:
@@ -63168,8 +63535,8 @@ rule CAPE_Kronos : FILE
 		date = "2020-07-02"
 		modified = "2020-07-02"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Kronos.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Kronos.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "52ce9caf3627efe8ae86df6ca59e51e9f738e13ac0265f797e8d70123dbcaeb3"
 		score = 75
 		quality = 70
@@ -63194,8 +63561,8 @@ rule CAPE_Pikabotloader : FILE
 		date = "2024-03-13"
 		modified = "2024-03-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/PikaBot.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/PikaBot.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "7e5f1f2911545ee6bd36b54f2627fbdec1b957f4b91df901dd1c6cbd4dff0231"
 		score = 75
 		quality = 70
@@ -63219,8 +63586,8 @@ rule CAPE_Pikabot : FILE
 		date = "2024-03-13"
 		modified = "2024-03-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/PikaBot.yar#L15-L28"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/PikaBot.yar#L15-L28"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "ed07217c373831a9a67d914854154988696e6fcea70dedabf333385f0e7bb8b7"
 		score = 75
 		quality = 70
@@ -63245,8 +63612,8 @@ rule CAPE_Pik23 : FILE
 		date = "2024-03-13"
 		modified = "2024-03-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/PikaBot.yar#L30-L44"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/PikaBot.yar#L30-L44"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1"
 		logic_hash = "71a71df2f2a075294941c54eed06cafaaa4d3294e45b3a0098c1cffddd0438bc"
 		score = 75
@@ -63272,8 +63639,8 @@ rule CAPE_Jaff : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Jaff.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Jaff.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "6806a5eeee04b7436ff694addc334bfc0f1ee611116904d57be9506acfd47418"
 		score = 75
 		quality = 70
@@ -63298,8 +63665,8 @@ rule CAPE_Bumblebeeshellcode_1
 		date = "2024-10-29"
 		modified = "2024-10-29"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/BumbleBee.yar#L18-L33"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/BumbleBee.yar#L18-L33"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "d56f8c4e491d0d1b34e396e73750bef9917ca4f708fb6a2681de772a65c13a40"
 		score = 75
 		quality = 70
@@ -63326,8 +63693,8 @@ rule CAPE_Bumblebee2024
 		date = "2024-10-29"
 		modified = "2024-10-29"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/BumbleBee.yar#L52-L68"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/BumbleBee.yar#L52-L68"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "db58272c1ba74bc6e6a90bdacf7e8feec94be5da2b5123e0475ce86448f3edb2"
 		score = 75
 		quality = 70
@@ -63355,8 +63722,8 @@ rule CAPE_Zloader_1 : FILE
 		date = "2025-04-07"
 		modified = "2025-04-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Zloader.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Zloader.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa"
 		logic_hash = "525670973b67aac048199529c97d6be00b0a8cca9bc90deb647366d92a5ea540"
 		score = 75
@@ -63386,8 +63753,8 @@ rule CAPE_Netsupport : FILE
 		date = "2025-10-17"
 		modified = "2025-10-17"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/NetSupport.yar#L3-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/NetSupport.yar#L3-L16"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "d12e46d74ae0ba9f599d27dc2f55ff92a6648accbcd1a43cc3f1a9a2755e5fc7"
 		score = 75
 		quality = 70
@@ -63412,8 +63779,8 @@ rule CAPE_Asyncrat_Kingrat
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AsyncRAT.yar#L1-L30"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AsyncRAT.yar#L1-L30"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "1400d2029dfb66d8f2dc34db8643d6301f3af9bd356639f883d2c10bcc0c3947"
 		score = 75
 		quality = 33
@@ -63451,8 +63818,8 @@ rule CAPE_Stormkitty : FILE
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AsyncRAT.yar#L32-L57"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AsyncRAT.yar#L32-L57"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "258f5d9da80ff912459194b1139f062491df21a44456942951e2bd98e4b86c9b"
 		score = 75
 		quality = 66
@@ -63487,11 +63854,11 @@ rule CAPE_Worldwind : FILE
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AsyncRAT.yar#L60-L82"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AsyncRAT.yar#L60-L82"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "9bb04fad460193cd877ea7f2de9337f69aadda01aee6c79f0a23cdf564b1e6c8"
 		score = 75
-		quality = 45
+		quality = 70
 		tags = "FILE"
 		cape_type = "WorldWind Payload"
 
@@ -63523,11 +63890,11 @@ rule CAPE_Prynt : FILE
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AsyncRAT.yar#L85-L107"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AsyncRAT.yar#L85-L107"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "84f2b33285ab1d129a62940a02990639cc8f7c92d490d7257e6aed9170d1e34e"
 		score = 75
-		quality = 45
+		quality = 70
 		tags = "FILE"
 		cape_type = "Prynt Payload"
 
@@ -63559,11 +63926,11 @@ rule CAPE_Xworm_1 : FILE
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AsyncRAT.yar#L110-L136"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AsyncRAT.yar#L110-L136"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "5a86c2f0a188135e53d86c176806a208abbe3dd830bde364016859ffa5294bd7"
 		score = 75
-		quality = 43
+		quality = 68
 		tags = "FILE"
 		cape_type = "XWorm Payload"
 
@@ -63599,8 +63966,8 @@ rule CAPE_Xworm_Kingrat
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AsyncRAT.yar#L138-L155"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AsyncRAT.yar#L138-L155"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "3914be652bb7271e5e6b89d05edf10a54f8ddaf9e22d194b60501aa2cdd495d3"
 		score = 75
 		quality = 66
@@ -63631,11 +63998,11 @@ rule CAPE_Dcrat : FILE
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AsyncRAT.yar#L157-L222"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AsyncRAT.yar#L157-L222"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "5a02dcc2b9c7eb3efdba39047e37886240b45fb7e2db3b82aa5b4b9526dfb7f8"
 		score = 75
-		quality = 20
+		quality = 45
 		tags = "FILE"
 		cape_type = "DCRat Payload"
 
@@ -63705,8 +64072,8 @@ rule CAPE_Dcrat_Kingrat
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AsyncRAT.yar#L224-L243"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AsyncRAT.yar#L224-L243"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "73ac27c3f0fc71d053e89690b5a7d29c1f8b0ea0a22e8595148a9001799fae54"
 		score = 75
 		quality = 62
@@ -63738,8 +64105,8 @@ rule CAPE_Quasarrat : FILE
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AsyncRAT.yar#L245-L266"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AsyncRAT.yar#L245-L266"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "556b19dc0980761198ea31a285f281adae084463d24bff1eda15326436ad562b"
 		score = 75
 		quality = 70
@@ -63773,8 +64140,8 @@ rule CAPE_Quasarrat_Kingrat
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AsyncRAT.yar#L268-L287"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AsyncRAT.yar#L268-L287"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "1f4296a592134edbe52e256dc353143af02e897ff1afad98f3dac0c5ab13f3f7"
 		score = 75
 		quality = 70
@@ -63806,8 +64173,8 @@ rule CAPE_Buerloader_1 : FILE
 		date = "2022-05-31"
 		modified = "2022-05-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/BuerLoader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/BuerLoader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "05c1f008f0a2bb8232867977fb23a5ae8312f10f0637c6265561052596319c29"
 		score = 75
 		quality = 70
@@ -63831,8 +64198,8 @@ rule CAPE_Scarab : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Scarab.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Scarab.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "0d8fa7ab4c8e5699f17f9e9444e85a42563a840a8e7ee9eda54add3a6845d1c6"
 		score = 75
 		quality = 70
@@ -63856,8 +64223,8 @@ rule CAPE_Arkei : FILE
 		date = "2025-01-10"
 		modified = "2025-01-10"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Arkei.yar#L1-L50"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Arkei.yar#L1-L50"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "296e420880d8d2f24424d0411e7ef4939e18147689557512f410da48498a44c9"
 		score = 75
 		quality = 70
@@ -63913,8 +64280,8 @@ rule CAPE_Cerber : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Cerber.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Cerber.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "16a8f808c28d3b142c079a305aba7f553f2452e439710bf610a06f8f2924d5a3"
 		score = 75
 		quality = 70
@@ -63936,8 +64303,8 @@ rule CAPE_Squirrelwaffle : FILE
 		date = "2021-10-13"
 		modified = "2021-10-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/SquirrelWaffle.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/SquirrelWaffle.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "5f799333398421d537ec7a87ca94f6cc9cf1e53e55b353036a5132440990e500"
 		score = 75
 		quality = 70
@@ -63960,8 +64327,8 @@ rule CAPE_Seduploader : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Seduploader.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Seduploader.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "d70c886699169d4dafc5b063c93682a34af5667df6d293b52256ddc19ab9c516"
 		score = 75
 		quality = 70
@@ -63983,8 +64350,8 @@ rule CAPE_Dridexv4 : FILE
 		date = "2022-05-31"
 		modified = "2022-05-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/DridexV4.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/DridexV4.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "cb103fe5f2d4792e3c612db4e2d84a4c8b0ce0f9a8443e9147e2c345f1dbdff6"
 		score = 75
 		quality = 70
@@ -64010,8 +64377,8 @@ rule CAPE_Smokeloader_1
 		date = "2024-11-12"
 		modified = "2024-11-12"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/SmokeLoader.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/SmokeLoader.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "779e2ac213e5ced7bc06e6208826b65cf8fc3113a69ede6408b84055542fa76d"
 		score = 75
 		quality = 70
@@ -64036,8 +64403,8 @@ rule CAPE_Rozena
 		date = "2024-03-15"
 		modified = "2024-03-15"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Rozena.yar#L1-L10"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Rozena.yar#L1-L10"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "c415a8108b58a125a604031bb8d73b58a8aae5429b5b765e35fa8a4add9cd135"
 		score = 75
 		quality = 70
@@ -64060,8 +64427,8 @@ rule CAPE_Varenyky : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Varenyky.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Varenyky.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "602f1b8b60b29565eabe2171fde4eb58546af68f8acecad402a7a51ea9a08ed9"
 		score = 75
 		quality = 70
@@ -64083,8 +64450,8 @@ rule CAPE_Vipkeylogger : FILE
 		date = "2025-09-11"
 		modified = "2025-09-11"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/VIPKeyLogger.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/VIPKeyLogger.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "b9dba7562bba4807c0789692d44650996e62c8d0c4031dedd65773877621b1de"
 		score = 75
 		quality = 70
@@ -64109,8 +64476,8 @@ rule CAPE_Vidar : FILE
 		date = "2023-04-21"
 		modified = "2023-04-21"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Vidar.yar#L1-L22"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Vidar.yar#L1-L22"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "5d4c030536ed41cf4e0dcb77b2fe4553d789ee2b8095a4b3e050692335a8709d"
 		score = 75
 		quality = 70
@@ -64143,8 +64510,8 @@ rule CAPE_Azer : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Azer.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Azer.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "48bd4a4e071f10d1911c4173a0cd39c69fed7a3b29eb92beffe709899f4cefa5"
 		score = 75
 		quality = 70
@@ -64168,8 +64535,8 @@ rule CAPE_Eternalromance : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/EternalRomance.yar#L1-L33"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/EternalRomance.yar#L1-L33"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "5390fae3e2411a715cdc965df8648c0c4c511d53d5f76031714f1b784b58eb0d"
 		score = 75
 		quality = 68
@@ -64214,8 +64581,8 @@ rule CAPE_Nighthawk
 		date = "2022-12-05"
 		modified = "2022-12-05"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Nighthawk.yar#L3-L24"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Nighthawk.yar#L3-L24"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "2d77912678e06503ffef0e8ed84aa4f9ac74357480d57742fbae619acebfb5f2"
 		score = 75
 		quality = 70
@@ -64231,30 +64598,59 @@ rule CAPE_Nighthawk
 		pe.is_pe and for any s in pe.sections : ( s.name == ".profile" ) and all of them
 }
 rule CAPE_Rhadamanthys_1
+{
+	meta:
+		description = "Rhadamanthys Payload"
+		author = "kevoreilly, YungBinary"
+		id = "904e5f99-d91d-5bad-99ce-2d53dce59635"
+		date = "2025-11-03"
+		modified = "2025-11-03"
+		reference = "https://github.com/kevoreilly/CAPEv2"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Rhadamanthys.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
+		logic_hash = "dc82a6f919fb748042b0164fb24e418e04a2ecc6a9e39defa3c70c53b1819609"
+		score = 75
+		quality = 70
+		tags = ""
+		cape_type = "Rhadamanthys Payload"
+
+	strings:
+		$rc4 = {88 4C 01 08 41 81 F9 00 01 00 00 7C F3 89 75 08 33 FF 8B 4D 08 3B 4D 10 72 04 83 65 08 00}
+		$code = {8B 4D FC 3B CF 8B C1 74 0D 83 78 04 02 74 1C 8B 40 1C 3B C7 75 F3 3B CF 8B C1 74 57 83 78 04 17 74 09 8B 40 1C 3B C7 75 F3 EB}
+		$conf_1 = {46 BB FF 00 00 00 23 F3 0F B6 44 31 08 03 F8 23 FB 0F B6 5C 39 08 88 5C 31 08 88 44 39 08 02 C3 8B 5D 08 0F B6 C0 8A 44 08 08}
+		$conf_2 = {0F B6 4F 2A 8D 77 2A 33 C0 6A 03 89 45 F8 89 45 FC 89 45 08 8B C1}
+		$beef = {57 8D 44 33 FC 53 83 C6 FC 50 56 E8 [4] 83 C4 10 66 81 3F EF BE 0F 85}
+		$anti = {50 68 [4] 68 [4] E8 [4] 83 C4 0C A3 [4] 85 C0 74}
+		$dnr = {99 52 50 8D 45 ?? 99 52 50 8B C7 99 52 50 8B C3 99 52 50}
+		$sys = {83 E4 F0 6A 33 E8 00 00 00 00 83 04 24 05 CB}
+
+	condition:
+		2 of them
+}
+rule CAPE_Rhadamanthysloader
 {
 	meta:
 		description = "Rhadamanthys Loader"
 		author = "kevoreilly"
-		id = "4683ef43-7397-5546-ae54-b4c000518182"
-		date = "2023-09-18"
-		modified = "2023-09-18"
+		id = "0d9955e8-c6e5-50f0-8006-8f6157038d40"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Rhadamanthys.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
-		logic_hash = "f71bee3ef1dd7b16a55397645d16c0a20d1fdd3bf662f241c0b11796629b11ff"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Rhadamanthys.yar#L20-L32"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
+		logic_hash = "5505c9ba1f0c6cb9aa9c212bf8bc2c49ad544e99996a1f4c1fa79a27a14d4c7f"
 		score = 75
 		quality = 70
 		tags = ""
 		cape_type = "Rhadamanthys Loader"
 
 	strings:
-		$rc4 = {88 4C 01 08 41 81 F9 00 01 00 00 7C F3 89 75 08 33 FF 8B 4D 08 3B 4D 10 72 04 83 65 08 00}
-		$code = {8B 4D FC 3B CF 8B C1 74 0D 83 78 04 02 74 1C 8B 40 1C 3B C7 75 F3 3B CF 8B C1 74 57 83 78 04 17 74 09 8B 40 1C 3B C7 75 F3 EB}
-		$conf = {46 BB FF 00 00 00 23 F3 0F B6 44 31 08 03 F8 23 FB 0F B6 5C 39 08 88 5C 31 08 88 44 39 08 02 C3 8B 5D 08 0F B6 C0 8A 44 08 08}
-		$cape_string = "cape_options"
+		$ref = {33 D2 B9 0B 00 00 00 F7 F1 B8 01 00 00 00 6B C8 00 8D 84 0D [4] 0F BE 0C 10 8B 95 [4] 03 95 [4] 0F B6 02 33 C1 8B 8D [4] 03 8D [4] 88 01}
+		$ntdll = {B9 6E 00 00 00 66 89 8D [4] BA 74 00 00 00 66 89 95 [4] B8 64 00 00 00 66 89 85 [4] B9 6C 00 00 00 66 89 8D [4] BA 6C 00 00 00 66 89 95}
+		$exit = {6A 00 6A 00 6A 00 6A 00 6A 00 6A 00 8B 95 [4] 52 8B 85 [4] 50 6A 00 68 FF FF 1F 00}
 
 	condition:
-		2 of them and not $cape_string
+		2 of them
 }
 rule CAPE_Megacortex : FILE
 {
@@ -64265,8 +64661,8 @@ rule CAPE_Megacortex : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/MegaCortex.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/MegaCortex.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "5de1d8241260070241c91b97f18feb2a90069e3b158e863e2d9f568799c244e6"
 		score = 75
 		quality = 70
@@ -64290,8 +64686,8 @@ rule CAPE_Lumma_1 : FILE
 		date = "2025-07-08"
 		modified = "2025-07-08"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Lumma.yar#L1-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Lumma.yar#L1-L16"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "ca7822292c58af68e7a1610362bf0b5d27c93e3222ceec8d216e05a442008f37"
 		score = 75
 		quality = 70
@@ -64318,8 +64714,8 @@ rule CAPE_Bitpaymer : FILE
 		date = "2019-11-27"
 		modified = "2019-11-27"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/BitPaymer.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/BitPaymer.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "6ae0dc9a36da13e483d8d653276b06f59ecc15c95c754c268dcc91b181677c4c"
 		score = 75
 		quality = 70
@@ -64342,8 +64738,8 @@ rule CAPE_Petya : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Petya.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Petya.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "f819261bb34f3b2eb7dc2f843b56be25105570fe902a77940a632a54fbe0d014"
 		score = 75
 		quality = 70
@@ -64367,8 +64763,8 @@ rule CAPE_Dreambot : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Dreambot.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Dreambot.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "29c6d648d5d38667c5824c2d20a83a20448c2ae6054ddddb2b2b7f8bdb69f74b"
 		score = 75
 		quality = 70
@@ -64393,8 +64789,8 @@ rule CAPE_Lockbit : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Lockbit.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Lockbit.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "80ab705c8246a0bd5b3de65146cf32b102f39bf9444bdf1d366b5a794c1229b9"
 		score = 75
 		quality = 70
@@ -64420,8 +64816,8 @@ rule CAPE_Doppelpaymer : FILE
 		date = "2022-06-27"
 		modified = "2022-06-27"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/DoppelPaymer.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/DoppelPaymer.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "73a2575671bafc31a70af3ce072d6f94ae172b12202baebba586a02524cb6f9d"
 		score = 75
 		quality = 70
@@ -64444,8 +64840,8 @@ rule CAPE_Trickbot
 		date = "2023-02-07"
 		modified = "2023-02-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/TrickBot.yar#L1-L20"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/TrickBot.yar#L1-L20"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "47cc2070b43957601a72745329a9d14fb3fbfd4d2b31cacc35d4ac750dde31ea"
 		score = 75
 		quality = 70
@@ -64476,8 +64872,8 @@ rule CAPE_Trickbot_Permadll_UEFI_Module
 		date = "2023-02-07"
 		modified = "2023-02-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/TrickBot.yar#L22-L38"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/TrickBot.yar#L22-L38"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "491115422a6b94dc952982e6914adc39"
 		logic_hash = "564055f56fd19bed8900e6d451ba050b4e9013a9208a3bdc3d3d563567d225d2"
 		score = 75
@@ -64505,8 +64901,8 @@ rule CAPE_Gootkit : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Gootkit.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Gootkit.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "26704b6b0adca51933fc9d5e097930320768fd0e9355dcefc725aee7775316e7"
 		score = 75
 		quality = 70
@@ -64528,8 +64924,8 @@ rule CAPE_Nanolocker : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/NanoLocker.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/NanoLocker.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "fe6c8a4e259c3c526f8f50771251f6762b2b92a4df2e8bfc705f282489f757db"
 		score = 75
 		quality = 70
@@ -64553,8 +64949,8 @@ rule CAPE_Ryuk : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Ryuk.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Ryuk.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "b4463993d8956e402b927a3dcfa2ca9693a959908187f720372f2d3a40e6db0c"
 		score = 75
 		quality = 70
@@ -64579,8 +64975,8 @@ rule CAPE_Badrabbit : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/BadRabbit.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/BadRabbit.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "309e14ab4ea2f919358631f9d8b2aaff1f51e7708b6114e4e6bf4a9d9a5fc86c"
 		score = 75
 		quality = 70
@@ -64604,8 +65000,8 @@ rule CAPE_Conti : FILE
 		date = "2021-03-15"
 		modified = "2021-03-15"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Conti.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Conti.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "c9842f93d012d0189b9c6f10ad558b37ae66226bbb619ad677f6906ccaf0e848"
 		score = 75
 		quality = 70
@@ -64629,8 +65025,8 @@ rule CAPE_Codoso : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Codoso.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Codoso.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "32c9ed2ac29e8905266977a9ee573a252442d96fb9ec97d88642180deceec3f8"
 		score = 75
 		quality = 70
@@ -64654,8 +65050,8 @@ rule CAPE_Cryptoshield : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Cryptoshield.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Cryptoshield.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "46064b4c69cb1af01330c5d194ef50728e0f0479e9fbf72828822935f8e37ac6"
 		score = 75
 		quality = 70
@@ -64679,8 +65075,8 @@ rule CAPE_Blackdropper
 		date = "2024-10-22"
 		modified = "2024-10-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/BlackDropper.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/BlackDropper.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "f8026ae3237bdd885e5fcaceb86bcab4087d8857e50ba472ca79ce44c12bc257"
 		logic_hash = "c7f7bc740d413b479ebe45611ddfc04f7e4f2978516b2882069b2569c7acdf28"
 		score = 75
@@ -64708,8 +65104,8 @@ rule CAPE_Remcos : FILE
 		date = "2022-05-10"
 		modified = "2022-05-10"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Remcos.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Remcos.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "38142e784ad437d9592353b924f74777bb62e5ed176c811230a2021a437d4710"
 		score = 75
 		quality = 68
@@ -64734,8 +65130,8 @@ rule CAPE_Rcsession
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/RCSession.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/RCSession.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "ebd1e9e615a91c35b36332cad55519607323469df738cec4464288b45787630d"
 		score = 75
 		quality = 70
@@ -64758,8 +65154,8 @@ rule CAPE_Winosstager : FILE
 		date = "2025-10-24"
 		modified = "2025-10-24"
 		reference = "https://www.esentire.com/blog/winos4-0-online-module-staging-component-used-in-cleversoar-campaign"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/WinosStager.yar#L1-L41"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/WinosStager.yar#L1-L41"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "180f0eb0d73fb499c7934ca7419f04937dad17f5f7c44293543f1722280ba6d3"
 		score = 75
 		quality = 70
@@ -64810,8 +65206,8 @@ rule CAPE_Blister_1 : FILE
 		date = "2023-09-20"
 		modified = "2023-09-20"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Blister.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Blister.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2"
 		hash = "d3eab2a134e7bd3f2e8767a6285b38d19cd3df421e8af336a7852b74f194802c"
 		logic_hash = "f26d85fdf0eb07e67fe38c43c5f6d024bfb7b2a333cb3411f5cdcff6bf5db12d"
@@ -64839,8 +65235,8 @@ rule CAPE_Aurastealer
 		date = "2025-09-02"
 		modified = "2025-09-02"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AuraStealer.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AuraStealer.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "960b83639a898509dc272f3235822401a8f861fa6607991993285b618b882d8b"
 		score = 75
 		quality = 70
@@ -64869,8 +65265,8 @@ rule CAPE_Aurorastealer : FILE
 		date = "2022-12-14"
 		modified = "2023-03-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AuroraStealer.yar#L1-L74"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AuroraStealer.yar#L1-L74"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "0d10e9268184f494a73d5b4ab0d9a478ad0c26d2ef13d5134f8c9769f028b8f5"
 		score = 75
 		quality = 45
@@ -64949,8 +65345,8 @@ rule CAPE_Kovter : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Kovter.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Kovter.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "888fccb8fbfbe6c05ec63bc5658b4743f8e10a96ef51b3868c2ff94afec76f2d"
 		score = 75
 		quality = 70
@@ -64975,8 +65371,8 @@ rule CAPE_Kpot : FILE
 		date = "2020-10-19"
 		modified = "2020-10-19"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Kpot.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Kpot.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "75abaab9a10e8ac8808425c389238285ab9bd9cb76f0cd03cc1e35b3ea0a1b0f"
 		score = 75
 		quality = 70
@@ -64996,25 +65392,27 @@ rule CAPE_Adaptixbeacon
 	meta:
 		description = "AdaptixBeacon Payload"
 		author = "enzok"
-		id = "f315f0ed-97a4-5783-a01a-ec643098f423"
-		date = "2025-06-16"
-		modified = "2025-06-16"
+		id = "ae0bc10c-cfcd-59d4-8c24-34a03debe370"
+		date = "2025-10-28"
+		modified = "2025-10-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AdaptixBeacon.yar#L1-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AdaptixBeacon.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "f78f5803be5704420cbb2e0ac3c57fcb3d9cdf443fbf1233c069760bee115b5d"
-		logic_hash = "a05b5fed6328229f8490731ef9884f5b8225f8628b81dc199ea5c11fa25b8d0c"
+		logic_hash = "2c1d09cd5e19e5a09dde65411691afd5922959d4a7b5232b28ebf56f26d2f07d"
 		score = 75
 		quality = 70
 		tags = ""
 		cape_type = "AdaptixBeacon Payload"
 
 	strings:
-		$conf_1 = {8D ?? ?? E8 [3] 00 4? 89 [1-2] 4? 8B 4C 24 ?? E8 [3] 00 4? 8B 53 48 66 [0-1] 89 04}
+		$conf_1 = {8D ?? ?? E8 [3] 00 4? 89 [1-2] 4? 8B 4C 24 ?? E8 [3] 00 4? 8B 53 48 66 [0-1] 89 04 ?? E8}
 		$conf_2 = {E8 [3] 00 48 8B 4C 24 ?? 48 89 43 78 E8 [3] 00 48 8B 4C 24 ?? 89 83 80 00 00 00 E8 [3] 00 03 83 80 00 00 00 48 8B 4C 24}
 		$conf_3 = {E8 [3] 00 4? 8B 4C 24 ?? 4? 89 ?? 4? 89 43 58 E8 [3] 00 4? 8B 4C 24 ?? 4? 89 ?? 4? 89 43 60 E8 [3] 00 4? 8B 4C 24 ?? 4? 89 ?? 4? 89 43 68}
-		$wininet_1 = {B9 77 00 00 00 4? 89 50 28 E8 [4] B9 69 00 00 00 88 44 24 ?? E8 [4] B9 6E 00 00 00 88 44 24}
-		$wininet_2 = {B9 69 00 00 00 88 44 24 ?? E8 [4] B9 6E 00 00 00 88 44 24 ?? E8 [4] B9 65 00 00 00 88 44 24}
+		$conf_4 = {8D ?? ?? 4? 89 ?? FF ?? 4? 89 ?? 4? 89 ?? 4? 8B ?? FF ?? ?? 4? 8B ?? 48 66 ?? 89 ?? ?? EB}
+		$conf_5 = {48 89 ?? 4? 89 ?? FF ?? 4? 89 ?? 4? 89 D9 4? 89 ?? ?? 4? 8B 03 FF ?? ?? 4? 89 ?? 4? 89 ?? 4? 89 ?? ?? 4? 8B 03 FF ?? ?? 4? 89}
+		$wininet_1 = {B9 77 00 00 00 [0-4] E8 [4] B9 69 00 00 00 88 ?4 24 [0-4] E8 [4] B9 6E 00 00 00 88 ?4 24}
+		$wininet_2 = {B9 69 00 00 00 88 ?4 24 [0-4] E8 [4] B9 6E 00 00 00 88 ?4 24 [0-4] E8 [4] B9 65 00 00 00 88 ?4 24}
 
 	condition:
 		1 of ( $conf_* ) and 1 of ( $wininet_* )
@@ -65028,8 +65426,8 @@ rule CAPE_Amadey : FILE
 		date = "2025-08-15"
 		modified = "2025-08-15"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Amadey.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Amadey.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "988258716d5296c1323303e8fe4efd7f4642c87bfdbe970fe9a3bb3f410f70a4"
 		logic_hash = "5a7405a174b63826500f3b04c6f10bc9b40d5b49e85377bef027204e75dd1e9e"
 		score = 75
@@ -65055,8 +65453,8 @@ rule CAPE_Hancitor : FILE
 		date = "2020-10-20"
 		modified = "2020-10-20"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Hancitor.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Hancitor.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "84003542a2f587b5fbd43731c4240759806f8ee46df2bd96aae4a3c09d97e41c"
 		score = 75
 		quality = 70
@@ -65081,8 +65479,8 @@ rule CAPE_Emotetloader : FILE
 		date = "2022-05-31"
 		modified = "2022-05-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/EmotetLoader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/EmotetLoader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "410872d25ed3a89a2cba108f952d606cd1c3bf9ccc89ae6ab3377b83665c2773"
 		score = 75
 		quality = 70
@@ -65104,8 +65502,8 @@ rule CAPE_Magniber : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Magniber.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Magniber.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "1875754bdf98c1886f31f6c6e29992a98180f74d8fa168ae391e2c660d760618"
 		score = 75
 		quality = 70
@@ -65127,8 +65525,8 @@ rule CAPE_Nitrogenloader
 		date = "2025-07-28"
 		modified = "2025-07-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/NitrogenLoader.yar#L1-L35"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/NitrogenLoader.yar#L1-L35"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "4aab353aacc8f6910884e722f2d57439891680963accb906c2cee245437732c6"
 		score = 75
 		quality = 68
@@ -65174,8 +65572,8 @@ rule CAPE_Agent_Tesla
 		date = "2025-03-07"
 		modified = "2025-03-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AgentTesla.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AgentTesla.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "3945754129dcc58e0abfd7485f5ff0c0afdd1078ae2cf164ca8f59a6f79db1be"
 		score = 75
 		quality = 70
@@ -65201,8 +65599,8 @@ rule CAPE_Agenttesla : FILE
 		date = "2025-03-07"
 		modified = "2025-03-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AgentTesla.yar#L19-L41"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AgentTesla.yar#L19-L41"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "1bf9b26c4cf87e674ddffabe40aba5a45499c6a04d4ff3e43c3cda4cbcb4d188"
 		score = 75
 		quality = 70
@@ -65234,8 +65632,8 @@ rule CAPE_Agentteslav2 : FILE
 		date = "2025-03-07"
 		modified = "2025-03-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AgentTesla.yar#L43-L67"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AgentTesla.yar#L43-L67"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "b45296b3b94fa1ff32de48c94329a17402461fb6696e9390565c4dba9738ed78"
 		score = 75
 		quality = 70
@@ -65271,8 +65669,8 @@ rule CAPE_Agentteslav3 : FILE
 		date = "2025-03-07"
 		modified = "2025-03-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AgentTesla.yar#L69-L111"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AgentTesla.yar#L69-L111"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "26c4fa0ce8de6982eb599f3872e8ab2a6e83da4741db7f3500c94e0a8fe5d459"
 		score = 75
 		quality = 68
@@ -65325,8 +65723,8 @@ rule CAPE_Agentteslav4 : FILE
 		date = "2025-03-07"
 		modified = "2025-03-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/AgentTesla.yar#L113-L126"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/AgentTesla.yar#L113-L126"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "0a39036f408728ab312a54ff3354453d171424f57f9a8f3b42af867be3037ca9"
 		score = 75
 		quality = 70
@@ -65351,8 +65749,8 @@ rule CAPE_Icedid
 		date = "2021-12-16"
 		modified = "2021-12-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/IcedID.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/IcedID.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "e60ccbab7a360020744eba65961156ca3e2ae9cf23671014f913d71c1a96a331"
 		score = 75
 		quality = 45
@@ -65381,8 +65779,8 @@ rule CAPE_Xenorat
 		date = "2024-10-09"
 		modified = "2024-10-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/XenoRAT.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/XenoRAT.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "26f520fb69a52d05786fac0e9e38f5db9601da0a3e7768e00975a9684f3560ef"
 		score = 75
 		quality = 66
@@ -65409,8 +65807,8 @@ rule CAPE_Atlas : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Atlas.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Atlas.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "c3f73b29df5caf804dbfe3e6ac07a9e2c772bd2a126f0487e4a65e72bd501e6e"
 		score = 75
 		quality = 70
@@ -65434,8 +65832,8 @@ rule CAPE_Hermes : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Hermes.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Hermes.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "9bc974173f39a57e7adfbf8ae106a20d960557696b4c3ce16e9b4e47d3e9e95b"
 		score = 75
 		quality = 70
@@ -65459,8 +65857,8 @@ rule CAPE_Mykings : FILE
 		date = "2025-10-26"
 		modified = "2025-10-26"
 		reference = "https://x.com/YungBinary/status/1981108948498333900"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/MyKings.yar#L1-L23"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/MyKings.yar#L1-L23"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "82647dd23c0247faa045893ec1cf111da2a30528a1b737b59ce1b71172a64473"
 		score = 75
 		quality = 70
@@ -65494,8 +65892,8 @@ rule CAPE_Stealc : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Stealc.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Stealc.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d"
 		logic_hash = "a6165168b7c74761b91d1691465688c748227b830813067edb4e9bdc934271c4"
 		score = 75
@@ -65519,8 +65917,8 @@ rule CAPE_Stealcv2 : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Stealc.yar#L15-L32"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Stealc.yar#L15-L32"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "911c6a7f63e91a788898f3cc6e66396e39d5bd48f8fbaac49ee5dbbdaa64d5a0"
 		score = 75
 		quality = 70
@@ -65549,8 +65947,8 @@ rule CAPE_Ursnif : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Ursnif.yar#L1-L19"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Ursnif.yar#L1-L19"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "46e79fde81ff5352314618021e394b2e0322df07170c7279363290b7134935fd"
 		score = 75
 		quality = 70
@@ -65579,8 +65977,8 @@ rule CAPE_Tclient : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/TClient.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/TClient.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "6edcd01e4722b367723ed77d9596877d16ee35dc4c160885d125f83e45cee24d"
 		score = 75
 		quality = 70
@@ -65602,8 +66000,8 @@ rule CAPE_Tscookie : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/TSCookie.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/TSCookie.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "0461c7fd14c74646437654f0a63a4a89d4efad620e197a8ca1e8d390618842c3"
 		score = 75
 		quality = 70
@@ -65627,8 +66025,8 @@ rule CAPE_Carbanak : FILE
 		date = "2024-03-18"
 		modified = "2024-03-18"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Carbanak.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Carbanak.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "c9c1b06cb9c9bd6fc4451f5e2847a1f9524bb2870d7bb6f0ee09b9dd4e3e4c84"
 		logic_hash = "8ed5ab07f1635dc7cdf296e86a71a0a99d0b2faef8fc460f43d426b24b8c8367"
 		score = 75
@@ -65653,8 +66051,8 @@ rule CAPE_Latrodectus_1
 		date = "2025-05-10"
 		modified = "2025-05-10"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Latrodectus.yar#L1-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Latrodectus.yar#L1-L16"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "a547cff9991a713535e5c128a0711ca68acf9298cc2220c4ea0685d580f36811"
 		logic_hash = "a8430299930f4c8de0a88c6836d4821871f7183cc5ff44ea9be84fbea47bbb13"
 		score = 75
@@ -65681,8 +66079,8 @@ rule CAPE_Latrodectus_AES
 		date = "2025-05-10"
 		modified = "2025-05-10"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Latrodectus.yar#L18-L34"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Latrodectus.yar#L18-L34"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "5cecb26a3f33c24b92a0c8f6f5175da0664b21d7c4216a41694e4a4cad233ca8"
 		logic_hash = "058d278c16527969066d1b4ea7f0e3ab2809d5480cdab06ec476b465e0c4795a"
 		score = 75
@@ -65710,8 +66108,8 @@ rule CAPE_Nightshadec2 : FILE
 		date = "2025-09-12"
 		modified = "2025-09-12"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/NightshadeC2.yar#L1-L20"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/NightshadeC2.yar#L1-L20"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "963c012d56c62093d105ab5044517fdcce4ab826f7782b3e377932da1df6896d"
 		logic_hash = "f9fabc391e21180a1c92abea0a5ded6d7669e8d8f2330b69d6c1227c9b4237a0"
 		score = 75
@@ -65741,8 +66139,8 @@ rule CAPE_Dridexloader_1 : FILE
 		date = "2021-03-10"
 		modified = "2021-03-10"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/DridexLoader.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/DridexLoader.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "20696b1f14539c8ecf21bffc696596040c20b1ee2fcedc173945482c0baca588"
 		score = 75
 		quality = 70
@@ -65769,8 +66167,8 @@ rule CAPE_Petrwrap : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/PetrWrap.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/PetrWrap.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "6dd1cf5639b63d0ab41b24080dad68d285f2e3969ad34fd724c83e7a0dd4b968"
 		score = 75
 		quality = 70
@@ -65795,8 +66193,8 @@ rule CAPE_Zerot : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/ZeroT.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/ZeroT.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "f60ae25ac3cd741b8bdc5100b5d3c474b5d9fbe8be88bfd184994bae106c3803"
 		score = 75
 		quality = 68
@@ -65822,8 +66220,8 @@ rule CAPE_Bazar : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Bazar.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Bazar.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "9375f59b56e47fd0b90b089afdf3be8f16f960038fc625523a2e2d5509ab099d"
 		score = 75
 		quality = 70
@@ -65846,8 +66244,8 @@ rule CAPE_Fareit : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Fareit.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Fareit.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "ed35391ffc949219f380da3f22bc8397a7d5c742bd68e227c3becdebcab5cf83"
 		score = 75
 		quality = 70
@@ -65869,8 +66267,8 @@ rule CAPE_Mole : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Mole.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Mole.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "8be4d190d554a610360c0e04b33da59eb00319395e5b2000d580546ce6503786"
 		score = 75
 		quality = 70
@@ -65894,8 +66292,8 @@ rule CAPE_Chaosbot : FILE
 		date = "2025-10-16"
 		modified = "2025-10-16"
 		reference = "https://x.com/YungBinary/status/1976580501508182269"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/ChaosBot.yar#L1-L24"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/ChaosBot.yar#L1-L24"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "fcb04697dbef62497421318d5dfe7cdf5533b432975ebbfb3bd64ebbfeb4a592"
 		score = 75
 		quality = 62
@@ -65929,8 +66327,8 @@ rule CAPE_Nemty : FILE
 		date = "2020-04-03"
 		modified = "2020-04-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Nemty.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Nemty.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "a05974b561c67b4f1e0812639b74831edcf65686a06c0d380f0b45739e342419"
 		score = 75
 		quality = 70
@@ -65954,8 +66352,8 @@ rule CAPE_Monsterv2 : FILE
 		date = "2025-09-12"
 		modified = "2025-09-12"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/MonsterV2.yar#L1-L21"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/MonsterV2.yar#L1-L21"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "d4e65f860e69b2eee8a818a4146d91b84ce6da30c8fa27593587932e4f0847a8"
 		score = 75
 		quality = 70
@@ -65987,8 +66385,8 @@ rule CAPE_Lokibot : FILE
 		date = "2022-02-01"
 		modified = "2022-02-01"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/LokiBot.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/LokiBot.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "a5b3d518371138740e913d2d6ce4fa22d3da5cea7e034c7d6b4b502e6bf44b06"
 		score = 75
 		quality = 70
@@ -66011,8 +66409,8 @@ rule CAPE_Bruteratel
 		date = "2024-07-11"
 		modified = "2024-07-11"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/BruteRatel.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/BruteRatel.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "0984977c716d6f8e068c045166eb5db77c9fbce27513e555dceca348375f1a66"
 		score = 75
 		quality = 70
@@ -66037,8 +66435,8 @@ rule CAPE_Locky : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Locky.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Locky.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "9786c54a2644d9581fefe64be11b26e22806398e54e961fa4f19d26eae039cd7"
 		score = 75
 		quality = 70
@@ -66062,8 +66460,8 @@ rule CAPE_Sedreco : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Sedreco.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Sedreco.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "f735549606917f59a19157e604e54766e4456bc5d46e94cae3e0a3c18b52a7ca"
 		score = 75
 		quality = 70
@@ -66087,8 +66485,8 @@ rule CAPE_Darkcloud : FILE
 		date = "2025-10-16"
 		modified = "2025-10-16"
 		reference = "https://x.com/YungBinary/status/1971585972912689643"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/DarkCloud.yar#L1-L39"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/DarkCloud.yar#L1-L39"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "e9a67fce4c1e4ffa7322c225522263aa4db94ae9f29113a81f5216fb4fa68b57"
 		score = 75
 		quality = 68
@@ -66132,8 +66530,8 @@ rule CAPE_Cobaltstrikestager
 		date = "2023-01-18"
 		modified = "2023-01-18"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "6a55b0c3ab5f557dfb7a3f8bd616ede1bd9b93198590fc9d52aa19c1154388c5"
 		score = 75
 		quality = 70
@@ -66158,8 +66556,8 @@ rule CAPE_Koiloader
 		date = "2024-10-25"
 		modified = "2024-10-25"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/KoiLoader.yar#L1-L35"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/KoiLoader.yar#L1-L35"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "b462e3235c7578450b2b56a8aff875a3d99d22f6970a01db3ba98f7ecb6b01a0"
 		logic_hash = "264a536632f8f11c904b00c9d2e505b3263c733ad8fbc2ef19c25a5ad58cef90"
 		score = 75
@@ -66203,8 +66601,8 @@ rule CAPE_Obfuscar : FILE
 		date = "2025-03-07"
 		modified = "2025-03-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Obfuscar.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Obfuscar.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "54581e83e5fa13fae4bda74016b3fa1d18c92e2659f493ebe54d70fd5f77bba5"
 		score = 75
 		quality = 70
@@ -66225,8 +66623,8 @@ rule CAPE_Ramnit : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Ramnit.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Ramnit.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "6f661f47bdf8377b0fb96f190fcb964c0ed2b43ce7ae7880f9dfce9e43837efd"
 		score = 75
 		quality = 70
@@ -66250,8 +66648,8 @@ rule CAPE_Gandcrab : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Gandcrab.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Gandcrab.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "354ed566dbafbe8e9531bb771d9846952eb8c0e70ee94c26d09368159ce4142c"
 		score = 75
 		quality = 70
@@ -66276,8 +66674,8 @@ rule CAPE_Ursnifv3_1 : FILE
 		date = "2023-03-23"
 		modified = "2023-03-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/UrsnifV3.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/UrsnifV3.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "501cd52388aba16f9d33b4555f310e1ad58326916b15358a485c701acb87abd8"
 		score = 75
 		quality = 70
@@ -66306,8 +66704,8 @@ rule CAPE_Qakbot5_1 : FILE
 		date = "2024-04-28"
 		modified = "2024-04-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/QakBot.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/QakBot.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		hash = "59559e97962e40a15adb2237c4d01cfead03623aff1725616caeaa5a8d273a35"
 		logic_hash = "cc23a92f45619d44af824128b743c259dd9dfa7cb5106932f3425f3dfd1dccdf"
 		score = 75
@@ -66333,8 +66731,8 @@ rule CAPE_Qakbot4_1 : FILE
 		date = "2024-04-28"
 		modified = "2024-04-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/QakBot.yar#L17-L35"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/QakBot.yar#L17-L35"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "b2870e33abffbb3ff49b7891b0f5c538ab48ee63da5553929d4e37dec921344f"
 		score = 75
 		quality = 70
@@ -66364,8 +66762,8 @@ rule CAPE_Masslogger : FILE
 		date = "2020-11-24"
 		modified = "2020-11-24"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/MassLogger.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/MassLogger.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "c8d82694810aafbdc6a35a661e7431e9536035e2f7fef90b9359064c4209b66c"
 		score = 75
 		quality = 70
@@ -66388,8 +66786,8 @@ rule CAPE_Azorult : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/Azorult.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/Azorult.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "4691cf48d513d1965416b0cce1b6e19c8f7b393a940afd68b7c6ca8c0d125d90"
 		score = 75
 		quality = 70
@@ -66412,8 +66810,8 @@ rule CAPE_Rokrat : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/data/yara/CAPE/RokRat.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/724bafc14f078ad7a6fb8e5233ef7b58c19a858e/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/data/yara/CAPE/RokRat.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/c75cb937573d6a4f91a4d8f620fda1575ed33f23/LICENSE"
 		logic_hash = "2aaa7de7ccd59e0da690f4bc0c7deaacf61314d61f8d2aa3ce6f6892f50612ec"
 		score = 75
 		quality = 70
@@ -66431,7 +66829,7 @@ rule CAPE_Rokrat : FILE
  * YARA Rule Set
  * Repository Name: BinaryAlert
  * Repository: https://github.com/airbnb/binaryalert/
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: a9c0f06affc35e1f8e45bb77f835b92350c68a0b
  * Number of Rules: 80
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -68895,7 +69293,7 @@ rule BINARYALERT_Hacktool_Macos_Manwhoami_Icloudcontacts
  * YARA Rule Set
  * Repository Name: DeadBits
  * Repository: https://github.com/deadbits/yara-rules/
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: d002f7ecee23e09142a3ac3e79c84f71dda3f001
  * Number of Rules: 19
  * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -69145,7 +69543,7 @@ rule DEADBITS_KPOT_V2 : WINMALWARE INFOSTEALER FILE
 		license_url = "N/A"
 		logic_hash = "dc8cce2ae3a427f771b19b4d0e027b653ff03a7bf816303460398987535c5351"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "WINMALWARE, INFOSTEALER, FILE"
 		Description = "Attempts to detect KPOT version 2 payloads"
 		Author = "Adam M. Swanda"
@@ -69362,7 +69760,7 @@ rule DEADBITS_Crescentcore_DMG : INSTALLER MACOSMALWARE FILE
 		license_url = "N/A"
 		logic_hash = "819f01fdacea1e95f0f4d4f8e59ebae97ff9489a1be2c60e33253580a8f9e418"
 		score = 75
-		quality = 26
+		quality = 51
 		tags = "INSTALLER, MACOSMALWARE, FILE"
 		Author = "Adam M. Swanda"
 
@@ -69395,7 +69793,7 @@ rule DEADBITS_Acbackdoor_ELF : LINUX MALWARE BACKDOOR
 		description = "No description has been set in the source file - DeadBits"
 		author = "Adam M. Swanda"
 		id = "82eb41bf-cd1d-5b00-973b-31a79c75cfc0"
-		date = "2019-11-02"
+		date = "2019-11-04"
 		modified = "2019-12-04"
 		reference = "https://www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/"
 		source_url = "https://github.com/deadbits/yara-rules//blob/d002f7ecee23e09142a3ac3e79c84f71dda3f001/rules/ACBackdoor_Linux.yara#L1-L41"
@@ -69442,7 +69840,7 @@ rule DEADBITS_Godlua_Linux : LINUXMALWARE FILE
 		license_url = "N/A"
 		logic_hash = "70a8078f261648f050807e82009493e39fa32c0748576b3df76d8aaaa117103e"
 		score = 75
-		quality = 26
+		quality = 51
 		tags = "LINUXMALWARE, FILE"
 		Author = "Adam M. Swanda"
 
@@ -69487,7 +69885,7 @@ rule DEADBITS_Jsworm : MALWARE FILE
 		license_url = "N/A"
 		logic_hash = "99074e25ec15c5b25fa41bef19203f5ddc227acd51fadca1e2c3ece538b3da01"
 		score = 75
-		quality = 53
+		quality = 78
 		tags = "MALWARE, FILE"
 
 	strings:
@@ -69523,7 +69921,7 @@ rule DEADBITS_Watchdog_Botnet : BOTNET LINUXMALWARE EXPLOITATION CVE_2019_11581
 		license_url = "N/A"
 		logic_hash = "aea8afdf118b79f701941ddd4306ee0f1c947ea59de5485ff977beff95e06d35"
 		score = 75
-		quality = 53
+		quality = 78
 		tags = "BOTNET, LINUXMALWARE, EXPLOITATION, CVE_2019_11581, CVE_2019_10149"
 		Author = "Adam M. Swanda"
 
@@ -69748,10 +70146,10 @@ rule DEADBITS_APT34_PICKPOCKET : APT APT34 INFOSTEALER WINMALWARE FILE
  * YARA Rule Set
  * Repository Name: DelivrTo
  * Repository: https://github.com/delivr-to/detections
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: f85e1d0c477cbf4689d1cfe4a80049c465673b23
- * Number of Rules: 13
- * Skipped: 0 (age), 2 (quality), 0 (score), 0 (importance)
+ * Number of Rules: 12
+ * Skipped: 0 (age), 3 (quality), 0 (score), 0 (importance)
  *
  *
  * LICENSE
@@ -69795,7 +70193,7 @@ rule DELIVRTO_SUSP_ZPAQ_Archive_Nov23 : FILE
 		license_url = "N/A"
 		logic_hash = "348144ee7137def00b37e074507e8148e51d34c484802a56bcd6e090d4628f18"
 		score = 40
-		quality = 55
+		quality = 80
 		tags = "FILE"
 
 	strings:
@@ -69992,30 +70390,6 @@ rule DELIVRTO_SUSP_ZIP_Smuggling_Jun01 : FILE
 	condition:
 		uint32( 0 ) == 0x04034b50 and #lfh > 0 and #lfh <= 10 and #eocd == 1 and uint16( @lfh [ #lfh ] + 26 ) <= 256 and uint16( @lfh [ #lfh ] + 28 ) <= 256 and uint32( @lfh [ #lfh ] + 18 ) > 0 and uint32( @lfh [ #lfh ] + 18 ) < 100000000 and uint32( @eocd [ 1 ] + 16 ) > @lfh [ #lfh ] and ( uint32( @eocd [ 1 ] + 16 ) - ( @lfh [ #lfh ] + 30 + uint16( @lfh [ #lfh ] + 26 ) + uint16( @lfh [ #lfh ] + 28 ) + uint32( @lfh [ #lfh ] + 18 ) ) ) > 64
 }
-rule DELIVRTO_SUSP_ZIP_Smuggling_Egg_Jun01 : FILE
-{
-	meta:
-		description = "ZIP archives with known egghunter byte sequence from Octoberfest7 zip_smuggling tool between end of file content and central directory."
-		author = "delivr.to"
-		id = "0b6fb9ca-8c1c-5a5f-a159-c190848143c6"
-		date = "2025-06-01"
-		modified = "2025-06-01"
-		reference = "https://github.com/Octoberfest7/zip_smuggling/"
-		source_url = "https://github.com/delivr-to/detections/blob/f85e1d0c477cbf4689d1cfe4a80049c465673b23/yara-rules/zip_smuggling.yar#L49-L82"
-		license_url = "N/A"
-		logic_hash = "6e22f3758a8c16ba64a9a01b82eb1cc1edcb1a6c4c7c4cf4633b741db494e283"
-		score = 75
-		quality = 78
-		tags = "FILE"
-
-	strings:
-		$lfh = { 50 4B 03 04 }
-		$eocd = { 50 4B 05 06 }
-		$egg = { 55 55 55 55 }
-
-	condition:
-		uint32( 0 ) == 0x04034b50 and #lfh > 0 and #lfh <= 10 and #eocd == 1 and #egg > 0 and $egg in ( @lfh [ #lfh ] + 30 + uint16( @lfh [ #lfh ] + 26 ) + uint16( @lfh [ #lfh ] + 28 ) + uint32( @lfh [ #lfh ] + 18 ) .. uint32( @eocd [ 1 ] + 16 ) )
-}
 rule DELIVRTO_SUSP_Onenote_Win_Script_Encoding_Feb23 : FILE
 {
 	meta:
@@ -70067,7 +70441,7 @@ rule DELIVRTO_SUSP_Msg_CVE_2023_23397_Mar23 : CVE_2023_23397 FILE
  * YARA Rule Set
  * Repository Name: ESET
  * Repository: https://github.com/eset/malware-ioc
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 266938e95240a83d965971095f513d465f53c182
  * Number of Rules: 99
  * Skipped: 0 (age), 8 (quality), 1 (score), 0 (importance)
@@ -72602,7 +72976,7 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Header_Decryption : FILE
 		description = "Matches the function used to decrypt resources headers in TA410 FlowCloud"
 		author = "ESET Research"
 		id = "403c1845-bc25-5a49-8553-8a0be18d6970"
-		date = "2025-01-02"
+		date = "2025-01-04"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
 		source_url = "https://github.com/eset/malware-ioc/blob/266938e95240a83d965971095f513d465f53c182/ta410/ta410.yar#L417-L496"
@@ -73663,7 +74037,7 @@ rule ESET_Richheaders_Lazarus_Nukesped_Iconicpayloads_3CX_Q12023
  * YARA Rule Set
  * Repository Name: FireEye-RT
  * Repository: https://github.com/mandiant/red_team_tool_countermeasures/
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 3561b71724dbfa3e2bb78106aaa2d7f8b892c43b
  * Number of Rules: 167
  * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -75084,7 +75458,7 @@ rule FIREEYE_RT_Loader_MSIL_DUEDLLIGENCE_2 : FILE
 		license_url = "https://github.com/mandiant/red_team_tool_countermeasures//blob/3561b71724dbfa3e2bb78106aaa2d7f8b892c43b/LICENSE.txt"
 		logic_hash = "5a2e0559e3b47c1957a42929fbbeba7a53c21619125381b01dcd8453b6ec4802"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -75108,7 +75482,7 @@ rule FIREEYE_RT_Loader_MSIL_DUEDLLIGENCE_3 : FILE
 		license_url = "https://github.com/mandiant/red_team_tool_countermeasures//blob/3561b71724dbfa3e2bb78106aaa2d7f8b892c43b/LICENSE.txt"
 		logic_hash = "41cc6a4c7765b1e5e88d12660b69e434c83938ca974b9ccf6545b4dd5dd78378"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -75409,7 +75783,7 @@ rule FIREEYE_RT_Hacktool_PY_Impacketobfuscation_2
 		hash = "f3dd8aa567a01098a8a610529d892485"
 		logic_hash = "ccbbe507798f16c7acf0780770fdb81b2e7dc333ab8bc51e6216816276c3f14b"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = ""
 		rev = 2
 
@@ -77215,7 +77589,7 @@ rule FIREEYE_RT_APT_Loader_MSIL_LUALOADER_1 : FILE
 		license_url = "https://github.com/mandiant/red_team_tool_countermeasures//blob/3561b71724dbfa3e2bb78106aaa2d7f8b892c43b/LICENSE.txt"
 		logic_hash = "2d73d434ac39ebde990aca817a54208cd04bfbce33f1bcadcf48a50d9389658c"
 		score = 75
-		quality = 75
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -77315,7 +77689,7 @@ rule FIREEYE_RT_Hacktool_MSIL_Puppyhound_1 : FILE
 		hash = "eeedc09570324767a3de8205f66a5295"
 		logic_hash = "39073bbfef15ecd28c1772e5d01e54c3d5774ecb4c90f0076bda5dc400abacba"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		rev = 6
 
@@ -77665,7 +78039,7 @@ rule FIREEYE_RT_APT_Loader_Win_PGF_1 : FILE
 		hash = "013c7708f1343d684e3571453261b586"
 		logic_hash = "9dede268d33a38e980026917bd01bc47a72bfe60ba4a999c91eb727a2f377462"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 		rev = 6
 
@@ -78361,7 +78735,7 @@ rule FIREEYE_RT_APT_Hacktool_MSIL_SHARPSTOMP_1 : FILE
  * YARA Rule Set
  * Repository Name: GCTI
  * Repository: https://github.com/chronicle/GCTI
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 1c5fd42b1895098527fde00c2d9757edf6b303bb
  * Number of Rules: 90
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -81578,7 +81952,7 @@ rule GCTI_Cobaltstrike_Resources__Template_Vbs_V3_3_To_V4_X
  * YARA Rule Set
  * Repository Name: Malpedia
  * Repository: https://github.com/malpedia/signator-rules/
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 6558c417dcf07146b1309b6acde6be0aa96dea10
  * Number of Rules: 1468
  * Skipped: 0 (age), 16 (quality), 0 (score), 0 (importance)
@@ -142602,7 +142976,7 @@ rule MALPEDIA_Win_Chir_Auto : FILE
  * YARA Rule Set
  * Repository Name: Trellix ARC
  * Repository: https://github.com/advanced-threat-research/Yara-Rules/
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 1919562a59f190bda60c982424f6a24c542ee3e0
  * Number of Rules: 163
  * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -148496,7 +148870,7 @@ rule TRELLIX_ARC_Backdoorfckg : CTB_LOCKER_RANSOMWARE RANSOMWARE
  * YARA Rule Set
  * Repository Name: Arkbird SOLG
  * Repository: https://github.com/StrangerealIntel/DailyIOC
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: a873ff1298c43705e9c67286f3014f4300dd04f7
  * Number of Rules: 215
  * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance)
@@ -155605,7 +155979,7 @@ rule ARKBIRD_SOLG_APT_Chisel_Hafnium_Feb_2021_1 : FILE
  * YARA Rule Set
  * Repository Name: Telekom Security
  * Repository: https://github.com/telekom-security/malware_analysis/
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: bf832d97e8fd292ec5e095e35bde992a6462e71c
  * Number of Rules: 12
  * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance)
@@ -155973,7 +156347,7 @@ rule TELEKOM_SECURITY_Win_Systembc_20220311 : FILE
  * YARA Rule Set
  * Repository Name: Volexity
  * Repository: https://github.com/volexity/threat-intel
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: c24b8d9bea44ac757193a3152b1fd9dbf34fe503
  * Number of Rules: 86
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -157367,7 +157741,7 @@ rule VOLEXITY_Webshell_Jsp_Godzilla : FILE MEMORY
 		license_url = "https://github.com/volexity/threat-intel/blob/c24b8d9bea44ac757193a3152b1fd9dbf34fe503/LICENSE.txt"
 		logic_hash = "52cba9545f662da18ca6e07340d7a9be637b89e7ed702dd58cac545c702a00e3"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "FILE, MEMORY"
 		hash1 = "2786d2dc738529a34ecde10ffeda69b7f40762bf13e7771451f13a24ab7fc5fe"
 		os = "win,linux"
@@ -157936,7 +158310,7 @@ rule VOLEXITY_Apt_Malware_Rb_Rokrat_Loader : INKYPINE FILE MEMORY
 		license_url = "https://github.com/volexity/threat-intel/blob/c24b8d9bea44ac757193a3152b1fd9dbf34fe503/LICENSE.txt"
 		logic_hash = "30ae14fd55a3ab60e791064f69377f3b9de9b871adfd055f435df657f89f8007"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "INKYPINE, FILE, MEMORY"
 		hash1 = "5bc52f6c1c0d0131cee30b4f192ce738ad70bcb56e84180f464a5125d1a784b2"
 		os = "win"
@@ -159156,7 +159530,7 @@ rule VOLEXITY_Apt_Win_Powerstar : CHARMINGKITTEN
  * YARA Rule Set
  * Repository Name: JPCERTCC
  * Repository: https://github.com/JPCERTCC/MalConfScan/
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 19ec0d145535a6a4cfd37c0960114f455a8c343e
  * Number of Rules: 30
  * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -160000,7 +160374,7 @@ rule JPCERTCC_Elf_Wellmess : FILE
  * YARA Rule Set
  * Repository Name: SecuInfra
  * Repository: https://github.com/SIFalcon/Detection
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 2d7c66d7d16c7541bf2a9a83a7a6d334364a26fd
  * Number of Rules: 45
  * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance)
@@ -160552,7 +160926,7 @@ rule SECUINFRA_MALWARE_Emotet_Onenote_Delivery_Wsf_Mar23
 		license_url = "N/A"
 		logic_hash = "ca48f5e694b18e3f0b89b0128817848a7d36f60d8a3ada522739849bf3f7126b"
 		score = 75
-		quality = 45
+		quality = 70
 		tags = ""
 		tlp = "CLEAR"
 		hash0 = "dd9fcdcaf5c26fc27863c86aa65948924f23ab9faa261562cbc9d65ac80d33d4"
@@ -161293,9 +161667,9 @@ rule SECUINFRA_SUSP_LNK_Staging_Directory : FILE
  * YARA Rule Set
  * Repository Name: RussianPanda
  * Repository: https://github.com/RussianPanda95/Yara-Rules
- * Retrieval Date: 2025-11-02
- * Git Commit: 51411489a2f384df8a4983387b83c78bcca9afc6
- * Number of Rules: 87
+ * Retrieval Date: 2025-11-04
+ * Git Commit: bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf
+ * Number of Rules: 89
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
  *
  *
@@ -161312,7 +161686,7 @@ rule RUSSIANPANDA_Danabot
 		date = "2023-12-01"
 		modified = "2023-12-01"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/DanaBot/danabot_yara.yar#L1-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/DanaBot/danabot_yara.yar#L1-L17"
 		license_url = "N/A"
 		logic_hash = "4968531f27fa1a8bc3fca536a04b75277adefc42addb9f1999c564510cbcb684"
 		score = 75
@@ -161340,7 +161714,7 @@ rule RUSSIANPANDA_Ducktail_Mainbot : FILE
 		date = "2023-12-24"
 		modified = "2023-12-26"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Ducktail/ducktail_mainbot-12-2023.yar#L3-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Ducktail/ducktail_mainbot-12-2023.yar#L3-L19"
 		license_url = "N/A"
 		logic_hash = "33b85c6e1e1137aeeb07eba957b73d738a70ddc561b42bd2d39258e90280fca4"
 		score = 75
@@ -161365,7 +161739,7 @@ rule RUSSIANPANDA_Ducktail : FILE
 		date = "2023-04-25"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Ducktail/ducktail.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Ducktail/ducktail.yar#L1-L16"
 		license_url = "N/A"
 		logic_hash = "cb248870f6945d7a6d60d54944dc726d40ba326448af39b87325ec56445602a5"
 		score = 75
@@ -161393,7 +161767,7 @@ rule RUSSIANPANDA_Ducktail_Myrdpservice_Bot : FILE
 		date = "2023-12-24"
 		modified = "2023-12-26"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Ducktail/ducktail_myrdpservice-12-2023.yar#L3-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Ducktail/ducktail_myrdpservice-12-2023.yar#L3-L17"
 		license_url = "N/A"
 		logic_hash = "a329067fbb2acc34c4970167bbce0706c5a3ec09ee89ce16817c105ae1c17b1b"
 		score = 75
@@ -161417,7 +161791,7 @@ rule RUSSIANPANDA_Solarphantom : FILE
 		date = "2023-12-11"
 		modified = "2023-12-11"
 		reference = "https://www.esentire.com/blog/solarmarker-to-jupyter-and-back"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SolarMarker/solarphantom.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/SolarMarker/solarphantom.yar#L1-L16"
 		license_url = "N/A"
 		logic_hash = "3b49d301e625d5abf1b726481a80d6a97d33acd3301c12964f2f37d37130c1b7"
 		score = 75
@@ -161441,7 +161815,7 @@ rule RUSSIANPANDA_Solarmarker_Loader_PS2EXE : FILE
 		date = "2024-01-04"
 		modified = "2024-01-04"
 		reference = "https://www.esentire.com/blog/solarmarker-to-jupyter-and-back"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SolarMarker/solarmarker_loader.yar#L1-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/SolarMarker/solarmarker_loader.yar#L1-L17"
 		license_url = "N/A"
 		hash = "b45c31679c2516b38c7ff8c395f1d11d"
 		logic_hash = "4f579f350c3320e7b811cae0efe7302e852f59adc02d805f64ba464f8a995f25"
@@ -161466,7 +161840,7 @@ rule RUSSIANPANDA_Solardropper
 		date = "2024-01-03"
 		modified = "2024-01-03"
 		reference = "https://www.esentire.com/blog/solarmarker-to-jupyter-and-back"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SolarMarker/solardropper.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/SolarMarker/solardropper.yar#L1-L15"
 		license_url = "N/A"
 		logic_hash = "5dccb7be94e814335c0c867f8b3dd8855043375fe9f1235d5519c690fc7df842"
 		score = 75
@@ -161490,7 +161864,7 @@ rule RUSSIANPANDA_Solarmarker_First_Stage_Payload : FILE
 		date = "2024-01-30"
 		modified = "2024-01-30"
 		reference = "https://x.com/luke92881/status/1751968350689771966?s=20"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SolarMarker/solarmarker_first_stage_payload.yar#L1-L21"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/SolarMarker/solarmarker_first_stage_payload.yar#L1-L21"
 		license_url = "N/A"
 		hash = "f53563541293a826738d3b8f1164ea43"
 		logic_hash = "e704614782b0f3cba60c53413e889113d2d44f37e60801205e5ed5ff921b13ee"
@@ -161521,7 +161895,7 @@ rule RUSSIANPANDA_Solarmarker_Loader : FILE
 		date = "2024-01-04"
 		modified = "2024-01-04"
 		reference = "https://www.esentire.com/blog/solarmarker-to-jupyter-and-back"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SolarMarker/solarmarker_backdoor.yar#L3-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/SolarMarker/solarmarker_backdoor.yar#L3-L19"
 		license_url = "N/A"
 		hash = "8eeefe0df0b057fc866b8d35625156de"
 		logic_hash = "035eccb41f2ecdeb196003542c165cedad96e3e8e741511b4beda3dfe1ece74e"
@@ -161544,7 +161918,7 @@ rule RUSSIANPANDA_Zharkbot : FILE
 		date = "2024-09-02"
 		modified = "2024-09-03"
 		reference = "https://research.openanalysis.net/zharkbot/triage/x64dbg/2024/09/02/zharkbot-config.html"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/ZharkBot/Zharkbot.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/ZharkBot/Zharkbot.yar#L1-L15"
 		license_url = "N/A"
 		hash = "1aa0622a744ec4d28a561bac60ec5e907476587efbadfde546d2b145be4b8109"
 		logic_hash = "fded6a0c7af4fda13619778669ef619f88b43e12f12284a3c551c4fddac01024"
@@ -161568,7 +161942,7 @@ rule RUSSIANPANDA_Zharkbot_1 : FILE
 		date = "2024-01-21"
 		modified = "2024-03-12"
 		reference = "https://x.com/ViriBack/status/1749184882822029564?s=20"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/ZharkBot/zharkbot.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/ZharkBot/zharkbot.yar#L1-L15"
 		license_url = "N/A"
 		hash = "d53ce8c0a8a89c2e3eb080849da8b1c47eaac614248fc55d03706dd5b4e10bdd"
 		logic_hash = "ffaec6b19dd4385cd1bc156fdfde39a356367c7fba4135c48a8de62a18a78576"
@@ -161592,7 +161966,7 @@ rule RUSSIANPANDA_Aurorastealer_1
 		date = "2023-02-07"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AuroraStealer/AuroraStealer.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/AuroraStealer/AuroraStealer.yar#L1-L16"
 		license_url = "N/A"
 		logic_hash = "7a9900266a0dfa7bf0ea91a0260a1d30bd7799a491fba87db083f4fea4115f2a"
 		score = 50
@@ -161616,7 +161990,7 @@ rule RUSSIANPANDA_Aurorastealer_March_2023
 		date = "2023-03-23"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AuroraStealer/Aurora_March_2023.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/AuroraStealer/Aurora_March_2023.yar#L1-L15"
 		license_url = "N/A"
 		logic_hash = "d74d2843a03e826f334ce3c5eb10cc2b43cfd832174769e5d067fb877abe13a0"
 		score = 75
@@ -161639,7 +162013,7 @@ rule RUSSIANPANDA_Susp_Obf_Py_Marshal_Module : FILE
 		date = "2024-01-16"
 		modified = "2024-01-16"
 		reference = "https://www.trendmicro.com/fr_fr/research/23/j/infection-techniques-across-supply-chains-and-codebases.html"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Techniques/susp_obf_py_marshal_module.yar#L1-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Techniques/susp_obf_py_marshal_module.yar#L1-L18"
 		license_url = "N/A"
 		hash = "d740129ff6bdb65a324eadf4ac8de3893a54306cf2a11712a305ef6247204092"
 		logic_hash = "f150fae6d7a4642f714f4620dab65f452e5eb9cb57e9cbea46010aac3ecbb3cb"
@@ -161666,7 +162040,7 @@ rule RUSSIANPANDA_Check_Installed_Software : FILE
 		date = "2024-01-14"
 		modified = "2024-01-15"
 		reference = "https://unprotect.it/technique/checking-installed-software/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Techniques/check_installed_software.yar#L1-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Techniques/check_installed_software.yar#L1-L19"
 		license_url = "N/A"
 		hash = "db44d4cd1ea8142790a6b26880b41ee23de5db5c2a63afb9ee54585882f1aa07"
 		logic_hash = "ab079f1edaffca5bce1e872d6e4fc44f7c22b9260feaed7cd38e578646d420ef"
@@ -161692,7 +162066,7 @@ rule RUSSIANPANDA_Win_Sus_Internetshortcutfile
 		date = "2024-02-17"
 		modified = "2024-02-17"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Techniques/win_sus_InternetShortcutFile.yar#L1-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Techniques/win_sus_InternetShortcutFile.yar#L1-L19"
 		license_url = "N/A"
 		logic_hash = "9ec321ba521949fcc1db09b843913424182bfbb14eac61e92b7132d88b275ceb"
 		score = 65
@@ -161722,7 +162096,7 @@ rule RUSSIANPANDA_Golang_Base64_Enc : FILE
 		date = "2024-01-10"
 		modified = "2024-01-14"
 		reference = "https://unprotect.it/technique/base64/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Techniques/golang_base64_enc.yar#L1-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Techniques/golang_base64_enc.yar#L1-L18"
 		license_url = "N/A"
 		hash = "509a359b4d0cd993497671b91255c3775628b078cde31a32158c1bc3b2ce461c"
 		logic_hash = "72cf3ee948df9c4ce593f16a49397e79fdc5ecc3264b3685bbc54f60ed1278bd"
@@ -161749,7 +162123,7 @@ rule RUSSIANPANDA_Andeloader
 		date = "2023-12-11"
 		modified = "2023-12-11"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AndeLoader/ande_loader.yar#L3-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/AndeLoader/ande_loader.yar#L3-L18"
 		license_url = "N/A"
 		logic_hash = "cd55153077e5cfbd84cbe5b062dbd842def245417acfea4ed6c2b1db702dcc81"
 		score = 75
@@ -161773,7 +162147,7 @@ rule RUSSIANPANDA_Whitesnakestealer : FILE
 		date = "2023-07-04"
 		modified = "2023-12-11"
 		reference = "https://russianpanda.com/2023/07/04/WhiteSnake-Stealer-Malware-Analysis/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/WhiteSnake-Stealer/WhiteSnake_xor.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/WhiteSnake-Stealer/WhiteSnake_xor.yar#L1-L15"
 		license_url = "N/A"
 		logic_hash = "0bd0e250b8598be297296ecf6644d3bf649e3dc4598438325a0913afed04c819"
 		score = 75
@@ -161796,7 +162170,7 @@ rule RUSSIANPANDA_Whitesnakestealer_1 : FILE
 		date = "2023-07-04"
 		modified = "2023-12-11"
 		reference = "https://russianpanda.com/2023/07/04/WhiteSnake-Stealer-Malware-Analysis/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/WhiteSnake-Stealer/WhiteSnake_rc4.yar#L1-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/WhiteSnake-Stealer/WhiteSnake_rc4.yar#L1-L17"
 		license_url = "N/A"
 		logic_hash = "24985a2c3b0d72858decd17cb2b8e485caa94c01ad72a014edc68ed4facfd71e"
 		score = 75
@@ -161821,7 +162195,7 @@ rule RUSSIANPANDA_Obfuscation_Powershell_Special_Chars
 		date = "2024-01-12"
 		modified = "2024-02-02"
 		reference = "https://perl-users.jp/articles/advent-calendar/2010/sym/11"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/PowerShell Obfuscation/obfuscation_powershell_special_chars.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/PowerShell Obfuscation/obfuscation_powershell_special_chars.yar#L1-L15"
 		license_url = "N/A"
 		hash = "d77efad78ef3afc5426432597ba129141952719846bc5ccd058249bb23d8a905"
 		logic_hash = "4cc4ebffe7bf712b412a060536acc51d94381d24b46e5494195ae17482076cd6"
@@ -161847,7 +162221,7 @@ rule RUSSIANPANDA_Win_Mal_Koi_Loader : FILE
 		date = "2024-04-04"
 		modified = "2024-04-04"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Koi/win_mal_Koi_loader.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Koi/win_mal_Koi_loader.yar#L1-L14"
 		license_url = "N/A"
 		hash = "47e208687c2fb40bdbaa17e368aaa1bd"
 		logic_hash = "4f909865c6d274804c3fa7f66822d7bea71bb93e7c6a422ebaf220df056ac095"
@@ -161873,7 +162247,7 @@ rule RUSSIANPANDA_Win_Mal_Koistealer_PS
 		date = "2024-04-04"
 		modified = "2024-04-04"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Koi/win_mal_KoiStealer_PS.yar#L1-L12"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Koi/win_mal_KoiStealer_PS.yar#L1-L12"
 		license_url = "N/A"
 		hash = "4f55be0b55ec67dfda42b88e9c743a2a"
 		logic_hash = "8a60a1d770eb4b5048762ddfd4657fdf7a430b09eb454ae5a5bb3103460907db"
@@ -161897,7 +162271,7 @@ rule RUSSIANPANDA_Win_Mal_Koi_Loader_Decrypted : FILE
 		date = "2024-04-04"
 		modified = "2024-04-04"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Koi/win_mal_Koi_loader_decrypted.yar#L1-L12"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Koi/win_mal_Koi_loader_decrypted.yar#L1-L12"
 		license_url = "N/A"
 		hash = "1901593e0299930d46b963866f33a93b"
 		logic_hash = "f73ada7185ff109afe1e186a0fb7b4420b3d0e04c93c7c5423243db97eb34e49"
@@ -161921,7 +162295,7 @@ rule RUSSIANPANDA_Win_Mal_Planetstealer : FILE
 		date = "2024-03-04"
 		modified = "2024-03-24"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/PlanetStealer/win_mal_PlanetStealer.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/PlanetStealer/win_mal_PlanetStealer.yar#L1-L14"
 		license_url = "N/A"
 		logic_hash = "e1660d6fed4c48b45b40bd51fb52254c5b19ca6f1938b68f2344bde473820b86"
 		score = 75
@@ -161947,7 +162321,7 @@ rule RUSSIANPANDA_Ghostgambit : FILE
 		date = "2024-07-09"
 		modified = "2024-07-09"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/GhostGambit/GhostGambit.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/GhostGambit/GhostGambit.yar#L1-L14"
 		license_url = "N/A"
 		hash = "2b16c68d9bafbd2ecf3634d991d7c794"
 		logic_hash = "419efbea3c347d0ec9365c0c21cccb6f229f8c42d22a2bcfdf14854e7f83aea1"
@@ -161974,7 +162348,7 @@ rule RUSSIANPANDA_Illyrianstealer : FILE
 		date = "2024-01-08"
 		modified = "2024-01-08"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/IllyrianStealer/illyrian_stealer.yar#L2-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/IllyrianStealer/illyrian_stealer.yar#L2-L18"
 		license_url = "N/A"
 		hash = "fae0aed6173804e8c22027cbb0c121eedd927f16ea7e2b23662dbe6e016980e8"
 		logic_hash = "2012d401d3e7ce2d4d6ea12ed01a30b7d3e18f4ed47dbf70d43bae6c328960ea"
@@ -162000,7 +162374,7 @@ rule RUSSIANPANDA_Win_Mal_Gobitloader : FILE
 		date = "2024-03-24"
 		modified = "2024-03-24"
 		reference = "https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/GoBitLoader/win_mal_GoBitLoader.yar#L1-L13"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/GoBitLoader/win_mal_GoBitLoader.yar#L1-L13"
 		license_url = "N/A"
 		logic_hash = "66951b290bef6a6c9eef4ea674472465dfe0ec5072dce21f48b58191f7ce90e3"
 		score = 75
@@ -162024,7 +162398,7 @@ rule RUSSIANPANDA_Garystealer : FILE
 		date = "2024-01-03"
 		modified = "2024-01-03"
 		reference = "https://cybersecurity.att.com/blogs/labs-research/behind-the-scenes-jaskagos-coordinated-strike-on-macos-and-windows"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/GaryStealer/garystealer-1-3-2024.yar#L1-L20"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/GaryStealer/garystealer-1-3-2024.yar#L1-L20"
 		license_url = "N/A"
 		hash = "6efa29a0f9d112cfbb982f7d9c0ddfe395b0b0edb885c2d5409b33ad60ce1435"
 		logic_hash = "f71655d0cb237c08af9c298ec9eec1ae9bd1efd50e26d61afddf9056b6883a15"
@@ -162050,7 +162424,7 @@ rule RUSSIANPANDA_Truecrypt_Crypter : FILE
 		date = "2024-01-06"
 		modified = "2024-01-06"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/TrueCrypt/truecrypt_crypter.yar#L1-L27"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/TrueCrypt/truecrypt_crypter.yar#L1-L27"
 		license_url = "N/A"
 		hash = "167637397fb45ea19bafcf208d8f27dceec82caa7ab19d40ecdb08eb1b7d4f60"
 		logic_hash = "68612c68053e9fb81d9616c04b04ac2e2cb685f3b7ed71f8b31e8f22e3a539e7"
@@ -162081,7 +162455,7 @@ rule RUSSIANPANDA_Neptune_Loader : FILE
 		date = "2024-01-17"
 		modified = "2024-01-21"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/NeptuneLoader/neptune_loader.yar#L1-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/NeptuneLoader/neptune_loader.yar#L1-L18"
 		license_url = "N/A"
 		logic_hash = "ca54b8a624d48aa28bc727420f25e6f0fd67b193ac79443a357d88a9fe7cbdbb"
 		score = 75
@@ -162109,7 +162483,7 @@ rule RUSSIANPANDA_Mal_Xred_Backdoor : FILE
 		date = "2024-02-09"
 		modified = "2024-02-09"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/XRed_Backdoor/mal_xred_backdoor.yar#L1-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/XRed_Backdoor/mal_xred_backdoor.yar#L1-L18"
 		license_url = "N/A"
 		hash = "9e1fbae3a659899dde8db18a32daa46a"
 		logic_hash = "36d138a0efade1d5c075662dc528235fe66b49879730db78c4c7290fec7420b5"
@@ -162137,7 +162511,7 @@ rule RUSSIANPANDA_AMOS_Stealer : FILE
 		date = "2025-03-31"
 		modified = "2025-04-11"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AMOS/amos_stealer.yar#L1-L24"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/AMOS/amos_stealer.yar#L1-L24"
 		license_url = "N/A"
 		hash = "55663778a8c593b77a82ea1be072c73dd6a1d7a9567bbfbfad7d3dec9f672996"
 		logic_hash = "64bf0753e2696633ed255df9350a01cb1e75fd6e6c0d4fe48194927acf7e2363"
@@ -162161,7 +162535,7 @@ rule RUSSIANPANDA_AMOS_Stealer_1 : FILE
 		date = "2025-04-11"
 		modified = "2025-04-11"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AMOS/amos_stealer_4_25.yar#L1-L24"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/AMOS/amos_stealer_4_25.yar#L1-L24"
 		license_url = "N/A"
 		hash = "55663778a8c593b77a82ea1be072c73dd6a1d7a9567bbfbfad7d3dec9f672996"
 		logic_hash = "dffaf67bdfb8db07f69fb00720a6638e7a89db2acc1d848d635031a0aec5bdd3"
@@ -162185,7 +162559,7 @@ rule RUSSIANPANDA_Mal_Cleanuploader : FILE
 		date = "2024-02-14"
 		modified = "2024-02-14"
 		reference = "https://x.com/AnFam17/status/1757871703282077857?s=20"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/CleanUpLoader/mal_cleanuploader.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/CleanUpLoader/mal_cleanuploader.yar#L1-L14"
 		license_url = "N/A"
 		hash = "2b62dd154b431d8309002d5b4a35de07"
 		logic_hash = "a9267c568c11420e36f0781469aa7d932c87d52707981912558eb0f4f84f673a"
@@ -162210,7 +162584,7 @@ rule RUSSIANPANDA_Mal_Msedge_Dll_Virusloader : FILE
 		date = "2024-01-19"
 		modified = "2024-01-19"
 		reference = "https://blog.phylum.io/npm-package-found-delivering-sophisticated-rat/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/virusloader/mal_msedge_dll_virusloader.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/virusloader/mal_msedge_dll_virusloader.yar#L1-L16"
 		license_url = "N/A"
 		hash = "ab2e3b07170ef1516af3af0d03388868"
 		logic_hash = "659fd5fa3121fec5bf4cceb6f3dea95bf4cbcde7441d6f11c35288d8ad75a803"
@@ -162235,7 +162609,7 @@ rule RUSSIANPANDA_Gh0Strat : FILE
 		date = "2024-07-09"
 		modified = "2024-07-09"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Gh0stRAT/Gh0stRAT.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Gh0stRAT/Gh0stRAT.yar#L1-L14"
 		license_url = "N/A"
 		hash = "678b06ecdbc9b186788cf960332566f9"
 		logic_hash = "bc4bdad83a0e23273774c3d4812cabe9fa44897c8ff2e308004e03b4f1622cd5"
@@ -162252,6 +162626,57 @@ rule RUSSIANPANDA_Gh0Strat : FILE
 	condition:
 		uint16( 0 ) == 0x5A4D and all of them
 }
+rule RUSSIANPANDA_Supperbackdoor
+{
+	meta:
+		description = "Detects Supper backdoor"
+		author = "RussianPanda"
+		id = "bd2752c3-1072-5151-9bb9-dd094feb0772"
+		date = "2025-10-31"
+		modified = "2025-11-02"
+		reference = "https://github.com/RussianPanda95/Yara-Rules"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/VanillaTempest/win_mal_SupperBackdoor.yar#L1-L14"
+		license_url = "N/A"
+		hash = "bf2ba1f30ef8ca6f9946f6ec21118eff3c3442590bbedea150e2d670e78ab986"
+		logic_hash = "85577822ecb065a32fe9c0c3ce2e2d7892c263e6a21afc56a9f0a1dbe5218abe"
+		score = 75
+		quality = 85
+		tags = ""
+
+	strings:
+		$s1 = "[DEBUG MAIN SOCKS] Starting Init SOCKS"
+		$s2 = "fail send data to target"
+		$s3 = "serv disconnect"
+		$s4 = "cmd.exe /C ping 1.1.1.1 -n 1 -w 3000"
+
+	condition:
+		all of them
+}
+rule RUSSIANPANDA_Textshell : FILE
+{
+	meta:
+		description = "Detects TextShell Obfsucator"
+		author = "RussianPanda"
+		id = "48fe49be-a76e-5e6c-a69f-acbe73f4d175"
+		date = "2025-10-31"
+		modified = "2025-11-02"
+		reference = "https://github.com/RussianPanda95/Yara-Rules"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/VanillaTempest/win_mal_TextShell.yar#L1-L13"
+		license_url = "N/A"
+		hash = "cf44aa11a17b3dad61cae715f4ea27c0cbf80732a1a7a1c530a5c9d3d183482a"
+		logic_hash = "c8f84d7160d8cb3b76d06170af09c921893b6f4cd073a10b399d8f51199cef40"
+		score = 75
+		quality = 85
+		tags = "FILE"
+
+	strings:
+		$s1 = {41 8B 04 84 48 03 ?? EB}
+		$s2 = {41 3B ?? 74 ?? FF C3 3B 5D 18 72}
+		$s3 = {FF 15 ?? ?? ?? ?? 48 8B}
+
+	condition:
+		uint16( 0 ) == 0x5A4D and all of them and #s3 > 1000
+}
 rule RUSSIANPANDA_Win_Mal_Mpxdropper : FILE
 {
 	meta:
@@ -162261,7 +162686,7 @@ rule RUSSIANPANDA_Win_Mal_Mpxdropper : FILE
 		date = "2024-03-01"
 		modified = "2024-03-01"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/MpxDropper/mal_win_MpxDropper.yar#L1-L11"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/MpxDropper/mal_win_MpxDropper.yar#L1-L11"
 		license_url = "N/A"
 		hash = "3a44a45afbfe5fc7cdeb3723e05c4e892b079abdb7d1e8d6fc70496ef0a14d5d"
 		logic_hash = "e8d2672553c7f44e1cc177fad6596bd58b5c32a7541f91ce1207e6b21ef6e52d"
@@ -162284,7 +162709,7 @@ rule RUSSIANPANDA_Pikabot_1 : FILE
 		date = "2024-01-02"
 		modified = "2024-01-02"
 		reference = "https://research.openanalysis.net/pikabot/debugging/string%20decryption/2023/11/12/new-pikabot.html"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/PikaBot/Pikabot_1-2-2024.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/PikaBot/Pikabot_1-2-2024.yar#L1-L16"
 		license_url = "N/A"
 		logic_hash = "f2dd26c23aba72c2b6b959fb411381b7d3a7466f94bf5259f57e96e44d3ee153"
 		score = 75
@@ -162308,7 +162733,7 @@ rule RUSSIANPANDA_Meduzastealer : FILE
 		date = "2024-01-01"
 		modified = "2024-01-01"
 		reference = "https://russianpanda.com/2023/06/28/Meduza-Stealer-or-The-Return-of-The-Infamous-Aurora-Stealer/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/MeduzaStealer/MeduzaStealer_1-1-2024.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/MeduzaStealer/MeduzaStealer_1-1-2024.yar#L1-L16"
 		license_url = "N/A"
 		logic_hash = "0547e51abd04302c45f1319bc21046ade019bc98eb85d9cba67cb2109ff642eb"
 		score = 75
@@ -162333,7 +162758,7 @@ rule RUSSIANPANDA_Purelogs_Stealer_Initial_Dropper : FILE
 		date = "2024-01-10"
 		modified = "2024-01-10"
 		reference = "https://russianpanda.com/2023/12/26/Pure-Logs-Stealer-Malware-Analysis/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Pure Logs Stealer/purelogs_stealer_initial_payload.yar#L1-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Pure Logs Stealer/purelogs_stealer_initial_payload.yar#L1-L19"
 		license_url = "N/A"
 		logic_hash = "0fe94c705b94f82163f952d0a29aac4689947a1d439bdc1847ee510c25cf2e40"
 		score = 75
@@ -162360,7 +162785,7 @@ rule RUSSIANPANDA_Purelogs_Stealer_Core : FILE
 		date = "2023-12-26"
 		modified = "2024-01-10"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Pure Logs Stealer/purelogs_stealer_core.yar#L3-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Pure Logs Stealer/purelogs_stealer_core.yar#L3-L18"
 		license_url = "N/A"
 		logic_hash = "7388299ebcc70aeb86c46c29a787f790993a67148d9f3968def1109e45f69452"
 		score = 75
@@ -162384,7 +162809,7 @@ rule RUSSIANPANDA_Win_Mal_Zloader : FILE
 		date = "2024-03-10"
 		modified = "2024-03-10"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Zloader/win_mal_Zloader.yar#L1-L13"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Zloader/win_mal_Zloader.yar#L1-L13"
 		license_url = "N/A"
 		logic_hash = "9ac9e8ca4a6f84e1bccac2292705ee6ebbc1595eb3f40ed777f7973e9bda7fc1"
 		score = 75
@@ -162409,7 +162834,7 @@ rule RUSSIANPANDA_Win_Mal_Glorysprout_Stealer : FILE
 		date = "2024-03-16"
 		modified = "2024-03-16"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/GlorySprout/win_mal_GlorySprout_Stealer.yar#L1-L13"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/GlorySprout/win_mal_GlorySprout_Stealer.yar#L1-L13"
 		license_url = "N/A"
 		hash = "8996c252fc41b7ec0ec73ce814e84136be6efef898822146c25af2330f4fd04a"
 		logic_hash = "c843f7924e69c1b9fc3676178aa630319fe25605deddcd73c4905c51cc97d7eb"
@@ -162434,7 +162859,7 @@ rule RUSSIANPANDA_Sentinel_Stealer
 		date = "2024-01-19"
 		modified = "2024-01-19"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SentinelStealer/sentinel_stealer.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/SentinelStealer/sentinel_stealer.yar#L1-L14"
 		license_url = "N/A"
 		hash = "3a540a8a81c5a5b452f154d7875423a3"
 		logic_hash = "b9d72848842ea4d26544633bb83fccd17239b28493bde3f73341eb2004d8ee0c"
@@ -162460,7 +162885,7 @@ rule RUSSIANPANDA_Workersdevbackdoor : FILE
 		date = "2023-12-15"
 		modified = "2024-01-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/WorkersDevBackdoor/WorkDevBackdoor.yar#L3-L20"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/WorkersDevBackdoor/WorkDevBackdoor.yar#L3-L20"
 		license_url = "N/A"
 		logic_hash = "f92ad9dc657d87a47e539ea2ee896f9b86bb95e51a890a838c6e6b0efa5deb7d"
 		score = 75
@@ -162485,7 +162910,7 @@ rule RUSSIANPANDA_Workersdevbackdoor_PS : FILE
 		date = "2023-12-15"
 		modified = "2023-12-15"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/WorkersDevBackdoor/WorkersDevBackdoor_PS.yar#L1-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/WorkersDevBackdoor/WorkersDevBackdoor_PS.yar#L1-L18"
 		license_url = "N/A"
 		logic_hash = "c71eed8fd7a44f3018150cc6ef55d10779093ed8e4c77fd9babcf9b1b9fadfda"
 		score = 75
@@ -162512,7 +162937,7 @@ rule RUSSIANPANDA_Easycrypter : FILE
 		date = "2024-01-05"
 		modified = "2024-01-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/EasyCrypter/easycrypter.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/EasyCrypter/easycrypter.yar#L1-L16"
 		license_url = "N/A"
 		hash = "60063c99fda3b6c5c839ec1c310b03e8f9c7c8823f2eb7bf75e22c6d738ffa8f"
 		logic_hash = "761ed4629150453009b76d9c2ad251754009b464550b92dab3395fa30422f6ef"
@@ -162536,7 +162961,7 @@ rule RUSSIANPANDA_Smartapesg_JS_Netsupportrat_Stage2 : FILE
 		date = "2024-01-11"
 		modified = "2024-01-12"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SmartApeSG/SmartApeSG_JS_NetSupportRAT_stage2.yar#L1-L23"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/SmartApeSG/SmartApeSG_JS_NetSupportRAT_stage2.yar#L1-L23"
 		license_url = "N/A"
 		hash = "67d8f84b37732cf85e05b327ad6b6a9f"
 		logic_hash = "5a2afaa14d513e0a3c4e52acfb433e53a4541983a05d15318a217c14dc06453c"
@@ -162565,7 +162990,7 @@ rule RUSSIANPANDA_Smartapesg_JS_Dropper_Stage1 : FILE
 		date = "2024-01-11"
 		modified = "2024-01-11"
 		reference = "https://medium.com/walmartglobaltech/smartapesg-4605157a5b80"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SmartApeSG/SmartApeSG_JS_dropper_stage1.yar#L1-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/SmartApeSG/SmartApeSG_JS_dropper_stage1.yar#L1-L18"
 		license_url = "N/A"
 		hash = "8769d9ebcf14b24a657532cd96f9520f54aa0e799399d840285311dfebe3fb15"
 		logic_hash = "de7e4ec30c780699b46de7baf2a916fdb7331da2ee7c2d637422ea664cd03b82"
@@ -162594,7 +163019,7 @@ rule RUSSIANPANDA_Darkgate_Autoit
 		date = "2024-01-26"
 		modified = "2024-01-26"
 		reference = "https://yara.readthedocs.io/en/stable/writingrules.html?highlight=xor"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/DarkGate/darkgate_autoit.yar#L1-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/DarkGate/darkgate_autoit.yar#L1-L19"
 		license_url = "N/A"
 		hash = "e1803b01e3f187355dbeb87a0c91b76c"
 		logic_hash = "dda6726d09035d6f61ca331d18ed37f032c6f6a5ab88e1754a21587f4c79ac87"
@@ -162623,7 +163048,7 @@ rule RUSSIANPANDA_Mal_Narniarat : FILE
 		date = "2024-02-02"
 		modified = "2024-02-02"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/NarniaRAT/mal_NarniaRAT.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/NarniaRAT/mal_NarniaRAT.yar#L1-L16"
 		license_url = "N/A"
 		hash = "43f6c3f92a025d12de4c4f14afa5d098"
 		logic_hash = "3ee8bf6b3970c6f56ca98c87752050217e350da160a650e1724b19f340bf0230"
@@ -162651,7 +163076,7 @@ rule RUSSIANPANDA_Johnwalkertexasloader : FILE
 		date = "2024-10-10"
 		modified = "2024-10-10"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/JWTL/JohnWalkerTexasLoader.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/JWTL/JohnWalkerTexasLoader.yar#L1-L16"
 		license_url = "N/A"
 		hash = "3784fc39dc5c0dec08ad0a49bbbb990359e313a9fa87e6842fd67ed7cc1c0baa"
 		logic_hash = "414be3219d12823639d140d132a9bbc2ca7bf8c44d0c560e4a49b76323be3f8a"
@@ -162676,7 +163101,7 @@ rule RUSSIANPANDA_Johnwalkertexasloader_V2 : FILE
 		date = "2024-10-15"
 		modified = "2024-10-15"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/JWTL/JohnWalkerTexasLoader_v2.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/JWTL/JohnWalkerTexasLoader_v2.yar#L1-L16"
 		license_url = "N/A"
 		hash = "9f6bf0473f5541d84faad4c33a0bc5b1928fceb5938f2d6a7e6e02b7f0980341"
 		logic_hash = "70cbf6cf0602dc8087f4845451d13d0043872733615050161c077e3346387873"
@@ -162701,7 +163126,7 @@ rule RUSSIANPANDA_Raccoonstealer : FILE
 		date = "2024-01-08"
 		modified = "2024-01-08"
 		reference = "https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-raccoon-stealer-v2-0"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/RaccoonStealer_v2/raccoonstealer_v2.3.1.1.yar#L1-L20"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/RaccoonStealer_v2/raccoonstealer_v2.3.1.1.yar#L1-L20"
 		license_url = "N/A"
 		hash = "c6d0d98dd43822fe12a1d785df4e391db3c92846b0473b54762fbb929de6f5cb"
 		logic_hash = "ee2b39c1c2068b97e63a03330a2f9e2f12e53aaf9cfffb274acde2372a11fe45"
@@ -162729,7 +163154,7 @@ rule RUSSIANPANDA_Raccoonstealerv2 : FILE
 		date = "2023-04-17"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/RaccoonStealer_v2/raccoonstealerv2_2.1.0-4_build.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/RaccoonStealer_v2/raccoonstealerv2_2.1.0-4_build.yar#L1-L14"
 		license_url = "N/A"
 		logic_hash = "e2226f08753a3571045953363c04ec52de3c79cd0cd29e7ecb6afaf2ad573e4e"
 		score = 50
@@ -162755,7 +163180,7 @@ rule RUSSIANPANDA_PSWSTEALER : FILE
 		date = "2023-04-02"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/PSWSTEALER/pswstealer.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/PSWSTEALER/pswstealer.yar#L1-L14"
 		license_url = "N/A"
 		logic_hash = "7d85b0ccaa07419f22b9f38a4bc66435cd689b21fa7e4584ef8bea485b6bd2c1"
 		score = 75
@@ -162780,7 +163205,7 @@ rule RUSSIANPANDA_Win_Mal_Xworm : FILE
 		date = "2024-03-11"
 		modified = "2024-03-11"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/XWorm/win_mal_XWorm.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/XWorm/win_mal_XWorm.yar#L1-L15"
 		license_url = "N/A"
 		hash = "fc422800144383ef6e2e0eee37e7d6ba"
 		logic_hash = "c42544285517dc61628e8df2ee5ab6733924fbb2cc08b9b2df273eec0a401d90"
@@ -162807,7 +163232,7 @@ rule RUSSIANPANDA_Win_Mal_Mmgrabber : FILE
 		date = "2025-02-13"
 		modified = "2025-02-14"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/UNC4108/win_mal_mmgrabber.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/UNC4108/win_mal_mmgrabber.yar#L1-L14"
 		license_url = "N/A"
 		hash = "40ebd719aa66a88e261633887ed4e2c144bd11fbcc6f7793f9b32652cc5bf2d3"
 		logic_hash = "149c81b3c1a33933da0c181b8e8a90f40ba5fd8961d6340470790eb375c9695b"
@@ -162833,7 +163258,7 @@ rule RUSSIANPANDA_Win_Mal_Formgrabber : FILE
 		date = "2025-02-13"
 		modified = "2025-02-14"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/UNC4108/win_mal_Formgrabber.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/UNC4108/win_mal_Formgrabber.yar#L1-L14"
 		license_url = "N/A"
 		hash = "33ea72b46af7bb2ecc0775f7536d3259f34bd7a13e298cac66649ee694097c2e"
 		logic_hash = "649e2a5b018b79d3d8534baf8432924f7ee197f26aebbfd384dd613c31d1b035"
@@ -162859,7 +163284,7 @@ rule RUSSIANPANDA_Win_Mal_Pregrabber : FILE
 		date = "2025-02-13"
 		modified = "2025-02-14"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/UNC4108/win_mal_PreGrabber.yar#L1-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/UNC4108/win_mal_PreGrabber.yar#L1-L17"
 		license_url = "N/A"
 		hash = "f39319312a567fa771921d11ece66f3ce8996ba45f90d6fc89031b621535eb7e"
 		logic_hash = "4fcf9c71d7e6b8b571f8452a19ccf0be6153def54ce6148915535a54711b0ff0"
@@ -162888,7 +163313,7 @@ rule RUSSIANPANDA_Win_Mal_Chromium_App_Bound_Encryption_Decrypter : FILE
 		date = "2025-02-13"
 		modified = "2025-02-14"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/UNC4108/win_mal_Chromium_app_bound_encryption_Decrypter.yar#L1-L26"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/UNC4108/win_mal_Chromium_app_bound_encryption_Decrypter.yar#L1-L26"
 		license_url = "N/A"
 		hash = "0f4dcfd8c9ada67a9b41033fc715d370399fd74ca94dbb8a1ea45b3785c88d02"
 		logic_hash = "e871c9a6762c38baeed287e9350530c2c3cd02333b1830210ef74c258bd223b9"
@@ -162926,7 +163351,7 @@ rule RUSSIANPANDA_Win_Mal_Juniperstealer : FILE
 		date = "2025-02-13"
 		modified = "2025-02-14"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/UNC4108/win_mal_JuniperStealer.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/UNC4108/win_mal_JuniperStealer.yar#L1-L14"
 		license_url = "N/A"
 		hash = "44dc2777ee8dd6d5cd8ebb10e71caf73b330940131417b5fca2b174a264e19e3"
 		logic_hash = "e3d05058bbb0e8e408f2b6cf24cb2462b6a3f237c3c464b891cda705b4968c02"
@@ -162952,7 +163377,7 @@ rule RUSSIANPANDA_Win_Mal_Ghostweaver : FILE
 		date = "2025-02-15"
 		modified = "2025-02-15"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/UNC4108/win_mal_GhostWeaver.yar#L1-L13"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/UNC4108/win_mal_GhostWeaver.yar#L1-L13"
 		license_url = "N/A"
 		hash = "5051f0aa11da67e16797daa51992467ad45c5bf18dcd2e252e8aa63d3fce31bc"
 		logic_hash = "6901fa0e7d5a911a0029536ac38d9a2a248fa72126114b10ea941cc8b4329d12"
@@ -162977,7 +163402,7 @@ rule RUSSIANPANDA_Win_Mal_Stealc_V2 : FILE
 		date = "2025-04-10"
 		modified = "2025-04-10"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/StealC/win_mal_StealC_v2.yar#L1-L12"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/StealC/win_mal_StealC_v2.yar#L1-L12"
 		license_url = "N/A"
 		hash = "bc7e489815352f360b6f0c0064e1d305db9150976c4861b19b614be0a5115f97"
 		logic_hash = "1715ef4e1914a50d8f4a0644ddfd7f9bb2b6f0ec0dfc77615dce4dd5fc943166"
@@ -163001,7 +163426,7 @@ rule RUSSIANPANDA_Jinxloader : FILE
 		date = "2024-01-02"
 		modified = "2024-01-02"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/JinxLoader/JinxLoader-1-2-2024.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/JinxLoader/JinxLoader-1-2-2024.yar#L1-L16"
 		license_url = "N/A"
 		hash = "6bd7ff5d764214f239af2bb58b368308c2d04f1147678c2f638f37a893995f71"
 		logic_hash = "13dee435fb4d40c629c0a30b6f655b87f14b10a6f6acf61d00e6c692c9bb0ff1"
@@ -163027,7 +163452,7 @@ rule RUSSIANPANDA_Prysmax_Stealer : FILE
 		date = "2024-01-09"
 		modified = "2024-01-10"
 		reference = "https://www.cyfirma.com/outofband/new-maas-prysmax-launches-fully-undetectable-infostealer/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Prysmax Stealer/prysmax_stealer.yar#L1-L21"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Prysmax Stealer/prysmax_stealer.yar#L1-L21"
 		license_url = "N/A"
 		logic_hash = "869eee7dd5209bdea98c248791b9ac911e3daabe6d440aa62aecefa43539a41c"
 		score = 75
@@ -163055,7 +163480,7 @@ rule RUSSIANPANDA_Bandit_Stealer : FILE
 		date = "2023-05-05"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/BanditStealer/bandit_stealer.yar#L3-L21"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/BanditStealer/bandit_stealer.yar#L3-L21"
 		license_url = "N/A"
 		logic_hash = "304bf05a58d5b762ffe078457739188692f4f7109db929418832c4379b21ae72"
 		score = 50
@@ -163078,7 +163503,7 @@ rule RUSSIANPANDA_Fakebat_Powershell
 		date = "2023-12-01"
 		modified = "2023-12-01"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/FakeBat/fakebat_powershell.yar#L1-L13"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/FakeBat/fakebat_powershell.yar#L1-L13"
 		license_url = "N/A"
 		logic_hash = "df6b30d97ac6c9b248fed0d901e8a0a6ad1d855483a5006b008b839d9961092a"
 		score = 75
@@ -163101,7 +163526,7 @@ rule RUSSIANPANDA_Mal_Asuka_Stealer : FILE
 		date = "2024-02-02"
 		modified = "2024-03-18"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AsukaStealer/mal_asuka_stealer.yar#L1-L12"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/AsukaStealer/mal_asuka_stealer.yar#L1-L12"
 		license_url = "N/A"
 		logic_hash = "7974e0de821ddcafd4f00b27d587108f0d80f8a231dd0db4d2be4fa6ab44fef4"
 		score = 75
@@ -163125,7 +163550,7 @@ rule RUSSIANPANDA_Atomic_Stealer : FILE
 		date = "2024-01-13"
 		modified = "2024-01-17"
 		reference = "https://www.bleepingcomputer.com/news/security/macos-info-stealers-quickly-evolve-to-evade-xprotect-detection/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AtomicStealer/Atomic_Stealer.yar#L1-L27"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/AtomicStealer/Atomic_Stealer.yar#L1-L27"
 		license_url = "N/A"
 		hash = "dd8aa38c7f06cb1c12a4d2c0927b6107"
 		logic_hash = "7601e508aeccba943b54e675212993920c984271f655e68c19efaf6d12cfebd5"
@@ -163154,7 +163579,7 @@ rule RUSSIANPANDA_Lummac2 : FILE
 		date = "2024-09-12"
 		modified = "2024-09-12"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/LummaC2/LummaC2.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/LummaC2/LummaC2.yar#L1-L14"
 		license_url = "N/A"
 		hash = "988f54f9694dd1ae701bacec3b83c752"
 		logic_hash = "875709f48ff93c8e986f3c1d2e32268bf3458d870082072e7727d8ec85b1a021"
@@ -163178,7 +163603,7 @@ rule RUSSIANPANDA_Mal_Nitrogen : FILE
 		date = "2024-02-04"
 		modified = "2024-02-04"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Nitrogen/mal_nitrogen.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Nitrogen/mal_nitrogen.yar#L1-L15"
 		license_url = "N/A"
 		logic_hash = "642d5a16c7fb217a297bba683221de474eb028ac48ec8f52be897eaa056acb9b"
 		score = 75
@@ -163206,7 +163631,7 @@ rule RUSSIANPANDA_Swaetrat
 		date = "2023-11-27"
 		modified = "2023-11-27"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SwaetRAT/swaetrat.yar#L3-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/SwaetRAT/swaetrat.yar#L3-L19"
 		license_url = "N/A"
 		logic_hash = "4dc1107a34d678c3fa0939fab7986fe744ac246400823d08b1ab6db0942821da"
 		score = 75
@@ -163231,7 +163656,7 @@ rule RUSSIANPANDA_Darkvnc : FILE
 		date = "2024-01-15"
 		modified = "2024-01-15"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/DarkVNC/darkvnc.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/DarkVNC/darkvnc.yar#L1-L15"
 		license_url = "N/A"
 		hash = "3c74dccd06605bcf527ffc27b3122959"
 		logic_hash = "1dd1246e0b22181706433f0cff9b231017e747d8faaa2db4cb9adefeab492ab7"
@@ -163257,7 +163682,7 @@ rule RUSSIANPANDA_Vidar_DLL_Embedded
 		date = "2023-05-02"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/VidarStealer/vidar_ver3.6_3.7_dll_embedded.yar#L1-L21"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/VidarStealer/vidar_ver3.6_3.7_dll_embedded.yar#L1-L21"
 		license_url = "N/A"
 		logic_hash = "98d23523c2ab196f670dc33164954fc69a1c1692fa870a476e25d7dd3cebace2"
 		score = 75
@@ -163286,7 +163711,7 @@ rule RUSSIANPANDA_Win_Mal_Rustydropper : FILE
 		date = "2024-03-01"
 		modified = "2024-03-01"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/RustyDropper/win_mal_RustyDropper.yar#L1-L12"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/RustyDropper/win_mal_RustyDropper.yar#L1-L12"
 		license_url = "N/A"
 		hash = "a3a5e7011335a2284e2d4f73fd464ff129f0c9276878a054c1932bc50608584b"
 		logic_hash = "d0c76bcd1af63cc1b1fbabc3fa33e6caafd7d9c7c3780a94a1ed37eadef655d7"
@@ -163310,7 +163735,7 @@ rule RUSSIANPANDA_Legionloader : FILE
 		date = "2024-10-05"
 		modified = "2024-12-30"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.satacom"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/LegionLoader/legionloader.yar#L1-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/LegionLoader/legionloader.yar#L1-L17"
 		license_url = "N/A"
 		hash = "3b630367b2942bd765f8a35bca47ea6b"
 		logic_hash = "c833b22a6e87f6289e723a51ac9eb02848a4868c73ca9f568f6450e53c41a657"
@@ -163335,7 +163760,7 @@ rule RUSSIANPANDA_Legionloader_Dropper : FILE
 		date = "2024-09-23"
 		modified = "2024-09-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.satacom"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/LegionLoader/LegionLoader_dropper.yar#L1-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/LegionLoader/LegionLoader_dropper.yar#L1-L17"
 		license_url = "N/A"
 		hash = "ef5b961ebc6167e728f9bf40e726ac71"
 		logic_hash = "0871a6a0ab2c405793e8a49e662ba41acdcc6c8afac315f290de2cc05abd39fa"
@@ -163360,7 +163785,7 @@ rule RUSSIANPANDA_Win_Ransom_Lockbit5 : FILE
 		date = "2025-09-15"
 		modified = "2025-09-15"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Ransomware/win_ransom_lockbit5.0.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/Ransomware/win_ransom_lockbit5.0.yar#L1-L15"
 		license_url = "N/A"
 		hash = "7ea5afbc166c4e23498aa9747be81ceaf8dad90b8daa07a6e4644dc7c2277b82"
 		logic_hash = "579944626f576ce9771b0a7de40a5766221acd5db1ef4257a45314a99714067d"
@@ -163385,7 +163810,7 @@ rule RUSSIANPANDA_Mal_Botnetfenix_Payload : FILE
 		date = "2024-02-02"
 		modified = "2024-02-04"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/FenixBotnet/mal_BotnetFenix_Payload.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/FenixBotnet/mal_BotnetFenix_Payload.yar#L1-L16"
 		license_url = "N/A"
 		hash = "65a9575c50a96d04a3f649fe0f6b8ccd"
 		logic_hash = "27f423b509ad8de0f8389c7b3e3bfec2eeb10c964aa8c70bad47cc4334df1a5e"
@@ -163413,7 +163838,7 @@ rule RUSSIANPANDA_Mal_Fenixbotnet_Jse
 		date = "2024-01-18"
 		modified = "2024-02-02"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/FenixBotnet/mal_FenixBotnet_jse.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/FenixBotnet/mal_FenixBotnet_jse.yar#L1-L14"
 		license_url = "N/A"
 		hash = "a7fadf0050d4d0b2cefd808e16dfde69"
 		logic_hash = "848c00361fba60e63e8ec4098404e87d4ba2b11d8489ad16d49c20fc653a5e45"
@@ -163440,7 +163865,7 @@ rule RUSSIANPANDA_Metastealer
 		date = "2023-11-16"
 		modified = "2023-12-30"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/MetaStealer/metastealer.yar#L2-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/MetaStealer/metastealer.yar#L2-L19"
 		license_url = "N/A"
 		logic_hash = "f78b376713daf82aa2e0cbd6bf45f33d25530449fa05673c8a7c6b4c0dddca79"
 		score = 75
@@ -163467,7 +163892,7 @@ rule RUSSIANPANDA_Metastealer_Core_Payload
 		date = "2023-12-29"
 		modified = "2023-12-29"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/MetaStealer/metastealer_core_payload_12-2023.yar#L2-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/MetaStealer/metastealer_core_payload_12-2023.yar#L2-L19"
 		license_url = "N/A"
 		logic_hash = "99a319023f2c1b714a70458bd33649d6cc343b500a409af12c2eb1ce38ba4241"
 		score = 75
@@ -163493,7 +163918,7 @@ rule RUSSIANPANDA_Metastealer_NET_Reactor_Packer : FILE
 		date = "2023-12-29"
 		modified = "2023-12-30"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/MetaStealer/metastealer_12-2023_packer.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/MetaStealer/metastealer_12-2023_packer.yar#L1-L16"
 		license_url = "N/A"
 		logic_hash = "1951d8b05f11b8a77a5bf792ad2b0ad95b8dede936ab5cd0699383468c3c97a8"
 		score = 75
@@ -163519,7 +163944,7 @@ rule RUSSIANPANDA_Purecrypter_Core : FILE
 		date = "2024-01-09"
 		modified = "2024-01-09"
 		reference = "https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/PureCrypter/purecrypter_core.yar#L3-L28"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/PureCrypter/purecrypter_core.yar#L3-L28"
 		license_url = "N/A"
 		hash = "e4faa7d7a098414449abffb210fd874798207ee9d27643c8088676ff429b56b7"
 		logic_hash = "8c761a98369436ffbe1379152461753778985a42ae656567018b47c71af7d866"
@@ -163550,7 +163975,7 @@ rule RUSSIANPANDA_Purecrypter : FILE
 		date = "2024-01-09"
 		modified = "2024-01-09"
 		reference = "https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/PureCrypter/purecrypter.yar#L3-L22"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/bf5ed3a626a4adbb6f53a2f5c369ba2e0e47adbf/PureCrypter/purecrypter.yar#L3-L22"
 		license_url = "N/A"
 		hash = "566d8749e166436792dfcbb5e5514f18c9afc0e1314833ac2e3d86f37ff2030f"
 		logic_hash = "dd8592fa0b7d240d23235008601500a20e068032f6dcd6e90a38b06ac747b8af"
@@ -163572,7 +163997,7 @@ rule RUSSIANPANDA_Purecrypter : FILE
  * YARA Rule Set
  * Repository Name: Check Point
  * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
  * Number of Rules: 4
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -163786,7 +164211,7 @@ rule CHECK_POINT_Injector_ZZ_Dotrunpex_Oldnew : FILE
  * YARA Rule Set
  * Repository Name: Dragon Threat Labs
  * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
  * Number of Rules: 7
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -163977,7 +164402,7 @@ rule DRAGON_THREAT_LABS_Apt_Win_Mocelpa
  * YARA Rule Set
  * Repository Name: Microsoft
  * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
  * Number of Rules: 21
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -164580,7 +165005,7 @@ rule MICROSOFT_Devilstongue_Hijackdll : FILE
  * YARA Rule Set
  * Repository Name: NCSC
  * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
  * Number of Rules: 17
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -165050,7 +165475,7 @@ rule NCSC_Sparrowdoor_Sleep_Routine
  * YARA Rule Set
  * Repository Name: Dr4k0nia
  * Repository: https://github.com/dr4k0nia/yara-rules
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 4b10f9b79a4cfb3ec9cb5675f32cc7ee6885fbd8
  * Number of Rules: 5
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -165228,7 +165653,7 @@ rule DR4K0NIA_MAL_MSIL_NET_Typhonlogger_Jul23 : FILE
  * YARA Rule Set
  * Repository Name: EmbeeResearch
  * Repository: https://github.com/embee-research/Yara-detection-rules/
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: ac56d6f6fd2a30c8cb6e5c0455d6519210a8b0f4
  * Number of Rules: 39
  * Skipped: 0 (age), 8 (quality), 0 (score), 0 (importance)
@@ -166309,7 +166734,7 @@ rule EMBEERESEARCH_Win_Havoc_Djb2_Hashing_Routine_Oct_2022 : FILE
  * YARA Rule Set
  * Repository Name: AvastTI
  * Repository: https://github.com/avast/ioc
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: e385a6358edfd0d107b3bb53b384aa2926af22e1
  * Number of Rules: 33
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -167172,7 +167597,7 @@ rule AVASTTI_Cobaltstrike_Beacon_Xored_X64
  * YARA Rule Set
  * Repository Name: SBousseaden
  * Repository: https://github.com/sbousseaden/YaraHunts/
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 71b27a2a7c57c2aa1877a11d8933167794e2b4fb
  * Number of Rules: 37
  * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -167650,8 +168075,8 @@ rule SBOUSSEADEN_Adsync_Creddump_Wide
 		source_url = "https://github.com/sbousseaden/YaraHunts//blob/71b27a2a7c57c2aa1877a11d8933167794e2b4fb/hunt_capab_credentials_access.yara#L45-L67"
 		license_url = "N/A"
 		logic_hash = "e8b0ff1fa9117a98799239d37c5a0ae8be25c2c2519c4fc2a1d7f085a9ebe2e1"
-		score = 75
-		quality = 75
+		score = 60
+		quality = 45
 		tags = ""
 
 	strings:
@@ -168278,7 +168703,7 @@ rule SBOUSSEADEN_Hunt_Susp_Vhd : FILE
  * YARA Rule Set
  * Repository Name: Elceef
  * Repository: https://github.com/elceef/yara-rulz
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 791721372091836f5bf477d7f21114f45a310052
  * Number of Rules: 19
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -168753,7 +169178,7 @@ rule ELCEEF_OLE2_Autoopen_Reversed_Payload : FILE
 		license_url = "https://github.com/elceef/yara-rulz/blob/791721372091836f5bf477d7f21114f45a310052/LICENSE"
 		logic_hash = "425750e77d31ddc356f803ee6e2f192f93f64534a9633fef02da5caaa60dbcaf"
 		score = 65
-		quality = 42
+		quality = 67
 		tags = "FILE"
 
 	strings:
@@ -168810,7 +169235,7 @@ rule ELCEEF_Outlook_CVE_2023_23397_Exploit : FILE
 		license_url = "https://github.com/elceef/yara-rulz/blob/791721372091836f5bf477d7f21114f45a310052/LICENSE"
 		logic_hash = "695721ec276415c6a6a0f4ce6378ff2d11c15d28271f587966bc3d9d8c06f63a"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 		hash1 = "52dbaf64ce1a5cd1db9a9d385f8204e5f665ca53a3d904033bf1a10369490646"
 		hash2 = "582442ee950d546744f2fa078adb005853a453e9c7f48c6c770e6322a888c2cf"
@@ -168832,7 +169257,7 @@ rule ELCEEF_Outlook_CVE_2023_23397_Exploit : FILE
  * YARA Rule Set
  * Repository Name: GodModeRules
  * Repository: https://github.com/Neo23x0/god-mode-rules/
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 436dc682164cf17a123d6b09d1424e7e2acf0c25
  * Number of Rules: 1
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -169103,7 +169528,7 @@ rule GODMODERULES_IDDQD_God_Mode_Rule
  * YARA Rule Set
  * Repository Name: Cod3nym
  * Repository: https://github.com/cod3nym/detection-rules/
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 5939dadd34ebd3c111f97ba0bc0085b639e142a5
  * Number of Rules: 13
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -169560,7 +169985,7 @@ rule COD3NYM_MAL_NET_Niximports_Loader_Jan24 : FILE
  * YARA Rule Set
  * Repository Name: craiu
  * Repository: https://github.com/craiu/yararules
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 23cf0ca22021fa3684e180a18416b9ae1b695243
  * Number of Rules: 13
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -170725,10 +171150,10 @@ rule CRAIU_Crime_Noabot : FILE
  * YARA Rule Set
  * Repository Name: DitekSHen
  * Repository: https://github.com/ditekshen/detection
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: e76c93dcdedff04076380ffc60ea54e45b313635
- * Number of Rules: 1436
- * Skipped: 0 (age), 117 (quality), 0 (score), 0 (importance)
+ * Number of Rules: 1440
+ * Skipped: 0 (age), 113 (quality), 0 (score), 0 (importance)
  *
  *
  * LICENSE
@@ -171201,6 +171626,35 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWSH_Asciiencoding_Pattern : FILE
 	condition:
 		1 of ( $enc* ) and 4 of ( $s* ) and filesize < 2500KB
 }
+rule DITEKSHEN_INDICATOR_SUSPICIOUS_JS_Hex_B64Encoded_EXE : FILE
+{
+	meta:
+		description = "Detects JavaScript files hex and base64 encoded executables"
+		author = "ditekSHen"
+		id = "37516c6b-0a77-5a20-a36f-5f8309b37362"
+		date = "2024-06-08"
+		modified = "2024-06-08"
+		reference = "https://github.com/ditekshen/detection"
+		source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/indicator_suspicious.yar#L726-L740"
+		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+		logic_hash = "60185e6ec96875085ffb7a6bf6eb8643368bbce42b89290ab987eb32c1e153bd"
+		score = 40
+		quality = 20
+		tags = "FILE"
+		importance = 20
+
+	strings:
+		$s1 = ".SaveToFile" ascii
+		$s2 = ".Run" ascii
+		$s3 = "ActiveXObject" ascii
+		$s4 = "fromCharCode" ascii
+		$s5 = "\\x66\\x72\\x6F\\x6D\\x43\\x68\\x61\\x72\\x43\\x6F\\x64\\x65" ascii
+		$binary = "\\x54\\x56\\x71\\x51\\x41\\x41" ascii
+		$pattern = /[\s\{\(\[=]_0x[0-9a-z]{3,6}/ ascii
+
+	condition:
+		$binary and $pattern and 2 of ( $s* ) and filesize < 2500KB
+}
 rule DITEKSHEN_INDICATOR_SUSPICIOUS_WMIC_Downloader : FILE
 {
 	meta:
@@ -171499,7 +171953,7 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Finger_Download_Pattern
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "04cbb1abc4c3d2990bae798ece052eb8aa1b5104b5712e98aeb80731316b9c57"
 		score = 40
-		quality = 20
+		quality = 45
 		tags = ""
 		importance = 20
 
@@ -173072,8 +173526,8 @@ rule DITEKSHEN_INDICATOR_RTF_EXPLOIT_CVE_2017_8759_2 : CVE_2017_8759 FILE
 		source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/indicator_office.yar#L240-L268"
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "15c9a5cfce5d1a797bab049352d8506b8bc112cabe2f510019f5d203690419e8"
-		score = 75
-		quality = 75
+		score = 40
+		quality = 25
 		tags = "CVE-2017-8759, FILE"
 
 	strings:
@@ -173416,7 +173870,7 @@ rule DITEKSHEN_INDICATOR_RTF_Threadkit_Exploit_Builder_Document : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "f2308ac6ae5345e0c783871dd6b471397ec83ba7194db5cc74c8984d84c2c0c2"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -173592,8 +174046,8 @@ rule DITEKSHEN_INDICATOR_OLE_Suspicious_MITRE_T1117 : T1117 FILE
 		source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/indicator_office.yar#L678-L689"
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "f0d97f4de8bde18299ee0caee680a15070a1faa99fc318d144a7b7918c8cbb1f"
-		score = 65
-		quality = 75
+		score = 50
+		quality = 45
 		tags = "T1117, FILE"
 
 	strings:
@@ -173762,8 +174216,8 @@ rule DITEKSHEN_INDICATOR_OLE_Excel4Macros_DL2 : FILE
 		source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/indicator_office.yar#L791-L812"
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "48ab27a2f81934f6f2f034ebcd40fc083b0d90850d12a951f03dab3a4c396ec6"
-		score = 75
-		quality = 75
+		score = 50
+		quality = 45
 		tags = "FILE"
 
 	strings:
@@ -174197,7 +174651,7 @@ rule DITEKSHEN_INDICATOR_TOOL_PWS_Mimikatz : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "42c9c78c88bb7c427d5f0bf1d3b0113205780142b499eb17858037ded0f2971e"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -174325,7 +174779,7 @@ rule DITEKSHEN_INDICATOR_TOOL_Avbypass_Aviator : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "1fb497eec2b0cd4051b5ddd53463f1da511c0a7b72d54a0bc68736a99fdc6143"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -174504,7 +174958,7 @@ rule DITEKSHEN_INDICATOR_TOOL_EXP_Eternalblue : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "63e56637118accb8c32c20e52465c027df2dbf83b3b663d316b453ce879572c8"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -175707,7 +176161,7 @@ rule DITEKSHEN_INDICATOR_TOOL_EXP_Petitpotam01 : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "37a9477b41560904e8874ecaf93eb2667b9450b5d42665677abc1442538f9000"
 		score = 75
-		quality = 50
+		quality = 25
 		tags = "FILE"
 
 	strings:
@@ -175946,7 +176400,7 @@ rule DITEKSHEN_INDICATOR_TOOL_ENUM_Sharpshares : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "8b35d6a692814e1b27ffc1db4ab124bf621c156aaf57f24796c422ec95a85715"
 		score = 75
-		quality = 25
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -176115,7 +176569,7 @@ rule DITEKSHEN_INDICATOR_TOOL_Extpassword : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "525530cb7e9f44be0408fd710306f90056b1b6b9a9e4779d8c1eb1ddef443fb0"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -176202,7 +176656,7 @@ rule DITEKSHEN_INDICATOR_TOOL_Atlasreaper : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "4a0436d5c3f1609d23b2b919bebdc56a7fd63e81b99e72dcda1022487cb88240"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -176777,7 +177231,7 @@ rule DITEKSHEN_INDICATOR_TOOL_Sharpghosttask : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "3de8d9fe7804e208ff556b6bedbd80eebfda1a730626403418a555ad9fbbb820"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -191124,7 +191578,7 @@ rule DITEKSHEN_INDICATOR_RMM_Connectwise_Screenconnect : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "43003f97c33c631a2806ce2b82b2367d2452ceb21b0267b5dfe78b350b66924a"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav1 = "INDICATOR.Win.RMM.ConnectWise-ScreenConnect"
 
@@ -191472,7 +191926,7 @@ rule DITEKSHEN_INDICATOR_RMM_Atera : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "dbc37a941b38d36ea9bc31880c3cba6cd2b88b534583e86741f7686fcb410235"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav1 = "INDICATOR.Win.RMM.Atera"
 
@@ -191653,7 +192107,7 @@ rule DITEKSHEN_INDICATOR_RMM_Dwagentsvc : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "590d41d2e433a7a1bb373fbd0b0d47818a9867bee0399101881b05e83b586f6e"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav1 = "INDICATOR.Win.RMM.DWAgent-SVC"
 
@@ -193532,7 +193986,7 @@ rule DITEKSHEN_MALWARE_Win_Obliquerat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "0b8bbf031364b828a972c52e1a8985ff65601ca7413e6e7ae3a5be981f086b9e"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -193780,7 +194234,7 @@ rule DITEKSHEN_MALWARE_Linux_Hiddenwasp : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "a2aad022de41ba2633fc92a7dc5a5fa2efde9da2211cfc01fb2999e33365d6c9"
 		score = 75
-		quality = 46
+		quality = 71
 		tags = "FILE"
 		clamav_sig1 = "MALWARE_Linux.Trojan.HiddenWasp-ELF"
 		clamav_sig2 = "MALWARE_Linux.Trojan.HiddenWasp-Script"
@@ -194180,7 +194634,7 @@ rule DITEKSHEN_MALWARE_Win_Robbinhood : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "f1c4226ed5cb1583418d5ef0efc2c2b5bc3cfe7f148f359c5d432fd660331a46"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav_sig = "MALWARE.Win.Ransomware.Robbinhood"
 
@@ -194758,7 +195212,7 @@ rule DITEKSHEN_MALWARE_DOC_Koadicdoc : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "9f0538e1faee737a08d403a7f321ce45bdc70b390accfe378ba0d26292509fd7"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -194786,7 +195240,7 @@ rule DITEKSHEN_MALWARE_BAT_Koadicbat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "1ee6c0189a5111c61af1dbe571524427bff95a7e3907f97ce51d272a8f701cf5"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -194844,7 +195298,7 @@ rule DITEKSHEN_MALWARE_Win_NETEAGLE : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "148de0ca332d3885d94eae8d15eb4aaa2bc4950c691c0e8817c816b7d4c55510"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -194937,7 +195391,7 @@ rule DITEKSHEN_MALWARE_Win_Pillowmint : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "ed2597fce1c56d2e110790e0eb89834b1bb9f6f52d39105157c9ffe2ede6cc7a"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -195279,7 +195733,7 @@ rule DITEKSHEN_MALWARE_Win_Taurus : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "6039c27e69b47dfcc1327c34306627d2d9bd57f6bd365bb80b47ad21f892ae8a"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -195358,7 +195812,7 @@ rule DITEKSHEN_MALWARE_Win_Slothfulmedia : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "6f742e8d9d555b44daaa09835f599c99e16cd39bb106c8f43fbbca7093de462e"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -195468,7 +195922,7 @@ rule DITEKSHEN_MALWARE_Win_Osno : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "3df59c306017001467a5f237db2ab37d97c34116558e18420a6a1f01f08f520f"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -195639,7 +196093,7 @@ rule DITEKSHEN_MALWARE_Win_Cryptbot : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "6322b8b1ad210fac4475c194e060046538d4174f69a7c0e3618646d262cd33bd"
 		score = 75
-		quality = 44
+		quality = 69
 		tags = "FILE"
 		snort2_sid = "920110"
 		snort3_sid = "920108"
@@ -195809,7 +196263,7 @@ rule DITEKSHEN_MALWARE_Win_Cobaltstrike : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "43513aef0ed715f0c214d7a14e465350f9c1bcadf87535e1c12561e976398bb3"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -195968,7 +196422,7 @@ rule DITEKSHEN_MALWARE_Win_Cratpluginkeylogger : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "58ef1f7466fcc871be2e74aa447c76970fd90c9d9d345a896fb8e6335114d189"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav_sig = "MALWARE.Win.Trojan.CRAT"
 
@@ -195998,7 +196452,7 @@ rule DITEKSHEN_MALWARE_Win_Cratpluginclipboardmonitor : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c3e692a06388e143a8e1053e75a6eb6a82da5bdf26d38e3a0e339bc20d8312a1"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -196027,7 +196481,7 @@ rule DITEKSHEN_MALWARE_Win_Cratpluginscreencapture : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "7b4378ae883d01338fabe2eb50a5509b722c661e63afc287afa07b263a0ebc42"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -196060,7 +196514,7 @@ rule DITEKSHEN_MALWARE_Win_Cratpluginransomhansom : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "b22f6d22630f311241634513eb051df2b36af84a938c1ae1f5284e5a5d7d3077"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -196332,7 +196786,7 @@ rule DITEKSHEN_MALWARE_Win_Snakekeylogger : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "7d787026b290c3c6a43c7de83233f22980733e7401260ff2f763e6f1b534ecba"
 		score = 75
-		quality = 42
+		quality = 67
 		tags = "FILE"
 		clamav_sig = "MALWARE.Win.Trojan.SnakeKeylogger"
 
@@ -197516,7 +197970,7 @@ rule DITEKSHEN_MALWARE_Osx_Genieo : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "951dc8539435a52d9eea00b3fdaf98cf618c03867066819f2f9244165e57c675"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav_sig = "MALWARE.Osx.Trojan.Genieo"
 
@@ -198062,7 +198516,7 @@ rule DITEKSHEN_MALWARE_Win_Bobik : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "735dcb9e04956863305ca89a43686b8e48e3b20784ae9292cfc40d1c2c09d467"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav_sig = "MALWARE.Win.Trojan.Bobik"
 
@@ -198589,7 +199043,7 @@ rule DITEKSHEN_MALWARE_Win_Trickbotmodule : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "4d06653dad5f8a18598855212548364b3c3d2b68b99784846b494fcb1d1c8df9"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -198634,6 +199088,33 @@ rule DITEKSHEN_MALWARE_Win_Gaudox : FILE
 	condition:
 		uint16( 0 ) == 0x5a4d and all of them
 }
+rule DITEKSHEN_MALWARE_Win_Phobos : FILE
+{
+	meta:
+		description = "Detects Phobos ransomware"
+		author = "ditekshen"
+		id = "7bf659ef-f2a1-5ee2-a334-c233e26a2526"
+		date = "2024-11-01"
+		modified = "2024-11-01"
+		reference = "https://github.com/ditekshen/detection"
+		source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L3895-L3908"
+		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+		logic_hash = "bbf8eef0863e9d6423b3b0f938561b2be486b92b4f59b5d0b67f52dba536a582"
+		score = 75
+		quality = 25
+		tags = "FILE"
+
+	strings:
+		$x1 = "\\\\?\\UNC\\\\\\e-" fullword wide
+		$x2 = "\\\\?\\ :" fullword wide
+		$x3 = "POST" fullword wide
+		$s1 = "ELVL" fullword wide
+		$s2 = /SUP\d{3}/ fullword wide
+		$s3 = { 41 31 47 ?? 41 2b }
+
+	condition:
+		uint16( 0 ) == 0x5a4d and all of ( $x* ) and 1 of ( $s* )
+}
 rule DITEKSHEN_MALWARE_Win_Ratty : FILE
 {
 	meta:
@@ -198848,6 +199329,45 @@ rule DITEKSHEN_MALWARE_Win_WSHRATJS : FILE
 	condition:
 		filesize < 400KB and ( $charset_full or ( $charset_begin and $charset_end ) ) and 2 of ( $wsc_object* ) and 3 of ( $s* )
 }
+rule DITEKSHEN_MALWARE_Win_Asyncrat : FILE
+{
+	meta:
+		description = "Detects AsyncRAT"
+		author = "ditekSHen"
+		id = "6465b50d-8f1a-5c09-84fd-cd1e5994e68f"
+		date = "2024-11-01"
+		modified = "2024-11-01"
+		reference = "https://github.com/ditekshen/detection"
+		source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L4047-L4074"
+		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+		logic_hash = "073d4a8667fb1a48bf2bd503a551d7f78e38a6066feedc646d92c27fb7201fca"
+		score = 60
+		quality = 35
+		tags = "FILE"
+
+	strings:
+		$x1 = "AsyncRAT" fullword ascii
+		$x2 = "AsyncRAT 0." wide
+		$x3 = /AsyncRAT\s[0-9]\.[0-9]\.[0-9][A-Z]/ fullword wide
+		$s1 = "/create /sc onlogon /rl highest /tn" fullword wide
+		$s2 = "/C choice /C Y /N /D Y /T 1 & Del \"" fullword wide
+		$s3 = "{{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }}" fullword wide
+		$s4 = "Stub.exe" fullword ascii wide
+		$s5 = "\\nuR\\noisreVtnerruC\\swodniW\\tfosorciM\\erawtfoS\\UCKH" ascii wide
+		$s6 = "VirtualBox" fullword ascii wide
+		$s7 = "/target:winexe /platform:x86 /optimize+" fullword ascii wide
+		$s8 = "Win32_ComputerSystem" ascii wide
+		$s9 = "Win32_Process Where ParentProcessID=" ascii wide
+		$s10 = "etirWgeR.llehShsW" ascii wide
+		$s11 = "usbSpread" fullword ascii wide
+		$cnc1 = "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0" fullword ascii wide
+		$cnc2 = "Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1" fullword ascii wide
+		$cnc3 = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" fullword ascii wide
+		$cnc4 = "POST / HTTP/1.1" fullword ascii wide
+
+	condition:
+		(( uint16( 0 ) == 0x5a4d and filesize < 4000KB ) and ( 1 of ( $x* ) or 6 of ( $s* ) or all of ( $cnc* ) or ( 4 of ( $s* ) and 2 of ( $cnc* ) ) ) ) or ( 1 of ( $x* ) or 6 of ( $s* ) or all of ( $cnc* ) or ( 4 of ( $s* ) and 2 of ( $cnc* ) ) )
+}
 rule DITEKSHEN_MALWARE_Win_Quilclipper
 {
 	meta:
@@ -198996,7 +199516,7 @@ rule DITEKSHEN_MALWARE_Win_Corebot : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "518209458fc8912d47b0b99896178fda823c3174c37f21d5e9331349a69322d7"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 		snort_sid = "920211-920212"
 
@@ -199750,7 +200270,7 @@ rule DITEKSHEN_MALWARE_Win_EXEPWSH_Dlagent : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "6380359db1ac775cea3ebb93f7cf22a92d2f2e634c6aa724e2814c10d4ed42f5"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -200117,7 +200637,7 @@ rule DITEKSHEN_MALWARE_Win_Maktub : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "5c11d04fc3088eb8a0132b9ed83748ddb7e1bbe9d03b9e884d4003181cbb6d69"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -200633,7 +201153,7 @@ rule DITEKSHEN_MALWARE_Win_Njrat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "92d535a7c7f361b7a0901d0b99427ebc82a69577bfea73c04a7f9d51d2054b36"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -200788,7 +201308,7 @@ rule DITEKSHEN_MALWARE_Win_Karkoff : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "e9b6ba5be2b3cd0faa898347e57cee5a57b80b19842c3a1ddb42d620307c8b39"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -200971,7 +201491,7 @@ rule DITEKSHEN_MALWARE_Win_Ranumbot : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "a9c32445e62d072e4184d25497696ef6225edb176dc7a9743a54194d4ddb4b0c"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -201580,7 +202100,7 @@ rule DITEKSHEN_MALWARE_Win_Buterat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c3d93e8dc1bde8e77c11586c8d8b67d137ef2c4791e12269f1af310fbe14832b"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -201698,7 +202218,7 @@ rule DITEKSHEN_MALWARE_Win_Browsergrabber : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c96a63566280758d8c32542bfab3c6faa7d21329430345f51ea4c2f0a6809dc2"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -202080,7 +202600,7 @@ rule DITEKSHEN_MALWARE_Win_Wingo : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "423b1631ad625fd46a9d10f0ecdf24931cf62a2c1694da3ebdd38daad0a4f724"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -202194,7 +202714,7 @@ rule DITEKSHEN_MALWARE_Win_Gelsevirine : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "60d41d6d789f1cd2a7040d6535f13c69ea58a489035838f047b886e8f1f37f63"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -202402,7 +202922,7 @@ rule DITEKSHEN_MALWARE_Win_Markirat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "17b8bcfe8d2b4c87ff8e0bddb436e18029a3b28a5ad3994fe9bef359588d9cad"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -202687,7 +203207,7 @@ rule DITEKSHEN_MALWARE_Win_Mercurial : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "400f8f717a4e07bf4de508c02bbcd9e82bf21f3df84c989fc622378f33e192f0"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -202872,7 +203392,7 @@ rule DITEKSHEN_MALWARE_Win_RSJON : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "abfea2955bf0d0b0511ea820582cc15fbcfc38dbed71fb2a0050cd98a9311cda"
 		score = 75
-		quality = 23
+		quality = 48
 		tags = "FILE"
 
 	strings:
@@ -203755,7 +204275,7 @@ rule DITEKSHEN_MALWARE_Win_Bluebot : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "04a19f649eb2fff7a5bc59ccead80cd0a04c4e5418cbc83e850045dba75b03e0"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -203861,7 +204381,7 @@ rule DITEKSHEN_MALWARE_Win_MB150 : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "a07535fc53912ddde6a0bed187c21ecdb2701d317d7de0cbdd2db37071bc9a21"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -203888,6 +204408,49 @@ rule DITEKSHEN_MALWARE_Win_MB150 : FILE
 	condition:
 		uint16( 0 ) == 0x5a4d and ( 4 of ( $x* ) or ( $go and 4 of ( $s* ) ) or ( 1 of ( $mac* ) and ( 2 of ( $x* ) or 3 of ( $s* ) ) ) )
 }
+rule DITEKSHEN_MALWARE_Win_Chaos : FILE
+{
+	meta:
+		description = "Detects Chaos ransomware"
+		author = "ditekSHen"
+		id = "59d43cfb-72d8-5c17-87bf-f1f364d23bed"
+		date = "2024-11-01"
+		modified = "2024-11-01"
+		reference = "https://github.com/ditekshen/detection"
+		source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L7404-L7433"
+		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+		logic_hash = "6203ab09745db817b9e909d70cf1d5be9769c414461ee5f7bb344b6959986537"
+		score = 75
+		quality = 44
+		tags = "FILE"
+
+	strings:
+		$s1 = "<EncyptedKey>" fullword wide
+		$s2 = "<EncryptedKey>" fullword wide
+		$s3 = "C:\\Users\\" fullword wide
+		$s4 = "read_it.txt" fullword wide
+		$s5 = "#base64Image" fullword wide
+		$s6 = "(?:[13]{1}[a-km-zA-HJ-NP-Z1-9]{26,33}|bc1[a-z0-9]{39,59})" fullword wide
+		$s7 = /check(Spread|Sleep|AdminPrivilage|deleteShadowCopies|disableRecoveryMode|deleteBackupCatalog)/ fullword ascii nocase
+		$s8 = /(delete|disable)(ShadowCopies|RecoveryMode|BackupCatalog)/ fullword ascii nocase
+		$s9 = "spreadName" fullword ascii
+		$s10 = "processName" fullword ascii
+		$s11 = "sleepOutOfTempFolder" fullword ascii
+		$s12 = "AlreadyRunning" fullword ascii
+		$s13 = "random_bytes" fullword ascii
+		$s14 = "encryptDirectory" fullword ascii nocase
+		$s15 = "EncryptFile" fullword ascii nocase
+		$s16 = "intpreclp" fullword ascii
+		$s17 = "bytesToBeEncrypted" fullword ascii
+		$s18 = "textToEncrypt" fullword ascii
+		$m1 = "Chaos is" wide
+		$m2 = "Payment informationAmount:" wide
+		$m3 = "Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.com" wide
+		$m4 = "where do I get Bitcoin" wide
+
+	condition:
+		uint16( 0 ) == 0x5a4d and 6 of ( $s* ) or all of ( $m* ) or ( 2 of ( $m* ) and 4 of ( $s* ) )
+}
 rule DITEKSHEN_MALWARE_Win_Horuseyesrat : FILE
 {
 	meta:
@@ -203901,7 +204464,7 @@ rule DITEKSHEN_MALWARE_Win_Horuseyesrat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c0f499e3a17923b391ed6b7fa723525a9d4aef0ce04a2c7abec60d5eda15888f"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -205546,7 +206109,7 @@ rule DITEKSHEN_MALWARE_Win_Rapid : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c3f1bffeb402951da8bcccc899b2cdeb3c218b342d8338c750b9ff275537b4b5"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -205613,7 +206176,7 @@ rule DITEKSHEN_MALWARE_Win_Virlock : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "8d516a0d771d7134c0f917f010b3973ed53b4ee7e4a2cf0bb5daecf9867b0081"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -205714,7 +206277,7 @@ rule DITEKSHEN_MALWARE_Win_Kdcsponge : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c891db94df9cde9eaa6096ad68d96c7b85a9c03e255ce43ccb8543a016bd3853"
 		score = 75
-		quality = 40
+		quality = 65
 		tags = "FILE"
 		hash1 = "e391c2d3e8e4860e061f69b894cf2b1ba578a3e91de610410e7e9fa87c07304c"
 
@@ -205959,7 +206522,7 @@ rule DITEKSHEN_MALWARE_Win_Onlylogger : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "1b39a4d2a6d3a2633cfa98adc1dfe99d10d2493fd06c9f875c56ec7689b7a561"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -206188,7 +206751,7 @@ rule DITEKSHEN_MALWARE_Win_Chebka : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "cc8123a5d20fac51d4dfc225e743539456efb4d649060d078c3ed93e7724da01"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -206309,7 +206872,7 @@ rule DITEKSHEN_MALWARE_Win_Garrantdecrypt : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "84b139e51f0ef0389c641d62409d702b0ae7ec6ecd2fa54baf2cf0c0078a8f5a"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -206444,7 +207007,7 @@ rule DITEKSHEN_MALWARE_Win_Lokilocker : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "bf78f5e8f40c1a19f6b078a85854e95d5ef1f321393a831edda17b0d65515da7"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -206546,7 +207109,7 @@ rule DITEKSHEN_MALWARE_Win_Lorenz : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "e9fc9d405b955c379ae40b1804d43b19999f6ea264fc645c897080fb020e8ae8"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -206754,7 +207317,7 @@ rule DITEKSHEN_MALWARE_Win_Jesterstealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c84df5d3ad2bc7a75a11c07995cc034c2a92b2f6f6f6943288add9c44c57bf6d"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -206961,7 +207524,7 @@ rule DITEKSHEN_MALWARE_Win_Bandit : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "e557f5a928b5da90f3ec878d6d8615a2d8b5f33e97954cd3278044f76b543386"
 		score = 75
-		quality = 32
+		quality = 57
 		tags = "FILE"
 
 	strings:
@@ -207202,7 +207765,7 @@ rule DITEKSHEN_MALWARE_Win_Darkeye : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "5496dcbfe075a4030a446027765186e9dd1931561a29a481139281e1708ce87d"
 		score = 75
-		quality = 75
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -207329,7 +207892,7 @@ rule DITEKSHEN_MALWARE_Win_Lummastealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "74014c5bcc85977b90faed93b348c34e47ee033b06c2f145348ca9c54c27bda5"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 		clamav1 = "MALWARE.Win.Trojan.LummaStealer"
 
@@ -207461,7 +208024,7 @@ rule DITEKSHEN_MALWARE_Win_Arrowrat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "13e6d4fd274f75c50aa4110276812d02885c03cfc269dde480db66955e5f703a"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -207593,7 +208156,7 @@ rule DITEKSHEN_MALWARE_Win_Stealerium : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "a2834e7fe26ad0197a9e490ab517029ceed2e09506fcc37e6ddf0c1804fa6cb9"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -207796,7 +208359,7 @@ rule DITEKSHEN_MALWARE_Win_Akira : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "73dd0a1b21be8ff7362536f6b6255cd19510632782effd67a56d7656bebf04ff"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -207887,7 +208450,7 @@ rule DITEKSHEN_MALWARE_Win_Romcom_Worker : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "488db046458585882a4709438042b57e02d7dbc06483fdfdfc463a64ee8db203"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -208001,7 +208564,7 @@ rule DITEKSHEN_MALWARE_Win_Arcrypt : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "cc9fa68d093fdf9745a06beb28e29108cb2ba846122ce097ad892213b1edba25"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -208041,7 +208604,7 @@ rule DITEKSHEN_MALWARE_Win_Rootteamstealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "d1693865253067527d58c980653d550b55d022d5a394b88090a958e5d5818143"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -208125,7 +208688,7 @@ rule DITEKSHEN_MALWARE_Win_Blitzgrabber : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "8baceacf3c2af61e00b31e8106820b6f1ce2e7a9d98eaed965e698109ae08314"
 		score = 75
-		quality = 46
+		quality = 71
 		tags = "FILE"
 
 	strings:
@@ -208276,7 +208839,7 @@ rule DITEKSHEN_MALWARE_Win_Phemedronestealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "74e150cc971f5648f9e3f6146afba162b1a29cf2744c862b2320db52c2efa930"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -208311,7 +208874,7 @@ rule DITEKSHEN_MALWARE_Win_WSHRAT : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "297bfe65815637a464e2a8fc23570c6e79694ffe0467d5898b7c845f1450de95"
 		score = 75
-		quality = 73
+		quality = 48
 		tags = "FILE"
 
 	strings:
@@ -208521,7 +209084,7 @@ rule DITEKSHEN_MALWRE_Win_Darkgate : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "805a04bbb3915d539e76927393384a2786c25490e8b9fc151d5b12415247578b"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -208849,7 +209412,7 @@ rule DITEKSHEN_MALWARE_Win_Toxiceye : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "ee01c107dd295b923801c0d1a77b1534d3a5f2abf8d2cfa93c6786a1b0553504"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -209035,7 +209598,7 @@ rule DITEKSHEN_MALWARE_Win_Agnianestealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "0031fbe6d76868819cbcfc638433d60a50e8f5cfd14ff25af88ed3dffefd7d62"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		snort = "923828001"
 		clamav = "ditekSHen.MALWARE.Win.AgnianeStealer"
@@ -209273,7 +209836,7 @@ rule DITEKSHEN_MALWARE_Win_Risepro : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "f6f1832f316df51ca108a3c75034bd53c3823cd3d9b16da120e12e252dbf90ff"
 		score = 75
-		quality = 46
+		quality = 71
 		tags = "FILE"
 
 	strings:
@@ -209439,7 +210002,7 @@ rule DITEKSHEN_MALWARE_Win_Simda : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "3f06e86033e8f9534f9904a2a63c4717a9532eb235f6f4405ef1db7d9b93f036"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -209495,7 +210058,7 @@ rule DITEKSHEN_MALWARE_Win_Umbralstealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "1686e4626e4d6335f028d6cb6471c32dac747a77fc95d97b4c9dfd043ba975e9"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -209596,7 +210159,7 @@ rule DITEKSHEN_MALWARE_Win_Blackhunt : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "62e9bc505eff3e19ff0cdaf180e45e6d7917f0bec7cd9b007bee9fe1d9d09b66"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -209865,7 +210428,7 @@ rule DITEKSHEN_MALWARE_Win_Lighthand : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "4f06467a522b786045839e6b22b888cecc554b0f63cc20dc43dc0f8ec80f5654"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -209968,7 +210531,7 @@ rule DITEKSHEN_MALWARE_Win_Ktlvdoor : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "3ced9b558c7e17acd015cd2c9dd0c5d024bf9c31c7f2e7c9b7b937124109cf8b"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -210130,7 +210693,7 @@ rule DITEKSHEN_MALWARE_Win_Cicada3301 : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "b8b7596bc8ae01b89742e17bd3dbfcc1e2fad486cc6ea19c8de813fc677509f4"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav1 = "MALWARE.Win.Ransomware.Cicada3301"
 
@@ -210269,7 +210832,7 @@ rule DITEKSHEN_MALWARE_Win_Babylockerkz : FILE
  * YARA Rule Set
  * Repository Name: WithSecureLabs
  * Repository: https://github.com/WithSecureLabs/iocs
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: d17db32370fd4503050d9d6bc191ed66720cd156
  * Number of Rules: 5
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -210521,7 +211084,7 @@ rule WITHSECURELABS_SILKLOADER
  * YARA Rule Set
  * Repository Name: HarfangLab
  * Repository: https://github.com/HarfangLab/iocs
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 1770ec1114cc8c83eea7d0ab8f9f29c267b11a2d
  * Number of Rules: 35
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -211513,7 +212076,7 @@ rule HARFANGLAB_Apt31_Rawdoor_Payload : FILE
 		hash = "fade96ec359474962f2167744ca8c55ab4e6d0700faa142b3d95ec3f4765023b"
 		logic_hash = "51bd04603419d5bc77f12618df986f6b31ea8ddea553c6bc7580698fa236b3ed"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "FILE"
 		context = "file"
 
@@ -211588,7 +212151,7 @@ rule HARFANGLAB_Iis_Module_Hijackserver_Dotnet : FILE
 		hash = "915441b7d7ddb7d885ecfe75b11eed512079b49875fc288cd65b023ce1e05964"
 		logic_hash = "83476157c66ac9586d28bf2e8614575c4950ab3e3538fd12d0a31fc451970686"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "FILE"
 		context = "file"
 
@@ -211627,7 +212190,7 @@ rule HARFANGLAB_Apache_Module_Hijackserver_Php_Decoded : FILE
 		hash = "e107bf25abc1cff515b816a5d75530ed4d351fa889078e547d7381b475fe2850"
 		logic_hash = "bf40ee8ae3a491c311d5221cb96adef6bd55153d602f1d534f2cb42a12aa68ec"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "FILE"
 		context = "file"
 
@@ -211783,7 +212346,7 @@ rule HARFANGLAB_Custom_Ateraagent_Operator : FILE
  * YARA Rule Set
  * Repository Name: LOLDrivers
  * Repository: https://github.com/magicsword-io/LOLDrivers/
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: 9be6ee6cd1df0bf6c715fda82150cf9a2f8dc3c6
  * Number of Rules: 569
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -229538,7 +230101,7 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_4DA0 :
  * YARA Rule Set
  * Repository Name: SEKOIA
  * Repository: https://github.com/SEKOIA-IO/Community
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: a47734fa931e56f8646dab2abf31629431982429
  * Number of Rules: 746
  * Skipped: 0 (age), 3 (quality), 0 (score), 0 (importance)
@@ -234220,7 +234783,7 @@ rule SEKOIA_Infostealer_Win_Solarmarker_Powershell : FILE
 		license_url = "https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/LICENSE.md"
 		logic_hash = "32267cf7e03ed65da969aeeff5ef5d7291e47446ea11a4b391f085967e8aa67d"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "FILE"
 		version = "1.0"
 		classification = "TLP:CLEAR"
@@ -239816,7 +240379,7 @@ rule SEKOIA_Emmenhtal_Strings_Hta_Exe : FILE
 		hash = "e86a22f1c73b85678e64341427c7193ba65903f3c0f29af2e65d7c56d833d912"
 		logic_hash = "93f85a4ccb58c6aeb664c4c843ff80a4ab7b4308a944537f7ebe087515a61659"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "FILE"
 		version = "1.0"
 		classification = "TLP:CLEAR"
@@ -252546,7 +253109,7 @@ rule SEKOIA_Generic_Python_Reverse_Shell : FILE
  * YARA Rule Set
  * Repository Name: Synacktiv
  * Repository: https://github.com/synacktiv/synacktiv-rules
- * Retrieval Date: 2025-11-02
+ * Retrieval Date: 2025-11-04
  * Git Commit: d234cc4da0783db7dca56ae8dd5252afdc248df8
  * Number of Rules: 8
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -252903,10 +253466,10 @@ rule SYNACKTIV_MAL_Linkpro_Arpdiag_ELF_KO_Oct25 : FILE
  * YARA Rule Set
  * Repository Name: Signature Base
  * Repository: https://github.com/Neo23x0/signature-base
- * Retrieval Date: 2025-11-02
- * Git Commit: 1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c
- * Number of Rules: 4388
- * Skipped: 0 (age), 9 (quality), 4 (score), 0 (importance)
+ * Retrieval Date: 2025-11-04
+ * Git Commit: 72d12c2f43c845ceafba3e7011c166df020fb990
+ * Number of Rules: 4390
+ * Skipped: 0 (age), 7 (quality), 4 (score), 0 (importance)
  *
  *
  * LICENSE
@@ -252960,8 +253523,8 @@ private rule SIGNATURE_BASE_Hatman_Mftmsr_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hatman.yar#L65-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hatman.yar#L65-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a03a3f5c583843acb216a8edefceaa1e89248fe72db49bcd906d2183998b1674"
 		score = 75
 		quality = 85
@@ -252985,8 +253548,8 @@ private rule SIGNATURE_BASE_Hatman_Origcode_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hatman.yar#L58-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hatman.yar#L58-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f6286e084bdbf3e2730a1aa3b7e302c1611c987447e083780e2d03000d1d226e"
 		score = 75
 		quality = 85
@@ -253008,8 +253571,8 @@ private rule SIGNATURE_BASE_Hatman_Loadoff_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hatman.yar#L74-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hatman.yar#L74-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "70d33c40b919d1852eded8c4afa96978c8b4503f95fb4a48e1d8b89864b77d38"
 		score = 75
 		quality = 85
@@ -253033,8 +253596,8 @@ private rule SIGNATURE_BASE_Hatman_Origaddr_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hatman.yar#L51-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hatman.yar#L51-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e9f775326dc0496662fbec98438e0273c51a88a434542dfcabd6e8b11131ab3e"
 		score = 75
 		quality = 85
@@ -253056,8 +253619,8 @@ private rule SIGNATURE_BASE_Hatman_Memcpy_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hatman.yar#L29-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hatman.yar#L29-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1e1566cc09e1ddd70cdb3b199f6972931f84a29ae2ef4815a5ecf1fe42afe42b"
 		score = 75
 		quality = 85
@@ -253081,8 +253644,8 @@ private rule SIGNATURE_BASE_Hatman_Nullsub_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hatman.yar#L45-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hatman.yar#L45-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7e7a7494e68450a03aeddfaa1fd0a3fb3cff06684d5bb0c4615571e698293fe3"
 		score = 75
 		quality = 85
@@ -253103,8 +253666,8 @@ private rule SIGNATURE_BASE_Hatman_Dividers_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hatman.yar#L38-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hatman.yar#L38-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "92ec47ea81b78ec9b05f5c17164daaef7112c8590b4443f70cf3bf2efd108e1f"
 		score = 75
 		quality = 85
@@ -253126,8 +253689,8 @@ private rule SIGNATURE_BASE_Hatman_Setstatus_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hatman.yar#L21-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hatman.yar#L21-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "264292bbc479413bf70f05b96bcea3c856906eb8c711720831bea9b887a7ffb0"
 		score = 75
 		quality = 85
@@ -253150,8 +253713,8 @@ rule SIGNATURE_BASE_Apt_CN_Tetris_JS_Advanced_1 : FILE
 		date = "2020-09-06"
 		modified = "2023-12-05"
 		reference = "https://imp0rtp3.wordpress.com/2021/08/12/tetris"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_tetris.yar#L2-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_tetris.yar#L2-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ec4ba53fea05c5331ed900b8c7da4cddd4ab64e87dfc165ac18d72d22f754d87"
 		score = 75
 		quality = 85
@@ -253178,8 +253741,8 @@ rule SIGNATURE_BASE_Apt_CN_Tetrisplugins_JS : FILE
 		date = "2020-09-06"
 		modified = "2023-12-05"
 		reference = "https://imp0rtp3.wordpress.com/2021/08/12/tetris"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_tetris.yar#L34-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_tetris.yar#L34-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa77d622584e79c86139b9c0f0b8ff46fc10461d0776e46c93490b6bb667afcf"
 		score = 75
 		quality = 60
@@ -253240,8 +253803,8 @@ rule SIGNATURE_BASE_APT28_CHOPSTICK : FILE
 		date = "2015-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/v3ebal"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt28.yar#L10-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt28.yar#L10-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f4db2e0881f83f6a2387ecf446fcb4a4c9f99808"
 		logic_hash = "750b2d5157856e0ffd840406eec601ded51ced7ccb20b577f336bbaf32681835"
 		score = 60
@@ -253272,8 +253835,8 @@ rule SIGNATURE_BASE_APT28_Sourface_Malware1 : FILE
 		date = "2015-06-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt28.yar#L34-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt28.yar#L34-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2ec1e5db74b5abe1da0d454b5e901bd808a0be318235f25d713cfdc4aea8d6d7"
 		score = 60
 		quality = 85
@@ -253298,8 +253861,8 @@ rule SIGNATURE_BASE_APT28_Sourface_Malware2 : FILE
 		date = "2015-06-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt28.yar#L52-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt28.yar#L52-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ed0424e61ca3243241e32d4f744398d263d7e35de15d94e9c6f816dc7349c267"
 		score = 60
 		quality = 85
@@ -253328,8 +253891,8 @@ rule SIGNATURE_BASE_APT28_Sourface_Malware3 : FILE
 		date = "2015-06-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt28.yar#L74-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt28.yar#L74-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "894fc2913cf1fa8aecb3052e762d4403124fcbdb2148edb23a9117c2f2b8eddc"
 		score = 60
 		quality = 85
@@ -253362,8 +253925,8 @@ rule SIGNATURE_BASE_APT28_Skinnyboy_Dropper : RUSSIA FILE
 		date = "2021-05-24"
 		modified = "2023-12-05"
 		reference = "https://cluster25.io/wp-content/uploads/2021/05/2021-05_FancyBear.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt28.yar#L103-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt28.yar#L103-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9e29ed985fac8701f72f0860fe101272c3c3342ef6857e30d32f5fea14822945"
 		score = 75
 		quality = 85
@@ -253387,8 +253950,8 @@ rule SIGNATURE_BASE_APT28_Skinnyboy_Launcher : RUSSIA FILE
 		date = "2021-05-24"
 		modified = "2023-12-05"
 		reference = "https://cluster25.io/wp-content/uploads/2021/05/2021-05_FancyBear.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt28.yar#L120-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt28.yar#L120-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cbb7a6e0114a9556a99ab3f5601664f430b650b2de0b44fe0178a99f21082e8d"
 		score = 75
 		quality = 85
@@ -253420,8 +253983,8 @@ rule SIGNATURE_BASE_APT28_Skinnyboy_Implanter : RUSSIA FILE
 		date = "2021-05-24"
 		modified = "2023-12-05"
 		reference = "https://cluster25.io/wp-content/uploads/2021/05/2021-05_FancyBear.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt28.yar#L143-L159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt28.yar#L143-L159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f5b8944910297988ecf5aecf23d20c384cf141a3a0972baadfacc4969dc46e7c"
 		score = 75
 		quality = 85
@@ -253446,8 +254009,8 @@ rule SIGNATURE_BASE_MAL_ELF_Reverseshell_Sslshell_Jun23_1 : CVE_2023_2868 FILE
 		date = "2023-06-07"
 		modified = "2023-12-05"
 		reference = "https://www.barracuda.com/company/legal/esg-vulnerability"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lnx_barracuda_cve_2023_2868.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lnx_barracuda_cve_2023_2868.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "57e9afb2f6928656242b8257cc3b98ae3b03e38c75ad40b544e3fc6afaea794d"
 		score = 75
 		quality = 85
@@ -253470,8 +254033,8 @@ rule SIGNATURE_BASE_MAL_ELF_SALTWATER_Jun23_1 : CVE_2023_2868 FILE
 		date = "2023-06-07"
 		modified = "2023-12-05"
 		reference = "https://www.barracuda.com/company/legal/esg-vulnerability"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lnx_barracuda_cve_2023_2868.yar#L21-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lnx_barracuda_cve_2023_2868.yar#L21-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cb35898c0ee726170da93b4364920ac065f083f9f02db8eb5d293b1ce127cb78"
 		score = 80
 		quality = 85
@@ -253500,8 +254063,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Ragna_Locker_Apr20_1 : FILE
 		date = "2020-04-27"
 		modified = "2023-12-05"
 		reference = "https://otx.alienvault.com/indicator/file/c2bd70495630ed8279de0713a010e5e55f3da29323b59ef71401b12942ba52f6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_ragna_locker.yar#L3-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_ragna_locker.yar#L3-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "05a18818f22c836c3e1f1fa9682d787bbe86e6d3bb026a80a7d4c33ad95c2cd3"
 		score = 75
 		quality = 85
@@ -253540,8 +254103,8 @@ rule SIGNATURE_BASE_MAL_Ransom_Ragnarlocker_July_2020_1 : FILE
 		date = "2020-07-30"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/JAMESWT_MHT/status/1288797666688851969"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_ragna_locker.yar#L38-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_ragna_locker.yar#L38-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dc44da2f9023e0702afa8081e85ba817ebfde15f449261fae9de729d51262b04"
 		score = 75
 		quality = 83
@@ -253583,8 +254146,8 @@ rule SIGNATURE_BASE_MAL_Kwampirs_Apr18 : KWAMPIRS
 		date = "2018-04-23"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_kwampirs.yar#L1-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_kwampirs.yar#L1-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e9387c46b9e3fff90415c46af270d143bdeb6292f2521d889b8d6ae726a4cf3b"
 		score = 75
 		quality = 85
@@ -253660,8 +254223,8 @@ rule SIGNATURE_BASE_APT_SH_Codecov_Hack_Apr21_1 : FILE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://about.codecov.io/security-update/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_codecov_hack.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_codecov_hack.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1aa7723982a1b675ba6694f1af0eb28e5926b974874580bd727cf33a3f8d893a"
 		score = 75
 		quality = 85
@@ -253683,8 +254246,8 @@ rule SIGNATURE_BASE_Merlinagent
 		date = "2017-12-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/Ne0nd0g/merlin"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_merlin_agent.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_merlin_agent.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "21743230556cc11a78942de30be476ad8e73731bbda9a4feb83bd8140a703d01"
 		score = 75
 		quality = 85
@@ -253718,8 +254281,8 @@ rule SIGNATURE_BASE_Indetectables_RAT : FILE
 		date = "2015-10-01"
 		modified = "2023-12-05"
 		reference = "http://www.sekoia.fr/blog/when-a-brazilian-string-smells-bad/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_indetectables_rat.yar#L8-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_indetectables_rat.yar#L8-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "840a0c92ac731d9e88d0bdccb39598e4ff476e8630ec08f6c4024a31e258ebd0"
 		score = 75
 		quality = 85
@@ -253754,8 +254317,8 @@ rule SIGNATURE_BASE_Bergsilva_Malware : FILE
 		date = "2015-10-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_indetectables_rat.yar#L35-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_indetectables_rat.yar#L35-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "03b823040a057ffbef9bcb3094a672fd75e141f3e82c77548adbe1c465d329fb"
 		score = 75
 		quality = 85
@@ -253786,8 +254349,8 @@ rule SIGNATURE_BASE_APT_KE3CHANG_TMPFILE : APT KE3CHANG TMPFILE FILE
 		date = "2020-06-18"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/a96f4f9d-c27d-490b-b5d3-e3be0a1c93e9/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ke3chang.yar#L1-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ke3chang.yar#L1-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "75c97fe2eeb82e09f52e98d76bd529824f171da4c802b5febc1036314d8145f0"
 		score = 75
 		quality = 85
@@ -253815,8 +254378,8 @@ rule SIGNATURE_BASE_APT_MAL_Ke3Chang_Ketrican_Jun20_1 : FILE
 		date = "2020-06-18"
 		modified = "2023-12-05"
 		reference = "BfV Cyber-Brief Nr. 01/2020"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ke3chang.yar#L23-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ke3chang.yar#L23-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a2806de18432dbab24f08c7c2863fd694c91192cf7df4388dfeb87b237f22257"
 		score = 75
 		quality = 85
@@ -253842,8 +254405,8 @@ rule SIGNATURE_BASE_Exploit_MS15_077_078 : FILE
 		date = "2015-07-21"
 		modified = "2023-12-05"
 		reference = "https://code.google.com/p/google-security-research/issues/detail?id=473&can=1&start=200"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2015_2426.yar#L10-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2015_2426.yar#L10-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "354219a1ed88c891c64513a057266199919406309460d92792a4be509f9580a1"
 		score = 75
 		quality = 85
@@ -253878,8 +254441,8 @@ rule SIGNATURE_BASE_Exploit_MS15_077_078_Hackingteam : FILE
 		date = "2015-07-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2015_2426.yar#L38-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2015_2426.yar#L38-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c94582629e555c9fd0b29302720078a7eb47d3013d0c1b5edd4e060c2062fa92"
 		score = 75
 		quality = 85
@@ -253909,8 +254472,8 @@ rule SIGNATURE_BASE_Apt28_Win_Zebrocy_Golang_Loader_Modified : FILE
 		date = "2018-12-25"
 		modified = "2023-12-05"
 		reference = "https://www.vkremez.com/2018/12/lets-learn-progression-of-apt28sofacy.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_zebrocy.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_zebrocy.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "799f4457eb2bdeeb7c9383e2b4e9572a41d9adbfe4a1a9c3b0fa1c9fc6077e40"
 		score = 75
 		quality = 79
@@ -253940,8 +254503,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_1 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1e024767797fb146b92d6e8c549597c0cda7c2f8fb961299a3808b9b2e924666"
 		score = 75
 		quality = 85
@@ -253967,8 +254530,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_2 : FILE
 		date = "2017-04-03"
 		modified = "2023-01-06"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L28-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L28-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dff8623c35c83c20fb525209ec9aa5d77b51fa494eb557845a8320c77746c02f"
 		score = 90
 		quality = 85
@@ -254003,8 +254566,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_3 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L59-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L59-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d15b4c277e2c4dfe300f242e4cc9b217981166191a47939ca437c55391874b5d"
 		score = 75
 		quality = 85
@@ -254033,8 +254596,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Dropper_1 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L81-L94"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L81-L94"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ee0caf8a08db9a2a83f10178e2ee890b6b0bc6e699ebb3d01fa94fa48c6dfdee"
 		score = 75
 		quality = 85
@@ -254057,8 +254620,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_4 : FILE
 		date = "2017-04-03"
 		modified = "2023-01-06"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L96-L112"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L96-L112"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7b39531e4af93ab026381a1114efe00fa01fb45860ddb512dbfa436471644e20"
 		score = 75
 		quality = 85
@@ -254083,8 +254646,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_5 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L114-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L114-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9b91ac8f450843c7c85e8d056218aff671bb0f345d16a7ba3f4180ac008bf318"
 		score = 75
 		quality = 85
@@ -254112,8 +254675,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_6 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L136-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L136-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f165912001c5e2eb48cef46df12220f7f7a53e908a6af571bb4932c50e355388"
 		score = 75
 		quality = 85
@@ -254139,8 +254702,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_7 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L154-L168"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L154-L168"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "01993e785fb7d5de9ea629d31725e86fa169b70dcde9716a5da0b646ac88864a"
 		score = 75
 		quality = 85
@@ -254164,8 +254727,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_8 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L170-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L170-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a27b041a1ff0fae3d06d8050fe3207435cb84f421099dc1cad8f8a503e976860"
 		score = 75
 		quality = 85
@@ -254194,8 +254757,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_9 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L191-L205"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L191-L205"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f45159a508ce8ccb5ab57c7347916642f58ab1b6e0a8886ba53e4810ed65c5c1"
 		score = 75
 		quality = 85
@@ -254219,8 +254782,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_10 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L207-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L207-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "538754e6daadd3efa3e77723dce7143fecad28cf94caa1b29a2d45df44b14ee4"
 		score = 75
 		quality = 85
@@ -254245,8 +254808,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_11 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L224-L240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L224-L240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7935d3aeef0d4c94a00dd44942a1ba97d0c9fce848914ebc9c59d9f8e9f51599"
 		score = 75
 		quality = 85
@@ -254271,8 +254834,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Lockdown : FILE
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L251-L265"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L251-L265"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3f24c08817bc94bb4b7d09d51bed62f43952f2c66338f29c4bc8e9000b3ff78a"
 		score = 75
 		quality = 85
@@ -254296,8 +254859,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Windowxarbot : FILE
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L267-L279"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L267-L279"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5d8a9c25032c5371e843f8e80884e43a64c73b1644605b39b2dff11104c3bbcd"
 		score = 75
 		quality = 85
@@ -254319,8 +254882,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Wmidll_Inmemory
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L281-L293"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L281-L293"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6dddda4e519eeaa67eb4c21151cab10553420a23a077751e0fc45fcae0bf6e69"
 		score = 75
 		quality = 85
@@ -254342,8 +254905,8 @@ rule SIGNATURE_BASE_VBS_Wmiexec_Tool_Apr17_1 : FILE
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cloudhopper.yar#L295-L318"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cloudhopper.yar#L295-L318"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b0aad1c8dfc07ae3df835ae113bd02abfd706a0646ffcac5dd5691822016d31a"
 		score = 75
 		quality = 85
@@ -254375,8 +254938,8 @@ rule SIGNATURE_BASE_RAT_AAR
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/AAR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a206b3f5cf6cc870135bc267b5baab8333422dc917efce6c66ee907690592d09"
 		score = 75
 		quality = 85
@@ -254404,8 +254967,8 @@ rule SIGNATURE_BASE_RAT_Adzok
 		date = "2015-01-05"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Adzok"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L24-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L24-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ee3291a4396ba6cb3c5e22229de4f5e45714b29bfeac1c56bde6d038a9d25458"
 		score = 75
 		quality = 85
@@ -254436,8 +254999,8 @@ rule SIGNATURE_BASE_RAT_Ap0Calypse
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Ap0calypse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L50-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L50-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1ce90a5b1b3f643d4e530d6e00741f5d5918d3199cfbc4126cf8421a9e42023e"
 		score = 75
 		quality = 85
@@ -254465,8 +255028,8 @@ rule SIGNATURE_BASE_RAT_Arcom
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Arcom"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L72-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L72-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dbccd9885ba0ec5741e3c74908d2e76b15836bc75373c100f344abf9bdf3a0b4"
 		score = 75
 		quality = 85
@@ -254494,8 +255057,8 @@ rule SIGNATURE_BASE_RAT_Bandook
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/bandook"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L95-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L95-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fe658e0990f0d456b1a8f5acea62a3b80bdd4a9bc0eedfe2e1092ea60b4fca2e"
 		score = 75
 		quality = 85
@@ -254527,8 +255090,8 @@ rule SIGNATURE_BASE_RAT_Blacknix
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/BlackNix"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L122-L142"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L122-L142"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "de8787fd35e6313c061b8759361698b1acd54b215d226839a8702b1a5d189ccb"
 		score = 75
 		quality = 85
@@ -254555,8 +255118,8 @@ rule SIGNATURE_BASE_RAT_Blackshades : BLACKSHADES
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://blog.cylance.com/a-study-in-bots-blackshades-net"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L144-L161"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L144-L161"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "23f8d52cf92b594f9302d549cf54f37dc0a01b5686da74b72120a8072435abfe"
 		score = 75
 		quality = 85
@@ -254580,8 +255143,8 @@ rule SIGNATURE_BASE_RAT_Bluebanana
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/BlueBanana"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L163-L184"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L163-L184"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0d84bb63d56d876c8b2e7c8c8afeaba839fee41d2d38f16ac9a13e802008179e"
 		score = 75
 		quality = 85
@@ -254609,8 +255172,8 @@ rule SIGNATURE_BASE_RAT_Bozok
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Bozok"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L186-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L186-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9a2fcd11573654f0c91c0c0dec8938ca8319a23953a5043135cb0032562f9f53"
 		score = 75
 		quality = 75
@@ -254637,8 +255200,8 @@ rule SIGNATURE_BASE_RAT_Clientmesh : TORCT
 		date = "2014-01-06"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/ClientMesh"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L208-L228"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L208-L228"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "671da9586110726b1646d4365ccaa87982ec7c86b7d4d80b99dbb444496b936c"
 		score = 75
 		quality = 85
@@ -254665,8 +255228,8 @@ rule SIGNATURE_BASE_RAT_Cybergate
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/CyberGate"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L230-L254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L230-L254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6b3861ae5e6bd6478e9d8024b0e67a3ac1dbf31083b77477364c55b51d0ed9b5"
 		score = 75
 		quality = 85
@@ -254696,8 +255259,8 @@ rule SIGNATURE_BASE_RAT_Darkcomet
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/DarkComet"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L256-L282"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L256-L282"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "db139f754f89affc706e090a41bfcd30cf49f9d4e16ade89993ee170f92cf68b"
 		score = 75
 		quality = 85
@@ -254728,8 +255291,8 @@ rule SIGNATURE_BASE_RAT_Darkrat
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/DarkRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L284-L306"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L284-L306"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dccb473a3cf4478dd1dbf8b35ad564f59740676ecde90266a0dc15cbad89bfe7"
 		score = 75
 		quality = 85
@@ -254758,8 +255321,8 @@ rule SIGNATURE_BASE_RAT_Greame
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Greame"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L308-L331"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L308-L331"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4a1ce5f5847bdc01d286c1d9cd1e16ba2fd6b5bc56e6094cb1492882708e8e59"
 		score = 75
 		quality = 85
@@ -254789,8 +255352,8 @@ rule SIGNATURE_BASE_RAT_Hawkeye
 		date = "2015-01-06"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/HawkEye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L333-L357"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L333-L357"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "db3a0fe5774f0d137e092a4eb9672a4518d0ef943a1a4619cb646a9ac9f74ee0"
 		score = 75
 		quality = 85
@@ -254821,8 +255384,8 @@ rule SIGNATURE_BASE_RAT_Imminent
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Imminent"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L359-L389"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L359-L389"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aebae753c119950b0b3f315c7279866caf15f4d482c0a47912c90885adcf6db2"
 		score = 75
 		quality = 85
@@ -254858,8 +255421,8 @@ rule SIGNATURE_BASE_RAT_Infinity
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Infinity"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L391-L414"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L391-L414"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c1f5381755af6cfbb10a4769757cdeffb9651bddc76bc4c8e9765ed44bf37fe6"
 		score = 75
 		quality = 85
@@ -254889,8 +255452,8 @@ rule SIGNATURE_BASE_RAT_Lostdoor
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/LostDoor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L440-L465"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L440-L465"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7ffa6f5cbeacca5a1e750e35d8296658d4e280078a61f94fd5f2d4b7c800bb44"
 		score = 75
 		quality = 85
@@ -254922,8 +255485,8 @@ rule SIGNATURE_BASE_RAT_Luminositylink
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/LuminosityLink"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L467-L493"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L467-L493"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5e70e3e0885d098f1ac2bcc324cd8ad2682fbfc395f189cabc4a4f97a0109682"
 		score = 75
 		quality = 60
@@ -254956,8 +255519,8 @@ rule SIGNATURE_BASE_RAT_Luxnet
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/LuxNet"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L495-L516"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L495-L516"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "55d872e2e30f6d55a6f91750bbb52675042e4673d712a4f2417af43b0f2c4fb9"
 		score = 75
 		quality = 85
@@ -254985,8 +255548,8 @@ rule SIGNATURE_BASE_RAT_Netwire
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/NetWire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L547-L569"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L547-L569"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6a4e757262c02dfe46ac28940b53a5695df2d242ccd4c16b42fbfdcf96072e91"
 		score = 75
 		quality = 60
@@ -255015,8 +255578,8 @@ rule SIGNATURE_BASE_RAT_Pandora
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Pandora"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L571-L599"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L571-L599"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d33598d0699bfb7e996047318099302c2c326e45d993a259c2bc145acf8cf54b"
 		score = 75
 		quality = 85
@@ -255051,8 +255614,8 @@ rule SIGNATURE_BASE_RAT_Paradox
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Paradox"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L601-L623"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L601-L623"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fef41262b78a497c65c7548c58d78ba8912725b28606fd9e99d1dbc19bdf7393"
 		score = 75
 		quality = 85
@@ -255081,8 +255644,8 @@ rule SIGNATURE_BASE_RAT_Plasma
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Plasma"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L625-L649"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L625-L649"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e73348d379c483a7917cf765a457739aed6940f180272fa8d0c0dd1eb8e5f562"
 		score = 75
 		quality = 85
@@ -255113,8 +255676,8 @@ rule SIGNATURE_BASE_RAT_Poisonivy
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/PoisonIvy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L651-L672"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L651-L672"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "874e0dfb22a03abc0f7fdc7209ff13b55dfa5dcc17db944903ca37a549eb331d"
 		score = 75
 		quality = 85
@@ -255142,8 +255705,8 @@ rule SIGNATURE_BASE_RAT_Predatorpain
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/PredatorPain"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L674-L702"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L674-L702"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "917234f83f891ad00bd83908c244818f517ea89cf7d8c81cfc3618b8386c1804"
 		score = 75
 		quality = 85
@@ -255178,8 +255741,8 @@ rule SIGNATURE_BASE_RAT_Punisher
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Punisher"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L704-L726"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L704-L726"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9347b8053393c3537693273c44a2a2f095928b8bc0cdcf9365a6f060d66efeb5"
 		score = 75
 		quality = 60
@@ -255208,8 +255771,8 @@ rule SIGNATURE_BASE_RAT_Pythorat
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/PythoRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L728-L751"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L728-L751"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8edcfb8f234ff225537d19343c75788ec2a25940e80042751eea3280a967e166"
 		score = 75
 		quality = 85
@@ -255239,8 +255802,8 @@ rule SIGNATURE_BASE_RAT_Qrat
 		date = "2015-01-08"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L753-L773"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L753-L773"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6d404153ca64b547885e4e4581205f5fc20faf86e8ab18002c5deedca2487225"
 		score = 75
 		quality = 85
@@ -255267,8 +255830,8 @@ rule SIGNATURE_BASE_RAT_Sakula : FILE
 		date = "2015-10-13"
 		modified = "2023-12-05"
 		reference = "http://blog.airbuscybersecurity.com/public/YFR/sakula_v1x.yara"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L775-L817"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L775-L817"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ec4e16deb6f4a671ee665c81568e87dc9a1023328e1be242eae015c1e04cfcef"
 		score = 75
 		quality = 85
@@ -255309,8 +255872,8 @@ rule SIGNATURE_BASE_RAT_Shadowtech : FILE
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/ShadowTech"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L819-L839"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L819-L839"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8ab024ae5ca62de30daf4392db5241220fcdb9b419bad555a996729aed9fa45d"
 		score = 75
 		quality = 83
@@ -255339,8 +255902,8 @@ rule SIGNATURE_BASE_RAT_Smallnet
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/SmallNet"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L841-L861"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L841-L861"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "17a6be371ce0c616cfea0b42a30e6d9118376912002d59790b133c73fd5436a3"
 		score = 75
 		quality = 85
@@ -255367,8 +255930,8 @@ rule SIGNATURE_BASE_RAT_Spygate
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/SpyGate"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L863-L890"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L863-L890"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5b891212f3a669c6066cfddef418faafd75c92bb2f1e8e1f48403422a73bc9fa"
 		score = 75
 		quality = 83
@@ -255402,8 +255965,8 @@ rule SIGNATURE_BASE_RAT_Sub7Nation
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Sub7Nation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L892-L913"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L892-L913"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bd6c423cd5cb5a86b20e5e65ab460904548b8814c92ac65e497757bb79a27681"
 		score = 75
 		quality = 85
@@ -255431,8 +255994,8 @@ rule SIGNATURE_BASE_RAT_Vertex
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Vertex"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L915-L938"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L915-L938"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c9fb0dedd97240ad29924865118ba34f5d79dbefbb13729d96d41336ec4de39e"
 		score = 75
 		quality = 85
@@ -255462,8 +256025,8 @@ rule SIGNATURE_BASE_RAT_Virusrat
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/VirusRat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L940-L967"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L940-L967"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8540296fe1341a793377494cec9ba6ee0313203bee9997f0da0b692959727c59"
 		score = 75
 		quality = 85
@@ -255497,8 +256060,8 @@ rule SIGNATURE_BASE_RAT_Xtreme
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Xtreme"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L969-L990"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L969-L990"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4dec8de6609f8229444291a78e920ac48b9b5751dd0cad7c95bc6529d6f8c16c"
 		score = 75
 		quality = 85
@@ -255526,8 +256089,8 @@ rule SIGNATURE_BASE_RAT_Adwind
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/adWind"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L992-L1011"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L992-L1011"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "11167b927fa06324950753c6ec8f28058f2aa66fb4ecdf66a21de11a8db190b8"
 		score = 75
 		quality = 85
@@ -255553,8 +256116,8 @@ rule SIGNATURE_BASE_RAT_Njrat
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/njRat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L1013-L1036"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L1013-L1036"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "47e8cc71caaefd70a170eb8fc845cb7ddb8df04b90163fe35f1ccb9a3f614c57"
 		score = 75
 		quality = 85
@@ -255583,8 +256146,8 @@ rule SIGNATURE_BASE_RAT_Unrecom
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/unrecom"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L1038-L1058"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L1038-L1058"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "15ab9ee2f3fd825e91813a185bc5c7d7e790de39cd3e88c375b801d1412a08f4"
 		score = 75
 		quality = 85
@@ -255611,8 +256174,8 @@ rule SIGNATURE_BASE_MAL_JRAT_Oct18_1 : FILE
 		date = "2018-10-11"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rats_malwareconfig.yar#L1060-L1072"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rats_malwareconfig.yar#L1060-L1072"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7c652f3943ae7639633b82663f639adb7dea1bae9e617a14710fb6e448cfdbee"
 		score = 75
 		quality = 85
@@ -255634,8 +256197,8 @@ rule SIGNATURE_BASE_Getuserspns_VBS
 		date = "2016-05-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/skelsec/PyKerberoast"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_kerberoast.yar#L8-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_kerberoast.yar#L8-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ece81cd717fed6ca1f9053384911fd59462b6f3b01210ceeb037ba3da2f7a318"
 		score = 75
 		quality = 60
@@ -255660,8 +256223,8 @@ rule SIGNATURE_BASE_Getuserspns_PS1
 		date = "2016-05-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/skelsec/PyKerberoast"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_kerberoast.yar#L25-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_kerberoast.yar#L25-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "204b009677a02bf8725f928c2bfff321b4543a883760e312a0c92f187684c8e9"
 		score = 75
 		quality = 85
@@ -255687,8 +256250,8 @@ rule SIGNATURE_BASE_Kerberoast_PY
 		date = "2016-05-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/skelsec/PyKerberoast"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_kerberoast.yar#L43-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_kerberoast.yar#L43-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3b285cc55733bd4c499ffb4821a92675806bf66faf3b3565ffb6de867bed538d"
 		score = 75
 		quality = 85
@@ -255714,8 +256277,8 @@ rule SIGNATURE_BASE_SUSP_SFX_Runprogram_Wscript : FILE
 		date = "2018-09-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_sfx.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_sfx.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0d00d83d4b25d80d0ca44fe1c3f3cd33ae5539d2d79c84bfdfcc470669d4f78c"
 		score = 75
 		quality = 85
@@ -255742,8 +256305,8 @@ rule SIGNATURE_BASE_RUAG_Tavdig_Malformed_Executable : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/N5MEj0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ruag.yar#L9-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ruag.yar#L9-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2a6eb90cc77f4556da0b5b0211bf0c4759dae0d78e9c6b765eff0e9a34f52e0f"
 		score = 60
 		quality = 85
@@ -255761,8 +256324,8 @@ rule SIGNATURE_BASE_RUAG_Bot_Config_File : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/N5MEj0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ruag.yar#L21-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ruag.yar#L21-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "256808511233da446ec69db4f5a5e23a237296c100e79e78bbe5e4964fa5dde6"
 		score = 60
 		quality = 85
@@ -255785,8 +256348,8 @@ rule SIGNATURE_BASE_RUAG_Cobra_Malware : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/N5MEj0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ruag.yar#L36-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ruag.yar#L36-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5576e8e465eb289e8da44009cb2237080c5b5c3eb6d7a337634d91c5d68ecd80"
 		score = 60
 		quality = 85
@@ -255807,8 +256370,8 @@ rule SIGNATURE_BASE_RUAG_Cobra_Config_File : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/N5MEj0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ruag.yar#L49-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ruag.yar#L49-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "703a89562f3a2e5692883892f468288276459ad528cd371b1ac226e1d1c4be02"
 		score = 60
 		quality = 85
@@ -255839,8 +256402,8 @@ rule SIGNATURE_BASE_RUAG_Exfil_Config_File : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/N5MEj0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ruag.yar#L73-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ruag.yar#L73-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "379e8762932ca565f3bd35ec241aef2d0445fbe6182a041e4d4e16a1170202ef"
 		score = 60
 		quality = 85
@@ -255866,8 +256429,8 @@ rule SIGNATURE_BASE_MAL_PHISH_Shellcode_Enc_Payload_Feb25 : FILE
 		date = "2025-02-14"
 		modified = "2025-03-20"
 		reference = "https://x.com/dtcert/status/1890384162818802135"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_phish_feb25.yar#L1-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_phish_feb25.yar#L1-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "247e6a648bb22d35095ba02ef4af8cfe0a4cdfa25271117414ff2e3a21021886"
 		logic_hash = "144323294a8353956adf7a9b2a316e1e7606e882f85b8187c016d5acdcc254cc"
 		score = 80
@@ -255889,8 +256452,8 @@ rule SIGNATURE_BASE_MAL_PHISH_Final_Payload_Feb25
 		date = "2025-02-14"
 		modified = "2025-03-20"
 		reference = "https://x.com/dtcert/status/1890384162818802135"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_phish_feb25.yar#L16-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_phish_feb25.yar#L16-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "de384aba6b0c6800095eb530954aa718d4ed96cccfc0b1e5e4d01404f3518a77"
 		logic_hash = "3251d68a019d873987966d46c9e474e5a1ebbca4a33a8bf1e3c3ce119db8ab8c"
 		score = 80
@@ -255918,8 +256481,8 @@ rule SIGNATURE_BASE_SUSP_Sysinternals_Desktops_Anomaly_Feb25 : FILE
 		date = "2025-02-14"
 		modified = "2025-03-20"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_phish_feb25.yar#L37-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_phish_feb25.yar#L37-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5b8f64e090c7c9012e656c222682dfae7910669c7b7afaca35829cd1cc2eac17"
 		hash = "d0f7f3f58e0dfcfd81235379bb5a236f40be490207d3bf45f190a264879090db"
 		hash = "a83dc4d69a3de72aed4d1933db2ca120657f06adc6683346afbd267b8b7d27d0"
@@ -255949,8 +256512,8 @@ rule SIGNATURE_BASE_SUSP_PE_Compromised_Certificate_Feb25 : FILE
 		date = "2025-02-14"
 		modified = "2025-03-20"
 		reference = "https://x.com/DTCERT/status/1890384162818802135"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_phish_feb25.yar#L62-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_phish_feb25.yar#L62-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5b8f64e090c7c9012e656c222682dfae7910669c7b7afaca35829cd1cc2eac17"
 		hash = "d0f7f3f58e0dfcfd81235379bb5a236f40be490207d3bf45f190a264879090db"
 		hash = "a83dc4d69a3de72aed4d1933db2ca120657f06adc6683346afbd267b8b7d27d0"
@@ -255980,8 +256543,8 @@ rule SIGNATURE_BASE_SUSP_Autocad_Lsp_Malware : FILE
 		date = "2019-02-04"
 		modified = "2023-12-05"
 		reference = "http://cadablog.blogspot.com/2012/06/acadmedrea-malware-autocad-based-virus.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_autocad_lsp_malware.yar#L1-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_autocad_lsp_malware.yar#L1-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4a5fe7016e27431407435541ab71ab00e6fd53418e2ebc19f8764c98728b89a6"
 		score = 65
 		quality = 27
@@ -256031,8 +256594,8 @@ rule SIGNATURE_BASE_APT_UA_Hermetic_Wiper_Feb22_1 : FILE
 		date = "2022-02-24"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ua_hermetic_wiper.yar#L2-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ua_hermetic_wiper.yar#L2-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1cf124f7533a060da8aff1a18f64a94b183502e58ffdfca012d72d99d30225ba"
 		score = 75
 		quality = 85
@@ -256074,8 +256637,8 @@ rule SIGNATURE_BASE_APT_UA_Hermetic_Wiper_Artefacts_Feb22_1
 		date = "2022-02-25"
 		modified = "2023-12-05"
 		reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ua_hermetic_wiper.yar#L40-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ua_hermetic_wiper.yar#L40-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5e917618a5172c68b4b32ba9e63402c2a98ccb027276b317ec169a4fef219de1"
 		score = 75
 		quality = 85
@@ -256108,8 +256671,8 @@ rule SIGNATURE_BASE_APT_UA_Hermetic_Wiper_Scheduled_Task_Feb22_1
 		date = "2022-02-25"
 		modified = "2023-12-05"
 		reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ua_hermetic_wiper.yar#L72-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ua_hermetic_wiper.yar#L72-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "56368ba1c97fe3455312b6ee86dcd1a21677f7dfa3836e76ada4b236a5b2c171"
 		score = 85
 		quality = 85
@@ -256134,8 +256697,8 @@ rule SIGNATURE_BASE_Oilrig_Rgdoor_Gen1 : FILE
 		date = "2018-01-27"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig_rgdoor.yar#L13-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig_rgdoor.yar#L13-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "896900f788337327d444495ba0cd4c7c327bb4f9166bc2a981a348cf2c34cbdb"
 		score = 80
 		quality = 85
@@ -256165,8 +256728,8 @@ rule SIGNATURE_BASE_MSIL_SUSP_OBFUSC_Xorstringsnet : FILE
 		date = "2023-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/dr4k0nia/yara-rules"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_net_xorstrings.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_net_xorstrings.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6d023a80bd8f5709721c3ace8a7230b847ca4bd2a1aff502a25333ffc8bf75ca"
 		score = 75
 		quality = 85
@@ -256195,8 +256758,8 @@ rule SIGNATURE_BASE_BKDR_Xzutil_Script_CVE_2024_3094_Mar24_1 : CVE_2024_3094
 		date = "2024-03-30"
 		modified = "2024-04-24"
 		reference = "https://www.openwall.com/lists/oss-security/2024/03/29/4"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/bkdr_xz_util_cve_2024_3094.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/bkdr_xz_util_cve_2024_3094.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3"
 		logic_hash = "8d3f5f078a5c827208e04acb7ac1496f473e1236f92561f94d2a3c8156c68ea6"
 		score = 80
@@ -256220,8 +256783,8 @@ rule SIGNATURE_BASE_BKDR_Xzutil_Binary_CVE_2024_3094_Mar24_1 : CVE_2024_3094 FIL
 		date = "2024-03-30"
 		modified = "2024-04-24"
 		reference = "https://www.openwall.com/lists/oss-security/2024/03/29/4"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/bkdr_xz_util_cve_2024_3094.yar#L19-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/bkdr_xz_util_cve_2024_3094.yar#L19-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ed364484ff598b0818f9b3249673e684b52394c25b14e47fbca25a5f96ecc970"
 		score = 75
 		quality = 85
@@ -256251,8 +256814,8 @@ rule SIGNATURE_BASE_BKDR_Xzutil_Killswitch_CVE_2024_3094_Mar24_1 : CVE_2024_3094
 		date = "2024-03-30"
 		modified = "2024-04-24"
 		reference = "https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01?permalink_comment_id=5006558#gistcomment-5006558"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/bkdr_xz_util_cve_2024_3094.yar#L48-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/bkdr_xz_util_cve_2024_3094.yar#L48-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b2024d4b8346c4f74524bb7f3c6b2850684c19471a00e6fa60fff1c41e4a86b6"
 		score = 85
 		quality = 85
@@ -256273,8 +256836,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_SH_Indicators_Mar24_1 : FILE
 		date = "2024-04-06"
 		modified = "2024-04-24"
 		reference = "https://www.openwall.com/lists/oss-security/2024/03/29/4/1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/bkdr_xz_util_cve_2024_3094.yar#L62-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/bkdr_xz_util_cve_2024_3094.yar#L62-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b5abf8184e0b1b18ccc513e00e9db241b4983923ae97f495396d73f0fb162192"
 		score = 60
 		quality = 85
@@ -256295,8 +256858,8 @@ rule SIGNATURE_BASE_SUSP_Office_Dropper_Strings : FILE
 		date = "2018-09-13"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_office_dropper.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_office_dropper.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3a66a86eb99a3e7cd02e3444714c6c88b423cd0ea1e6210bf91da01cf804105f"
 		score = 65
 		quality = 85
@@ -256321,8 +256884,8 @@ rule SIGNATURE_BASE_SUSP_Enablecontent_String_Gen : FILE
 		date = "2019-02-12"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_office_dropper.yar#L19-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_office_dropper.yar#L19-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cde995ab0486fdafdc98e36c28a1f786ee7485387158f7337acd5f7dd0e3fed1"
 		score = 65
 		quality = 85
@@ -256347,8 +256910,8 @@ rule SIGNATURE_BASE_SUSP_Worddoc_VBA_Macro_Strings : FILE
 		date = "2019-02-12"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_office_dropper.yar#L42-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_office_dropper.yar#L42-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "441e4a8e90d6045d0ad6a959ce56e834960c48083343add8e4f519f4b83bc82d"
 		score = 60
 		quality = 85
@@ -256377,8 +256940,8 @@ rule SIGNATURE_BASE_SUSP_Officedoc_VBA_Base64Decode : FILE
 		date = "2019-06-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/cpaton/Scripting/blob/master/VBA/Base64.bas"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_office_dropper.yar#L65-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_office_dropper.yar#L65-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1fb094c9991f93e9d1003832dc11a58efa8281e9fe844e61e27dfd077f55ad39"
 		score = 70
 		quality = 85
@@ -256402,8 +256965,8 @@ rule SIGNATURE_BASE_SUSP_VBA_Filesystem_Access : FILE
 		date = "2019-06-21"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_office_dropper.yar#L82-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_office_dropper.yar#L82-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "13d7e0708968a7700308e6216ea5d0a396f9335137ae1e33c3b34a2f54012ec6"
 		score = 60
 		quality = 85
@@ -256429,8 +256992,8 @@ rule SIGNATURE_BASE_SUSP_Excel_IQY_Remoteuri_Syntax : FILE
 		date = "2018-08-17"
 		modified = "2023-11-25"
 		reference = "https://twitter.com/ItsReallyNick/status/1030330473954897920"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_office_dropper.yar#L102-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_office_dropper.yar#L102-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7033b0a4226dd289ecc670a0807e4159dd4486f52bc80a6b5ddd34d6961ab163"
 		score = 55
 		quality = 85
@@ -256452,8 +257015,8 @@ rule SIGNATURE_BASE_SUSP_Macro_Sheet_Obfuscated_Char : FILE
 		date = "2020-04-07"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DissectMalware/status/1247595433305800706"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_office_dropper.yar#L122-L139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_office_dropper.yar#L122-L139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0953d1f916df570cb3d053bf4fdac196bdbd806df4b6c0a982ed9949a3676e6c"
 		score = 65
 		quality = 85
@@ -256479,8 +257042,8 @@ rule SIGNATURE_BASE_MAL_G_APT_Backdoor_BRICKSTORM_3 : FILE
 		date = "2025-09-25"
 		modified = "2025-10-07"
 		reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_brickstorm_sep25.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_brickstorm_sep25.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "931eacd7e5250d29903924c31f41b7e5"
 		logic_hash = "168bc2bdfff6a135f4ec89f8cf79051e6dcd242b314e3238553d67929995a9ea"
 		score = 75
@@ -256506,8 +257069,8 @@ rule SIGNATURE_BASE_MAL_G_Backdoor_BRICKSTORM_2 : FILE
 		date = "2025-09-25"
 		modified = "2025-10-07"
 		reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_brickstorm_sep25.yar#L19-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_brickstorm_sep25.yar#L19-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "afea32d3c817473ec0dbc20177daa4070f847c23295318fa093fc3a96a15e764"
 		score = 75
 		quality = 85
@@ -256540,8 +257103,8 @@ rule SIGNATURE_BASE_MAL_G_APT_Backdoor_BRICKSTORM_1 : FILE
 		date = "2025-09-25"
 		modified = "2025-10-07"
 		reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_brickstorm_sep25.yar#L53-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_brickstorm_sep25.yar#L53-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4645f2f6800bc654d5fa812237896b00"
 		logic_hash = "ffaeca48c96445044844779f28c46a5c6029ba96191d3faafbc8f3864c29e21b"
 		score = 75
@@ -256576,8 +257139,8 @@ rule SIGNATURE_BASE_MAL_G_APT_Backdoor_BRICKSTORM_2 : FILE
 		date = "2025-09-25"
 		modified = "2025-10-07"
 		reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_brickstorm_sep25.yar#L80-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_brickstorm_sep25.yar#L80-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "db989caa2a80481e58e6d65068e1814cf7366e3bdfc347e9019fb2bc980c74fa"
 		score = 75
 		quality = 85
@@ -256599,8 +257162,8 @@ rule SIGNATURE_BASE_WEBSHELL_G_APT_Backdoorwebshell_SLAYSTYLE_1 : FILE
 		date = "2025-09-25"
 		modified = "2025-10-07"
 		reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_brickstorm_sep25.yar#L94-L112"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_brickstorm_sep25.yar#L94-L112"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7a56238218e60a69049f5d9c756df4fb6f0de772fbc437a14c5db7192f971be6"
 		score = 75
 		quality = 83
@@ -256626,8 +257189,8 @@ rule SIGNATURE_BASE_WEBSHELL_G_APT_Backdoorwebshell_SLAYSTYLE_2 : FILE
 		date = "2025-09-25"
 		modified = "2025-10-07"
 		reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_brickstorm_sep25.yar#L114-L129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_brickstorm_sep25.yar#L114-L129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d2d1003f77a2066b48df1c27feab79c0a1951ebb62c3198de8366bcfee42e30a"
 		score = 75
 		quality = 85
@@ -256652,8 +257215,8 @@ rule SIGNATURE_BASE_MAL_G_Backdoor_BRICKSTEAL_1 : FILE
 		date = "2025-09-25"
 		modified = "2025-10-07"
 		reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_brickstorm_sep25.yar#L131-L146"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_brickstorm_sep25.yar#L131-L146"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "27413b63eae84d95cf0ca920e9ac1daba200281ecc32cc9922c0e7850c7f0571"
 		score = 75
 		quality = 85
@@ -256678,8 +257241,8 @@ rule SIGNATURE_BASE_MAL_G_Dropper_BRICKSTEAL_1
 		date = "2025-09-25"
 		modified = "2025-10-07"
 		reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_brickstorm_sep25.yar#L148-L165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_brickstorm_sep25.yar#L148-L165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5ed68f17ba8ac0c7ba02f9111f083244181332c71ed43b4cd5582baee493c98d"
 		score = 75
 		quality = 85
@@ -256706,8 +257269,8 @@ rule SIGNATURE_BASE_MAL_G_Dropper_BRICKSTEAL_2
 		date = "2025-09-25"
 		modified = "2025-10-07"
 		reference = "https://cloud.google.com/blog/topics/threat-intelligence/brickstorm-espionage-campaign"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_brickstorm_sep25.yar#L167-L184"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_brickstorm_sep25.yar#L167-L184"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e1bdcc59259b2bf476b873a9f94b9296efc7720d83fba04f6569217019ae3af8"
 		score = 75
 		quality = 85
@@ -256733,8 +257296,8 @@ rule SIGNATURE_BASE_EXT_NK_GOLDBACKDOOR_Inital_Shellcode
 		date = "2022-04-21"
 		modified = "2023-12-05"
 		reference = "https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_goldbackdoor.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_goldbackdoor.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4df97181037a580098dbe34d3b6ceab5c7b83932f1831c36ee99876a8f1524f9"
 		score = 80
 		quality = 85
@@ -256760,8 +257323,8 @@ rule SIGNATURE_BASE_EXT_NK_GOLDBACKDOOR_Injected_Shellcode
 		date = "2022-04-21"
 		modified = "2023-12-05"
 		reference = "https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_goldbackdoor.yar#L22-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_goldbackdoor.yar#L22-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b45f408c0f342591e66ef0dfcfc1c09f8558c5e8f4bd7f824b30f00d531c7511"
 		score = 80
 		quality = 85
@@ -256790,8 +257353,8 @@ rule SIGNATURE_BASE_EXT_NK_GOLDBACKDOOR_Generic_Shellcode
 		date = "2022-04-21"
 		modified = "2023-12-05"
 		reference = "https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_goldbackdoor.yar#L44-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_goldbackdoor.yar#L44-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e046a70b1dee020ba73d960a9d91daaccd0b5c262965c8647f608c5c83a28257"
 		score = 75
 		quality = 85
@@ -256814,8 +257377,8 @@ rule SIGNATURE_BASE_VUL_Exchange_CVE_2020_0688 : FILE
 		date = "2020-02-26"
 		modified = "2023-12-05"
 		reference = "https://www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vul_cve_2020_0688.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vul_cve_2020_0688.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "035971028d36c8bbcc6a274817187adfbfefe530ff6808af5a7c0b4667c1bd8b"
 		score = 60
 		quality = 85
@@ -256838,8 +257401,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Venus_Nov22_1 : FILE
 		date = "2022-11-16"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/dyngnosis/status/1592588860168421376"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_venus.yar#L3-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_venus.yar#L3-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c94d59015897f180ef55608a2761b37c7b52193e28895ea6a4c0548acf3ad34"
 		score = 85
 		quality = 85
@@ -256874,8 +257437,8 @@ rule SIGNATURE_BASE_MAL_Backdoor_DLL_Nov23_1 : CVE_2023_4966 FILE
 		date = "2023-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6788d37301bb82bd4d9584e192e2fb14d4f6c77801b70299097d8ba139219394"
 		score = 80
 		quality = 85
@@ -256903,8 +257466,8 @@ rule SIGNATURE_BASE_MAL_Trojan_DLL_Nov23 : CVE_2023_4966 FILE
 		date = "2023-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L24-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L24-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9be42742711b4d0440244b507945e074b61c456588580b3263f899a7eb84d8aa"
 		score = 80
 		quality = 85
@@ -256928,8 +257491,8 @@ rule SIGNATURE_BASE_MAL_DLL_Stealer_Nov23 : CVE_2023_4966 FILE
 		date = "2023-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L41-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L41-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7d0c46d855973cb2c0636aed9c67cfbe47ca260ab1bc842fef1d532725c26910"
 		score = 80
 		quality = 85
@@ -256951,8 +257514,8 @@ rule SIGNATURE_BASE_MAL_Python_Backdoor_Script_Nov23 : CVE_2023_4966 FILE
 		date = "2023-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L56-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L56-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b336f6438a420af49b1b0144039f1051f12c0c54f77a94e2f947f71d1f6230b3"
 		score = 80
 		quality = 85
@@ -256976,8 +257539,8 @@ rule SIGNATURE_BASE_APT_RANSOM_Lockbit_Forensicartifacts_Nov23
 		date = "2023-11-22"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L73-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L73-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6ba1d47e2cac72143c4612c420777024f114afc007c7b15251a58819654aeff1"
 		score = 75
 		quality = 85
@@ -256999,8 +257562,8 @@ rule SIGNATURE_BASE_SUSP_NET_Msil_Suspicious_Use_Strreverse : FILE
 		date = "2023-01-31"
 		modified = "2023-02-22"
 		reference = "https://github.com/dr4k0nia/yara-rules"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_net_msil.yar#L2-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_net_msil.yar#L2-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "02ce0980427dea835fc9d9eed025dd26672bf2c15f0b10486ff8107ce3950701"
 		logic_hash = "a7440600ee4826568d465d204e0a602f61752e4ffcfa3b4f29e5bc81c4d67b46"
 		score = 70
@@ -257027,8 +257590,8 @@ rule SIGNATURE_BASE_Win7Elevatev2 : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "http://www.pretentiousname.com/misc/W7E_Source/Win7Elevate_Inject.cpp.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_uac_elevators.yar#L2-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_uac_elevators.yar#L2-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2f5859388c6074f1a75f0c40387f30ffa50d6b87f20f518fd1af7398c95cd650"
 		score = 60
 		quality = 85
@@ -257067,8 +257630,8 @@ rule SIGNATURE_BASE_UACME_Akagi
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/hfiref0x/UACME"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_uac_elevators.yar#L35-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_uac_elevators.yar#L35-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e10f39837a53dcc6d301d21a69fca965aeca0a07cfc832a9a0142b08d280f955"
 		score = 60
 		quality = 85
@@ -257104,8 +257667,8 @@ rule SIGNATURE_BASE_Uacelevator : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/MalwareTech/UACElevator"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_uac_elevators.yar#L66-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_uac_elevators.yar#L66-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fd29d5a72d7a85b7e9565ed92b4d7a3884defba6"
 		logic_hash = "8215746b2c84a5500221580969fb2eac8ee11cbb5af4ba5bf2dbd1def65b8745"
 		score = 75
@@ -257137,8 +257700,8 @@ rule SIGNATURE_BASE_S4U : FILE
 		date = "2015-06-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/aurel26/s-4-u-for-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_uac_elevators.yar#L92-L139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_uac_elevators.yar#L92-L139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cfc18f3d5306df208461459a8e667d89ce44ed77"
 		logic_hash = "b1882710f2514fb44ff01631636c0a66beef620c8bea644ebe05cd5385a9e494"
 		score = 50
@@ -257188,8 +257751,8 @@ rule SIGNATURE_BASE_UACME_Akagi_2 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/hfiref0x/UACME"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_uac_elevators.yar#L151-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_uac_elevators.yar#L151-L174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f79a82d466f51c86a0e6fb89688708c35dbcc7ba8f4543e5fb7565d41dd3faab"
 		score = 80
 		quality = 85
@@ -257220,8 +257783,8 @@ rule SIGNATURE_BASE_ACE_Containing_EXE
 		date = "2015-09-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_ace_with_exe.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_ace_with_exe.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "27fba0db7a98fbaf4b3710a9e411ed74860099c133a2e83ddf368ae2fef3c288"
 		score = 50
 		quality = 83
@@ -257246,8 +257809,8 @@ rule SIGNATURE_BASE_Mal_Lockbit4_Packed_Feb24 : FILE
 		date = "2024-02-16"
 		modified = "2025-03-20"
 		reference = "https://0x0d4y.blog/lockbit4-0-evasion-tales/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lockbit4_packed_win_feb24.yar#L1-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lockbit4_packed_win_feb24.yar#L1-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "15796971d60f9d71ad162060f0f76a02"
 		logic_hash = "07281fd86efbb7167ba1cc0c6f6897418751df1a3697869e51f806c26641e365"
 		score = 100
@@ -257277,8 +257840,8 @@ rule SIGNATURE_BASE_APT_TA18_149A_Joanap_Sample1 : FILE
 		date = "2018-05-30"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA18-149A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta18_149A.yar#L13-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta18_149A.yar#L13-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "746c74713ac52f62d5a5c41d2c9321e00481a45aa2c23f1695fab0f5b6d5dfb4"
 		score = 75
 		quality = 85
@@ -257306,8 +257869,8 @@ rule SIGNATURE_BASE_APT_TA18_149A_Joanap_Sample2 : FILE
 		date = "2018-05-30"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA18-149A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta18_149A.yar#L36-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta18_149A.yar#L36-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "046135e4a1161841835cd9d10e13224b440e914ce3f409bad84a1df2638a7d5f"
 		score = 75
 		quality = 85
@@ -257334,8 +257897,8 @@ rule SIGNATURE_BASE_APT_TA18_149A_Joanap_Sample3 : FILE
 		date = "2018-05-30"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA18-149A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta18_149A.yar#L57-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta18_149A.yar#L57-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a3da6c70d2ab94820324a55f1bcdcf5507a8ddf26efc80904daf0d9b27ac9312"
 		score = 75
 		quality = 85
@@ -257363,8 +257926,8 @@ rule SIGNATURE_BASE_HKTL_Nim_Nimpackt : EXE FILE HKTL
 		date = "2022-01-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/chvancooten/NimPackt-v1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_nimpackt.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_nimpackt.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2bda7acb440d1c72efeaddcb18b736343d658d59feccf6c9339b313cd35f32eb"
 		score = 80
 		quality = 79
@@ -257390,8 +257953,8 @@ rule SIGNATURE_BASE_Blackenergy_BE_2 : FILE
 		date = "2015-02-19"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/DThzLz"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_blackenergy.yar#L8-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_blackenergy.yar#L8-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "983cfcf3aaaeff1ad82eb70f77088ad6ccedee77"
 		logic_hash = "77ecab353063bf8be5ec70294f8497234af8ddd944e0b207d8d633f59f76dbb6"
 		score = 75
@@ -257418,8 +257981,8 @@ rule SIGNATURE_BASE_Blackenergy_VBS_Agent : FILE
 		date = "2016-01-03"
 		modified = "2023-12-05"
 		reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_blackenergy.yar#L34-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_blackenergy.yar#L34-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b90f268b5e7f70af1687d9825c09df15908ad3a6978b328dc88f96143a64af0f"
 		logic_hash = "2a0037a76f1031117fe41b2e41691511eb626ffc0c738547eda24f771505bc67"
 		score = 75
@@ -257444,8 +258007,8 @@ rule SIGNATURE_BASE_Dropbear_SSH_Server : FILE
 		date = "2016-01-03"
 		modified = "2023-12-05"
 		reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_blackenergy.yar#L51-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_blackenergy.yar#L51-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0969daac4adc84ab7b50d4f9ffb16c4e1a07c6dbfc968bd6649497c794a161cd"
 		logic_hash = "6b8acaaa64329d09d3d22d74f4f40288fba3f5faaff63e1ee6b2e6153f14d730"
 		score = 50
@@ -257472,8 +258035,8 @@ rule SIGNATURE_BASE_Blackenergy_Backdoorpass_Dropbear_SSH : FILE
 		date = "2016-01-03"
 		modified = "2023-12-05"
 		reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_blackenergy.yar#L71-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_blackenergy.yar#L71-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0969daac4adc84ab7b50d4f9ffb16c4e1a07c6dbfc968bd6649497c794a161cd"
 		logic_hash = "3af58d155691d9323458280ad1b933e8e784acafb0974f5f267b93d9b02e825e"
 		score = 75
@@ -257496,8 +258059,8 @@ rule SIGNATURE_BASE_Blackenergy_Killdisk_1 : FILE
 		date = "2016-01-03"
 		modified = "2023-12-05"
 		reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_blackenergy.yar#L88-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_blackenergy.yar#L88-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa64434422a16166938b9eede9c50b79bae90632f1500e6529dcf26dbebe50f1"
 		score = 80
 		quality = 85
@@ -257533,8 +258096,8 @@ rule SIGNATURE_BASE_Blackenergy_Killdisk_2 : FILE
 		date = "2016-01-03"
 		modified = "2023-01-06"
 		reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_blackenergy.yar#L117-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_blackenergy.yar#L117-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "38ce9ab347690914f27e7ae89cc6fb2af02ee223e21822eb3b75fde772d3eaff"
 		score = 80
 		quality = 85
@@ -257563,8 +258126,8 @@ rule SIGNATURE_BASE_Blackenergy_Driver_USBMDM : FILE
 		date = "2016-01-04"
 		modified = "2023-12-05"
 		reference = "http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_blackenergy.yar#L140-L163"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_blackenergy.yar#L140-L163"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "273a00de7af1b7490bff2eae545b358a5483bae0d55a560bef7bd9fa24b0f1d9"
 		score = 75
 		quality = 85
@@ -257597,8 +258160,8 @@ rule SIGNATURE_BASE_Blackenergy_Driver_AMDIDE : FILE
 		date = "2016-01-04"
 		modified = "2023-12-05"
 		reference = "http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_blackenergy.yar#L165-L188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_blackenergy.yar#L165-L188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cb6017327be464bcc2d9efca676c58a9ede45d122460bc167f87e78880c4ace5"
 		score = 75
 		quality = 85
@@ -257631,8 +258194,8 @@ rule SIGNATURE_BASE_SUSP_Bad_PDF : FILE
 		date = "2018-05-03"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_bad_pdf.yar#L1-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_bad_pdf.yar#L1-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "59b159aaccf5c3b64fee17831c1e3a1ca99b60dbb725ad25a4ddad47cdc442d7"
 		score = 65
 		quality = 85
@@ -257656,8 +258219,8 @@ rule SIGNATURE_BASE_Credentialstealer_Generic_Backdoor : FILE
 		date = "2017-06-07"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_credstealer_generic.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_credstealer_generic.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aa06291a91ac84f80cd2cbe5a01c2cbcc14cf6914da9d1234af9b3d833990551"
 		score = 75
 		quality = 85
@@ -257689,8 +258252,8 @@ rule SIGNATURE_BASE_Mimikatz_Memory_Rule_1 : APT
 		date = "2014-12-22"
 		modified = "2023-07-04"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimikatz.yar#L5-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimikatz.yar#L5-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "22064af570b8e0a93ca0d45484848eda3fbecfd27c88247ef0897fe53be4b7fc"
 		score = 70
 		quality = 85
@@ -257719,8 +258282,8 @@ rule SIGNATURE_BASE_Mimikatz : FILE
 		date = "2022-11-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimikatz.yar#L48-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimikatz.yar#L48-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bf972a2c0465c3bbdde6f03d91c6f479d0f66c6d3e9512355de5a973164b56a5"
 		score = 75
 		quality = 85
@@ -257747,8 +258310,8 @@ rule SIGNATURE_BASE_Wce
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimikatz.yar#L76-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimikatz.yar#L76-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a16db99dcaaf1b6c33a738aab4f4d3812366258bc2f6dd32250ee1b1a0616f1c"
 		score = 75
 		quality = 85
@@ -257772,8 +258335,8 @@ rule SIGNATURE_BASE_Power_Pe_Injection
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimikatz.yar#L91-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimikatz.yar#L91-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "64a7033d51e8933912f37ce68bffc216073a88cae1ea7492e71a812411ae6a9d"
 		score = 75
 		quality = 85
@@ -257794,8 +258357,8 @@ rule SIGNATURE_BASE_Mimikatz_Logfile
 		date = "2015-03-31"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimikatz.yar#L103-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimikatz.yar#L103-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4591cda5bd5a555292087da26193accc4f00d7c0611be8d5ab6dd4dabb14a0ef"
 		score = 80
 		quality = 85
@@ -257821,8 +258384,8 @@ rule SIGNATURE_BASE_Mimikatz_Strings : FILE
 		date = "2016-06-08"
 		modified = "2023-12-05"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimikatz.yar#L121-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimikatz.yar#L121-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "baba1e159c0fb23f68b80459291a2d2c52e84f742f51ca30b894f7fc6282ad7a"
 		score = 65
 		quality = 85
@@ -257859,8 +258422,8 @@ rule SIGNATURE_BASE_Appinithook : FILE
 		date = "2015-07-15"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Z292v6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimikatz.yar#L156-L176"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimikatz.yar#L156-L176"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e7563e4f2a7e5f04a3486db4cefffba173349911a3c6abd7ae616d3bf08cfd45"
 		logic_hash = "a4de3a062e309715c339a45a16a7ff8f9a55851cb41097a6925fd11f649547d2"
 		score = 70
@@ -257889,8 +258452,8 @@ rule SIGNATURE_BASE_HKTL_Mimikatz_Skeletonkey_In_Memory_Aug20_1
 		date = "2020-08-09"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/sbousseaden/status/1292143504131600384?s=12"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimikatz.yar#L178-L190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimikatz.yar#L178-L190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0cc9a4d3b63e07a695df342bd2c96a55570502d6fd0ab9a1b61d63e28e1c3e05"
 		score = 75
 		quality = 85
@@ -257912,8 +258475,8 @@ rule SIGNATURE_BASE_HKTL_Mimikatz_Memssp_Hookfn
 		date = "2020-08-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/sbousseaden/YaraHunts/blob/master/mimikatz_memssp_hookfn.yara"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimikatz.yar#L192-L216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimikatz.yar#L192-L216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "27cf87f801111f17af76ab4c4f8329b73165f24f755d33edbb22d845bba6d3ff"
 		score = 70
 		quality = 85
@@ -257945,8 +258508,8 @@ rule SIGNATURE_BASE_HKTL_Mimikatz_Icon : FILE
 		date = "2023-02-18"
 		modified = "2023-12-05"
 		reference = "https://blog.gentilkiwi.com/mimikatz"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimikatz.yar#L218-L238"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimikatz.yar#L218-L238"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a07d477d1645e6df4f0706e44df11ea006c89e4d3218ed18a8a97b60853ff4ff"
 		score = 60
 		quality = 85
@@ -257974,11 +258537,11 @@ rule SIGNATURE_BASE_MAL_PE_Type_Babyshark_Loader : FILE
 		date = "2019-02-24"
 		modified = "2023-12-05"
 		reference = "https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_babyshark.yar#L4-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_babyshark.yar#L4-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0ab9a30cb731922d965a9cf58094fea36d5c74b9989324efee603808591ea6a5"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		hash1 = "6f76a8e16908ba2d576cf0e8cdb70114dcb70e0f7223be10aab3a728dc65c41c"
 
@@ -258000,8 +258563,8 @@ rule SIGNATURE_BASE_APT_NK_Babyshark_Kimjoingrat_Apr19_1 : FILE
 		date = "2019-04-27"
 		modified = "2023-12-05"
 		reference = "https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_babyshark.yar#L29-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_babyshark.yar#L29-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3fec0f21e299e09ae9734f256edbbca81a53f860b42e99a78b07d344552f1062"
 		score = 75
 		quality = 85
@@ -258030,8 +258593,8 @@ rule SIGNATURE_BASE_MAL_Netfilter_Dropper_Jun_2021_1_1 : FILE
 		date = "2020-06-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/struppigel/status/1405483373280235520"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_netfilter.yar#L4-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_netfilter.yar#L4-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b70eb5d2d234d0f523c41fa146f315cf7239bbe7a988b393e75ea6cf6aa438d3"
 		score = 75
 		quality = 85
@@ -258061,8 +258624,8 @@ rule SIGNATURE_BASE_MAL_Netfilter_May_2021_1_1 : FILE
 		date = "2020-06-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/struppigel/status/1405483373280235520"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_netfilter.yar#L28-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_netfilter.yar#L28-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ba72bbc38c27d0c8d6eea7d513c3ca40276edd929c93abae4098639f7d7649a5"
 		score = 75
 		quality = 83
@@ -258094,8 +258657,8 @@ rule SIGNATURE_BASE_Mal_Babbleloader_Win_Jan24 : FILE
 		date = "2025-01-27"
 		modified = "2025-03-20"
 		reference = "https://0x0d4y.blog/babbleloader-technical-malware-analysis/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_babbleloader_win_jan24.yar#L1-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_babbleloader_win_jan24.yar#L1-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fa3d03c319a7597712eeff1338dabf92"
 		logic_hash = "d4f7915146b1f3fe50febc231247e14323e9d68a94b2b9c8149a5727c06162ca"
 		score = 100
@@ -258124,8 +258687,8 @@ rule SIGNATURE_BASE_SUSP_Deviceguard_WDS_Evasion : FILE
 		date = "2015-01-01"
 		modified = "2023-01-06"
 		reference = "http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_deviceguard_evasion.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_deviceguard_evasion.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4be9d7c34f7bafeb53db4fc1262a3692493b2253b0de7dc97480b01b62a9f12c"
 		score = 70
 		quality = 85
@@ -258148,8 +258711,8 @@ rule SIGNATURE_BASE_Tidepool_Malware : FILE
 		date = "2016-05-24"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/m2CXWR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_tidepool.yar#L8-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_tidepool.yar#L8-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "759920ed7c9320e8412ed0644b28922a545b04f7549f0da6d6c67d6af8a7af3e"
 		score = 75
 		quality = 85
@@ -258182,8 +258745,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_1 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L13-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L13-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6e94111abe83aa500bfa35a3a7c2d43c3ed4011bc540401f047e84cfc27204ca"
 		score = 75
 		quality = 85
@@ -258209,8 +258772,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_2 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L31-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L31-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ddd3dee11e25ea40fa3cc578c6a836ea850359a5914d5eb5d16ea4340827b91b"
 		score = 75
 		quality = 85
@@ -258235,8 +258798,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_3 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L48-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L48-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f1617829ccf7da6ee2e9f692fbf1f61d3f1c6a17103db85190d6a8b4fca69328"
 		score = 75
 		quality = 85
@@ -258260,8 +258823,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_4 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L64-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L64-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f258070054a29cbec0876536d295b85c7bd9f23988d1e0fc2ba58660b0796716"
 		score = 75
 		quality = 85
@@ -258292,8 +258855,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_5 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L87-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L87-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6f2d4cfd55017ebb34fb6e8ad1b0b46b184926c69d4bacee88dc639771f96792"
 		score = 75
 		quality = 85
@@ -258317,8 +258880,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_6 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L103-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L103-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f6cc84ebed26a0dbecfcb3ffb3a11c111ae3d5b40497d59ada518d33bee57fdd"
 		score = 75
 		quality = 85
@@ -258341,8 +258904,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_7 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L118-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L118-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "198f8869e56d5549d9195524a86f6557162c5d25b4915bec0bf513797d880ea1"
 		score = 75
 		quality = 85
@@ -258365,8 +258928,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_8 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L133-L148"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L133-L148"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6c8ddc7fb5f3256e57e66f502f6e3c582d82540f773bf4113cac4a685d45f81b"
 		score = 75
 		quality = 85
@@ -258392,8 +258955,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_9 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L150-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L150-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0500481ae4bb7d4a223a106d2887b994e5000815704e678b2f3ff127a86c22a2"
 		score = 75
 		quality = 85
@@ -258416,8 +258979,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_10 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L172-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L172-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "79a8dfd63e96ccc9259272476e364e53b841b42255a2a5f3b9f93e91caa5d1c2"
 		score = 75
 		quality = 85
@@ -258444,8 +259007,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_11 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L191-L210"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L191-L210"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "066fc3622a0db5cc511e85f6efc08191c2c9268524c8761dc17a05e6d133c263"
 		score = 75
 		quality = 85
@@ -258473,8 +259036,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_12 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L212-L234"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L212-L234"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "49357a34f3b1d0bb86d1c6ddfa6a6c3b92bfafaebd050d835c0a902199a2121b"
 		score = 75
 		quality = 85
@@ -258507,8 +259070,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_13 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L236-L254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L236-L254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c319a3ca78687cd2af77d97b4b4a8e72dadd812bf3da2145a23df278c3aa9a2"
 		score = 75
 		quality = 85
@@ -258536,8 +259099,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_14 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L256-L276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L256-L276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c96a40495bc2a17a6215c877ad054bd2e1e10c524c2d54da1955d370b9ccdcd7"
 		score = 75
 		quality = 85
@@ -258565,8 +259128,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_15 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L278-L299"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L278-L299"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "22769d215e52965f48eb3455b39fbd8f8ce950a67f8132612d42b78fde9822a5"
 		score = 75
 		quality = 85
@@ -258597,8 +259160,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_16 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L301-L317"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L301-L317"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "950ece29e8fd056e3506684bce9b16eb185d63c1b020e4911972f5fcbdadbe30"
 		score = 75
 		quality = 85
@@ -258623,8 +259186,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_17 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L319-L343"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L319-L343"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0724e07614e704d9ac8a1ae4aecfcf3d9800dde6f83eeecc8427ab6205e321a6"
 		score = 75
 		quality = 85
@@ -258657,8 +259220,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_18 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_thrip.yar#L345-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_thrip.yar#L345-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5cac313bd77900e67f0528d660671394915dff7159ca6fa067fd9c392d7c269a"
 		score = 75
 		quality = 85
@@ -258690,8 +259253,8 @@ rule SIGNATURE_BASE_Seaduke_Sample : FILE
 		date = "2015-07-14"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/MJ0c2M"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_seaduke_unit42.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_seaduke_unit42.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d2e570129a12a47231a1ecb8176fa88a1bf415c51dabd885c513d98b15f75d4e"
 		logic_hash = "3bec2bedaafddd17ee65747f8be773287eda784bdfa8fc11e8378737139ef94e"
 		score = 70
@@ -258718,8 +259281,8 @@ rule SIGNATURE_BASE_Mywscript_Compiledscript : FILE
 		date = "2017-07-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_mywscript_dropper.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_mywscript_dropper.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5619de9589e3d34026bf4ec223f2c6b94fcb7362c8f3c26f7582030cfc4385cf"
 		score = 65
 		quality = 85
@@ -258744,8 +259307,8 @@ rule SIGNATURE_BASE_Flash_CVE_2015_5119_APT3_Leg : CVE_2015_5119 FILE
 		date = "2015-08-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2015_5119.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2015_5119.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "99af6b9ecc18b87b14968eb8fffefac7be10dd727d8af2d0488fae4a96196e85"
 		score = 70
 		quality = 85
@@ -258774,14 +259337,14 @@ rule SIGNATURE_BASE_MAL_ZIP_Socgholish_Mar21_1 : ZIP JS SOCGHOLISH FILE
 		date = "2021-03-29"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_socgholish.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_socgholish.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4f6566c145be5046b6be6a43c64d0acae38cada5eb49b2f73135b3ac3d6ba770"
 		hash = "54f756fbf8c20c76af7c9f538ff861690800c622d1c9db26eb3afedc50835b09"
 		hash = "dfdbec1846b74238ba3cfb8c7580c64a0fa8b14b6ed2b0e0e951cc6a9202dd8d"
 		logic_hash = "6621b029f65720e468bd167fcd7429a1f7ba8975298ddbd913b13fbe9e117df2"
 		score = 75
-		quality = 35
+		quality = 60
 		tags = "ZIP, JS, SOCGHOLISH, FILE"
 
 	strings:
@@ -258803,8 +259366,8 @@ rule SIGNATURE_BASE_EXT_MAL_JS_Socgholish_Mar21_1 : JS SOCGHOLISH FILE
 		date = "2021-03-29"
 		modified = "2023-01-02"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_socgholish.yar#L25-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_socgholish.yar#L25-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7ccbdcde5a9b30f8b2b866a5ca173063dec7bc92034e7cf10e3eebff017f3c23"
 		hash = "f6d738baea6802cbbb3ae63b39bf65fbd641a1f0d2f0c819a8c56f677b97bed1"
 		hash = "c7372ffaf831ad963c0a9348beeaadb5e814ceeb878a0cc7709473343d63a51c"
@@ -258837,8 +259400,8 @@ rule SIGNATURE_BASE_Socgholish_JS_22_02_2022 : FILE
 		date = "2022-02-22"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_socgholish.yar#L53-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_socgholish.yar#L53-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3e14d04da9cc38f371961f6115f37c30"
 		hash = "dffa20158dcc110366f939bd137515c3"
 		hash = "afee3af324951b1840c789540d5c8bff"
@@ -258866,8 +259429,8 @@ rule SIGNATURE_BASE_APT_Backdoor_Win_GORAT_3_1 : FILE
 		date = "2025-02-12"
 		modified = "2025-02-12"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_fireeye_redteam_tools.yar#L47-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_fireeye_redteam_tools.yar#L47-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "995120b35db9d2f36d7d0ae0bfc9c10d"
 		logic_hash = "4fda951281b3d711e50c24f543b528b93295a119af39245b4bece77f641bbf2b"
 		score = 75
@@ -258913,8 +259476,8 @@ rule SIGNATURE_BASE_Credtheft_MSIL_Adpasshunt_2_1 : FILE
 		date = "2025-02-12"
 		modified = "2025-02-12"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_fireeye_redteam_tools.yar#L845-L861"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_fireeye_redteam_tools.yar#L845-L861"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6efb58cf54d1bb45c057efcfbbd68a93"
 		logic_hash = "a76faa34a1f9cc891aeaa65525c8698e49d5a141854ca0cffb42f06a251bea43"
 		score = 50
@@ -258941,8 +259504,8 @@ rule SIGNATURE_BASE_APT_Backdoor_Win_Gorat_Memory_1
 		date = "2025-02-12"
 		modified = "2025-02-12"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_fireeye_redteam_tools.yar#L1013-L1039"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_fireeye_redteam_tools.yar#L1013-L1039"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3b926b5762e13ceec7ac3a61e85c93bb"
 		logic_hash = "bf8d80b7a7d35c1bcb353ff66d10bc95c2e6502043acc6554887465a467cdcf7"
 		score = 75
@@ -258975,8 +259538,8 @@ rule SIGNATURE_BASE_Hacktool_MSIL_Sharpivot_3_1 : FILE
 		date = "2025-02-12"
 		modified = "2025-02-12"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_fireeye_redteam_tools.yar#L1145-L1174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_fireeye_redteam_tools.yar#L1145-L1174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e4efa759d425e2f26fbc29943a30f5bd"
 		logic_hash = "f51ac9637f47a98beee1b3c37b594e292aab0e1d3f9e49c41b1f3c3ce02e17de"
 		score = 75
@@ -259015,8 +259578,8 @@ rule SIGNATURE_BASE_Hacktool_MSIL_SEATBELT_1_1 : FILE
 		date = "2020-12-08"
 		modified = "2023-01-27"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_fireeye_redteam_tools.yar#L1210-L1233"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_fireeye_redteam_tools.yar#L1210-L1233"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "848837b83865f3854801be1f25cb9f4d"
 		logic_hash = "89275ec08b75cef371b70fb749cbcada3f30309869094ab7940811fe40f8a008"
 		score = 75
@@ -259047,8 +259610,8 @@ rule SIGNATURE_BASE_APT_Builder_PY_REDFLARE_2_1
 		date = "2020-12-01"
 		modified = "2020-12-01"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_fireeye_redteam_tools.yar#L1376-L1391"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_fireeye_redteam_tools.yar#L1376-L1391"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4410e95de247d7f1ab649aa640ee86fb"
 		logic_hash = "0f28fb23c0c1d589466c7c541c8dc588b038d02dded0c66c4a448d1f768c95c5"
 		score = 75
@@ -259072,8 +259635,8 @@ rule SIGNATURE_BASE_APT_Backdoor_Win_GORAT_2_1 : FILE
 		date = "2025-02-12"
 		modified = "2025-02-12"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_fireeye_redteam_tools.yar#L1453-L1484"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_fireeye_redteam_tools.yar#L1453-L1484"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f59095f0ab15f26a1ead7eed8cdb4902"
 		logic_hash = "45c83e0d39184abcbc0ccc5804ab745b4feec1fad424a543a05754e5b4cca311"
 		score = 75
@@ -259115,8 +259678,8 @@ rule SIGNATURE_BASE_APT_Backdoor_Win_GORAT_4_1 : FILE
 		date = "2025-02-12"
 		modified = "2025-02-12"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_fireeye_redteam_tools.yar#L1706-L1716"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_fireeye_redteam_tools.yar#L1706-L1716"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f59095f0ab15f26a1ead7eed8cdb4902"
 		logic_hash = "fa76e994beb2ab1b7950cf9d6391adf4e1ba45586a14a6340fa8a25a904821e4"
 		score = 75
@@ -259135,8 +259698,8 @@ rule SIGNATURE_BASE_Hacktool_MSIL_PXELOOT_2_1 : FILE
 		date = "2020-12-08"
 		modified = "2023-01-27"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_fireeye_redteam_tools.yar#L2088-L2113"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_fireeye_redteam_tools.yar#L2088-L2113"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d93100fe60c342e9e3b13150fd91c7d8"
 		logic_hash = "f9a9167b806e0e3df3720c13b4009e18c5a36913d255978cb001c2284533ea82"
 		score = 75
@@ -259169,8 +259732,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_1 : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passcv.yar#L10-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passcv.yar#L10-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dfa356b4dff12c3de467c74763fc4d233db9ff5bc3e9ac9f052d331fa47a4ded"
 		score = 75
 		quality = 85
@@ -259203,8 +259766,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_Signing_Cert : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passcv.yar#L36-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passcv.yar#L36-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ead1de262858960a13b375713183f775bc275fbf4beba4c0839cef2baa5e9f00"
 		score = 50
 		quality = 85
@@ -259234,8 +259797,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_2 : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passcv.yar#L59-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passcv.yar#L59-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f640f1dc60c6714195dcdb9a0bb4fb0c34e0a62673bca00c7f49f7b73c3f9b0a"
 		score = 75
 		quality = 85
@@ -259267,8 +259830,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_Excalibur_1 : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passcv.yar#L84-L105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passcv.yar#L84-L105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ffbd971368420460573c4ecc68261088ffacf91ab9ae72405b41393b04aa2b46"
 		score = 75
 		quality = 85
@@ -259296,8 +259859,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_3 : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passcv.yar#L107-L124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passcv.yar#L107-L124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1032f41688e7cb3fe0be33b143c1af43ee705737a70af3b336ba8504ffe169a9"
 		score = 75
 		quality = 85
@@ -259323,8 +259886,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_4 : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passcv.yar#L126-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passcv.yar#L126-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c445e745ef520438fa7c4ddcae2657b57c80d798640fdd7c85eabf535f158911"
 		score = 75
 		quality = 85
@@ -259349,8 +259912,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Tool_Ntscan : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passcv.yar#L143-L159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passcv.yar#L143-L159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f2b41c1e6db8c9288663cccbf5659484ed415b403068cc566b31aa044bf0de9e"
 		score = 75
 		quality = 85
@@ -259375,8 +259938,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_5 : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passcv.yar#L161-L182"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passcv.yar#L161-L182"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "30508c6561a2bb908945e9092da1d5cf2257b8b183effcea25a1ba15567f3d20"
 		score = 75
 		quality = 85
@@ -259406,8 +259969,8 @@ rule SIGNATURE_BASE_Backdoor_Redosdru_Jun17 : HIGHVOL FILE
 		date = "2017-06-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/OOB3mH"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eternalblue_non_wannacry.yar#L12-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eternalblue_non_wannacry.yar#L12-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "99218c4decf98f02eb75c3c41a56f857a07779c68d30c4d16ca605052c4f9c3e"
 		score = 75
 		quality = 85
@@ -259440,8 +260003,8 @@ rule SIGNATURE_BASE_Backdoor_Nitol_Jun17 : FILE
 		date = "2017-06-04"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/OOB3mH"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eternalblue_non_wannacry.yar#L38-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eternalblue_non_wannacry.yar#L38-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9035b8bd74c284f170f8c9767d96580dba243786abaa3b2e79e05a981f8fa204"
 		score = 75
 		quality = 85
@@ -259472,8 +260035,8 @@ rule SIGNATURE_BASE_Xrat_1 : FILE
 		date = "2017-12-11"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Pg3P4W"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_xrat.yar#L12-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_xrat.yar#L12-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "032c5af4f34959783102977543d2caf6199b8d1880a64797882f591e36c64d69"
 		score = 75
 		quality = 85
@@ -259508,8 +260071,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbrokers_Jan17_Screen_Strings : FILE
 		date = "2017-01-08"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message7/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_jan17.yar#L10-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_jan17.yar#L10-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8015b227c5df68fffadb86b72843b2b831d5603978ada3f50cc535a870aa94eb"
 		score = 75
 		quality = 85
@@ -259545,8 +260108,8 @@ rule SIGNATURE_BASE_Suckfly_Nidiran_Gen_1 : FILE
 		date = "2018-01-28"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_suckfly.yar#L14-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_suckfly.yar#L14-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bf617259df00b16272caffa8f1ffcf8d29cb98cb6ab85ca52e0bb0706f0cd5b0"
 		score = 75
 		quality = 85
@@ -259571,8 +260134,8 @@ rule SIGNATURE_BASE_Suckfly_Nidiran_Gen_2 : FILE
 		date = "2018-01-28"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_suckfly.yar#L31-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_suckfly.yar#L31-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2e4f6a920e063113a9ff252869e1c2ebdf5a2495b4adb1edaf9500904234f362"
 		score = 75
 		quality = 85
@@ -259607,8 +260170,8 @@ rule SIGNATURE_BASE_Suckfly_Nidiran_Gen_3 : FILE
 		date = "2018-01-28"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_suckfly.yar#L61-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_suckfly.yar#L61-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4fddb55999bbbeecd92863219e878c840640e4d17008cb789a255528ef3fac9c"
 		score = 75
 		quality = 85
@@ -259640,8 +260203,8 @@ rule SIGNATURE_BASE_APT_Apt_Duqu2_Loaders : FILE
 		date = "2015-06-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_kaspersky_duqu2.yar#L10-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_kaspersky_duqu2.yar#L10-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "79f205745e61b55c43c239d9da9086fd72312ea2741351183d32f7c227174ff8"
 		score = 75
 		quality = 83
@@ -259678,8 +260241,8 @@ rule SIGNATURE_BASE_APT_Apt_Duqu2_Drivers : FILE
 		date = "2015-06-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_kaspersky_duqu2.yar#L40-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_kaspersky_duqu2.yar#L40-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "023a51408f86814a8f810d0f89b185aca07dd60a1abb6de47f86ad8eeda4c4c4"
 		score = 75
 		quality = 85
@@ -259707,8 +260270,8 @@ rule SIGNATURE_BASE_Duqu2_Generic1 : FILE
 		date = "2015-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/7yKyOj"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_kaspersky_duqu2.yar#L61-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_kaspersky_duqu2.yar#L61-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "742934198391bd30da654bf8efedc2a18c58dd0de357b2bcdbdbe8066187b0c2"
 		score = 75
 		quality = 85
@@ -259747,8 +260310,8 @@ rule SIGNATURE_BASE_APT_Kaspersky_Duqu2_Procexp : FILE
 		date = "2015-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/7yKyOj"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_kaspersky_duqu2.yar#L92-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_kaspersky_duqu2.yar#L92-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dd63f0eebc88fa0737905f20dc30dc968df81b7976a86ed8ed5646f7708c4b4a"
 		score = 75
 		quality = 85
@@ -259779,8 +260342,8 @@ rule SIGNATURE_BASE_APT_Kaspersky_Duqu2_Samsungprint : FILE
 		date = "2015-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/7yKyOj"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_kaspersky_duqu2.yar#L116-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_kaspersky_duqu2.yar#L116-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ce39f41eb4506805efca7993d3b0b506ab6776ca"
 		logic_hash = "9b2d80cfe3c47ac315b76c773acc3290668e06e4bbd99402e203b72af593fab8"
 		score = 75
@@ -259808,8 +260371,8 @@ rule SIGNATURE_BASE_APT_Kaspersky_Duqu2_Msi3_32 : FILE
 		date = "2015-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/7yKyOj"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_kaspersky_duqu2.yar#L136-L157"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_kaspersky_duqu2.yar#L136-L157"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "53d9ef9e0267f10cc10f78331a9e491b3211046b"
 		logic_hash = "718223d1ff82ffa0f3204e0cdaf0d441ed133f1f069d9ba2eb818bd3445f63ca"
 		score = 75
@@ -259840,8 +260403,8 @@ rule SIGNATURE_BASE_P0Wnedpowercat : FILE
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_p0wnshell.yar#L10-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_p0wnshell.yar#L10-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5882d0f91f237d2abe1149421db0e217e6dfcca70130d346a70d5c851eca085f"
 		score = 75
 		quality = 85
@@ -259870,8 +260433,8 @@ rule SIGNATURE_BASE_Hacktool_Strings_P0Wnedshell : FILE
 		date = "2017-01-14"
 		modified = "2023-02-10"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_p0wnshell.yar#L31-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_p0wnshell.yar#L31-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "faec8f0af877f1a80ff994e08c756728cea5f58000f7124c1a6e7e4c86e7f5c0"
 		score = 75
 		quality = 85
@@ -259908,8 +260471,8 @@ rule SIGNATURE_BASE_P0Wnedpotato
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_p0wnshell.yar#L64-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_p0wnshell.yar#L64-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d9107db6c6460429358a2f9f1f47d103e96811152e8d03517871ff0c66578d05"
 		score = 75
 		quality = 85
@@ -259936,8 +260499,8 @@ rule SIGNATURE_BASE_P0Wnedexploits
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_p0wnshell.yar#L83-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_p0wnshell.yar#L83-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "40f23316117faa63fa9e9a5d281600f8e9d41857aac815d22559391c74dec157"
 		score = 75
 		quality = 85
@@ -259961,8 +260524,8 @@ rule SIGNATURE_BASE_P0Wnedshellx64
 		date = "2017-01-14"
 		modified = "2021-09-15"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_p0wnshell.yar#L99-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_p0wnshell.yar#L99-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d7cd33548ed3485cc6f3cd289813a8eb83b34e800b839c5c8f8add5f9e01a3da"
 		score = 75
 		quality = 85
@@ -259989,8 +260552,8 @@ rule SIGNATURE_BASE_P0Wnedlistenerconsole
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_p0wnshell.yar#L120-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_p0wnshell.yar#L120-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "068e590f6f4f99c27814f2bf96d51e1c8c6422afcf8b99bb9f1852216335da7b"
 		score = 75
 		quality = 85
@@ -260020,8 +260583,8 @@ rule SIGNATURE_BASE_P0Wnedbinaries
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_p0wnshell.yar#L142-L161"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_p0wnshell.yar#L142-L161"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4df7fcf508a9257ea418bd1995158c3676037b310dc884d44658977fda81b13b"
 		score = 75
 		quality = 85
@@ -260050,8 +260613,8 @@ rule SIGNATURE_BASE_P0Wnedamsibypass
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_p0wnshell.yar#L163-L178"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_p0wnshell.yar#L163-L178"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1f7613506058706fc74979fdd4f9e425e9d16527120e0f2f49bc21e3e43d3b16"
 		score = 75
 		quality = 85
@@ -260076,8 +260639,8 @@ rule SIGNATURE_BASE_P0Wnedshell_Outputs
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_p0wnshell.yar#L180-L196"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_p0wnshell.yar#L180-L196"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "85d5317a473d981fe6ee1362789f34653a838c63d823bb62028a25c9db27cf6e"
 		score = 75
 		quality = 85
@@ -260103,8 +260666,8 @@ rule SIGNATURE_BASE_Keylogger_CN_APT : FILE
 		date = "2016-03-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_keylogger_cn.yar#L8-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_keylogger_cn.yar#L8-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3efb3b5be39489f19d83af869f11a8ef8e9a09c3c7c0ad84da31fc45afcf06e7"
 		logic_hash = "a5330d15ad7199212cec44ade401c224c40a468650abbc7bf282b26a21cdc22b"
 		score = 75
@@ -260140,8 +260703,8 @@ rule SIGNATURE_BASE_MAL_Gozicrypter_Dec20_1 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "YaraExchange"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_gozi_crypter.yar#L2-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_gozi_crypter.yar#L2-L13"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "51fdfbb59b8f52cc2ff89d994c0f89d2c2895c346b098879c68b4ccb880783c1"
 		score = 70
 		quality = 85
@@ -260162,8 +260725,8 @@ rule SIGNATURE_BASE_Gifcloaked_Webshell_A : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/yara_mixed_ext_vars.yar#L180-L201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/yara_mixed_ext_vars.yar#L180-L201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f1c95b13a71ca3629a0bb79601fcacf57cdfcf768806a71b26f2448f8c1d5d24"
 		logic_hash = "0c4570373d50c40745cd0523dcf8c34ee3cae1c298982b3a39d4a33e054aa779"
 		score = 60
@@ -260193,8 +260756,8 @@ rule SIGNATURE_BASE_SUSP_ELF_SPARC_Hunting_SBZ_Obfuscation : FILE
 		date = "2023-04-02"
 		modified = "2023-05-08"
 		reference = "https://netadr.github.io/blog/a-quick-glimpse-sbz/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_sparc_sbz_apr23.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_sparc_sbz_apr23.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3d45dc8d8dbc62cee6b7ec4aa842eaa88bd23aea17e995eef4850fd91e7069a3"
 		score = 60
 		quality = 85
@@ -260216,8 +260779,8 @@ rule SIGNATURE_BASE_SUSP_ELF_SPARC_Hunting_SBZ_Uniquestrings
 		date = "2023-04-02"
 		modified = "2023-05-08"
 		reference = "https://netadr.github.io/blog/a-quick-glimpse-sbz/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_sparc_sbz_apr23.yar#L26-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_sparc_sbz_apr23.yar#L26-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bb95fc6bda0a0ed8ffc6db9734c725c487b0e70909d60119bf58d60987daaaeb"
 		score = 60
 		quality = 85
@@ -260241,8 +260804,8 @@ rule SIGNATURE_BASE_SUSP_ELF_SPARC_Hunting_SBZ_Modulestruct : FILE
 		date = "2023-04-02"
 		modified = "2023-05-08"
 		reference = "https://netadr.github.io/blog/a-quick-glimpse-sbz/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_sparc_sbz_apr23.yar#L49-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_sparc_sbz_apr23.yar#L49-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dc9608c769dcb14ba01559bfe2e8ed03eebf5695b867b53742f26e3fcce389ca"
 		score = 60
 		quality = 85
@@ -260264,8 +260827,8 @@ rule SIGNATURE_BASE_SUSP_Email_Redirection_Spoofing_Feb25
 		date = "2025-02-20"
 		modified = "2025-03-20"
 		reference = "https://any.run/cybersecurity-blog/cyber-attacks-january-2025/#fake-youtube-links-redirect-users-to-phishing-pages-11298"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/susp_email_redirection_spoofing.yar#L1-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/susp_email_redirection_spoofing.yar#L1-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9b196220b369c199a7e4d57cb5db18b32eb2565a6f9190929c5c01ac4fa04ac8"
 		hash = "c4eb35c1a1c10226bff9bb0c88ca516441208d193b4994eeb292a66e53a2cc04"
 		hash = "e3b8ea03a472348814c6ac81088234836e627a1878ec36e46ce62526e1390935"
@@ -260291,8 +260854,8 @@ rule SIGNATURE_BASE_MAL_LNX_Camarodragon_Sheel_Oct23 : FILE
 		date = "2023-10-06"
 		modified = "2023-12-05"
 		reference = "https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_camaro_dragon_oct23.yar#L2-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_camaro_dragon_oct23.yar#L2-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b06f645b766a099adb71c144bdced70c130735e75d5be6451f71077c7d3a5d19"
 		score = 85
 		quality = 85
@@ -260318,8 +260881,8 @@ rule SIGNATURE_BASE_MAL_LNX_Camarodragon_Horseshell_Oct23 : FILE
 		date = "2023-10-06"
 		modified = "2023-12-05"
 		reference = "https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_camaro_dragon_oct23.yar#L27-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_camaro_dragon_oct23.yar#L27-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "73adaa286b345cffd35e6ba017b3204d8818dcaeea8a48ca93959566461ac3ca"
 		score = 85
 		quality = 85
@@ -260350,8 +260913,8 @@ rule SIGNATURE_BASE_LOG_EXPL_SUSP_Teamcity_CVE_2023_42793_Oct23_1 : CVE_2023_427
 		date = "2023-10-02"
 		modified = "2023-12-05"
 		reference = "https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793/rapid7-analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_teamcity_2023_42793.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_teamcity_2023_42793.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3b6c8e3e3ff91563899ca94904a56460cd702a3e58e0aacf1c3acb506ec3f959"
 		score = 70
 		quality = 85
@@ -260375,8 +260938,8 @@ rule SIGNATURE_BASE_LOG_EXPL_SUSP_Teamcity_Oct23_1
 		date = "2023-10-02"
 		modified = "2023-12-05"
 		reference = "https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793/rapid7-analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_teamcity_2023_42793.yar#L20-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_teamcity_2023_42793.yar#L20-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a2f0abffb9c72e6b32875310e5af7365b6cab4e6c4f6188daa3085b57c38ed0e"
 		score = 70
 		quality = 85
@@ -260399,8 +260962,8 @@ rule SIGNATURE_BASE_MAL_EXPL_Perfctl_Oct24 : FILE
 		date = "2024-10-09"
 		modified = "2024-12-12"
 		reference = "https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_perfctl_oct24.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_perfctl_oct24.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "44d4683efc66b3c6c2d32be6b83a2bbc1db39c9a020365dddd27c20667bc6a66"
 		score = 80
 		quality = 85
@@ -260425,8 +260988,8 @@ rule SIGNATURE_BASE_MAL_LNX_Perfctl_Oct24 : FILE
 		date = "2024-10-09"
 		modified = "2024-12-12"
 		reference = "https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_perfctl_oct24.yar#L23-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_perfctl_oct24.yar#L23-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d47df34240f59124542acc41484e8935327490c04c4e15a558b2ffc6f9c52ea8"
 		score = 75
 		quality = 85
@@ -260452,8 +261015,8 @@ rule SIGNATURE_BASE_PHISH_02Dez2015_Dropped_P0O6543F_1 : FILE
 		date = "2015-12-02"
 		modified = "2023-12-05"
 		reference = "http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-excel-xls-spreadsheet-malware/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_phish_gina_dec15.yar#L8-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_phish_gina_dec15.yar#L8-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "db788d6d3a8ed1a6dc9626852587f475e7671e12fa9c9faa73b7277886f1e210"
 		logic_hash = "91fc1b4682c1490b916b11685e1ecc74a964d657e544c0b84e8301b299154d02"
 		score = 75
@@ -260484,8 +261047,8 @@ rule SIGNATURE_BASE_PHISH_02Dez2015_Dropped_P0O6543F_2 : FILE
 		date = "2015-12-03"
 		modified = "2023-12-05"
 		reference = "http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-excel-xls-spreadsheet-malware/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_phish_gina_dec15.yar#L31-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_phish_gina_dec15.yar#L31-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f5eb21d0f635171e1edcfecc909bc3508dfb6c32e7fdd7263edd5cd98e6ba411"
 		score = 75
 		quality = 85
@@ -260511,8 +261074,8 @@ rule SIGNATURE_BASE_PHISH_02Dez2015_Attach_P_ORD_C_10156_124658 : FILE
 		date = "2015-12-02"
 		modified = "2023-12-05"
 		reference = "http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-excel-xls-spreadsheet-malware/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_phish_gina_dec15.yar#L49-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_phish_gina_dec15.yar#L49-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a2820b024b371447eab71f153b6251776719cfe55e08cb2a3cda5ee6da29949d"
 		score = 75
 		quality = 85
@@ -260547,8 +261110,8 @@ rule SIGNATURE_BASE_Keyboys_Malware_1 : FILE
 		date = "2017-11-02"
 		modified = "2023-12-05"
 		reference = "http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_keyboys.yar#L13-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_keyboys.yar#L13-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "78fb48c4b3e09f0d55ca6049601ea62dd526167481725b48de6624bb27fb943b"
 		score = 75
 		quality = 85
@@ -260587,8 +261150,8 @@ rule SIGNATURE_BASE_Keyboy_Installclient : FILE
 		date = "2018-03-26"
 		modified = "2023-12-05"
 		reference = "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_keyboys.yar#L52-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_keyboys.yar#L52-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "701b87785562dc391191b1e59573c6027b27c4fffe1c9155a82114521c85bc59"
 		score = 75
 		quality = 85
@@ -260618,8 +261181,8 @@ rule SIGNATURE_BASE_Keyboy_Wab32Res : FILE
 		date = "2018-03-26"
 		modified = "2023-12-05"
 		reference = "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_keyboys.yar#L75-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_keyboys.yar#L75-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5e23bfeed0587ac69527234dd3f8b4f8c5628128ab667af7b99c4d75ca99459b"
 		score = 75
 		quality = 85
@@ -260650,8 +261213,8 @@ rule SIGNATURE_BASE_Keyboy_Rasauto : FILE
 		date = "2018-03-26"
 		modified = "2023-12-05"
 		reference = "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_keyboys.yar#L98-L126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_keyboys.yar#L98-L126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "87529000522d5fad4346a0228c96d3adf122587d91b0cff083948787e53cc024"
 		score = 75
 		quality = 85
@@ -260684,8 +261247,8 @@ rule SIGNATURE_BASE_Keyboy_876_0X4E20000 : FILE
 		date = "2018-03-26"
 		modified = "2023-12-05"
 		reference = "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_keyboys.yar#L128-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_keyboys.yar#L128-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "092bb19cd7a4250560ea71a3e54780a8fd34a229caa294e4cd5b6d522850d519"
 		score = 75
 		quality = 85
@@ -260718,8 +261281,8 @@ rule SIGNATURE_BASE_Glassrat
 		date = "2015-11-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_glassRAT.yar#L8-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_glassRAT.yar#L8-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "939d2cb11ff414641f68b2913fe8d24458e1fd7ba450b8781072bb10da3ad039"
 		score = 75
 		quality = 85
@@ -260750,8 +261313,8 @@ rule SIGNATURE_BASE_Glassrat_Generic : FILE
 		date = "2015-11-23"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/peering-into-glassrat/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_glassRAT.yar#L45-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_glassRAT.yar#L45-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fdd309c403e53bfa80340c1334f90fd5ef5f4618737b19069a07f7aa63aeb23d"
 		score = 80
 		quality = 85
@@ -260787,8 +261350,8 @@ rule SIGNATURE_BASE_Bin_Ndisk : FILE
 		date = "2015-07-07"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/en/file/a03a6ed90b89945a992a8c69f716ec3c743fa1d958426f4c50378cca5bef0a01/analysis/1436184181/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hackingteam_rules.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hackingteam_rules.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cf5089752ba51ae827971272a5b761a4ab0acd84"
 		logic_hash = "d93147e9631065eab35cbbc4ce112cfef92f81063cf8570bc021fbfe72811ab6"
 		score = 100
@@ -260818,8 +261381,8 @@ rule SIGNATURE_BASE_Hackingteam_Elevator_DLL : FILE
 		date = "2015-07-07"
 		modified = "2023-12-05"
 		reference = "http://t.co/EG0qtVcKLh"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hackingteam_rules.yar#L33-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hackingteam_rules.yar#L33-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b7ec5d36ca702cc9690ac7279fd4fea28d8bd060"
 		logic_hash = "f2860c0bb6176f7cc57cb703e9d4235c4cf0b9cc1c0e7c47fb4c8ba47155a616"
 		score = 70
@@ -260851,8 +261414,8 @@ rule SIGNATURE_BASE_Hackingteam_Elevator_EXE : FILE
 		date = "2015-07-07"
 		modified = "2023-12-05"
 		reference = "Hacking Team Disclosure elevator.c"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hackingteam_rules.yar#L58-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hackingteam_rules.yar#L58-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9261693b67b6e379ad0e57598602712b8508998c0cb012ca23139212ae0009a1"
 		logic_hash = "58f3c28fa69da0329a4cd5451a86260056076a9d0094965e9c23a63ef72cfc98"
 		score = 70
@@ -260888,8 +261451,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Scheduledtask_Loader : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L3-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L3-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2d32ee777cb40c6fa58787e92c0de074ea5b81d629a17ccb4f9432d62436f03c"
 		score = 80
 		quality = 85
@@ -260912,8 +261475,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Kaosrat_Yamabot
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L20-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L20-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "92182aac2e56041292102b0486b7de1ee6eb3d54a9fc6786c567acd92073cd84"
 		score = 70
 		quality = 85
@@ -260944,8 +261507,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Trifaux_Easyrat_JUPITER : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L44-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L44-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6108035dbebd34fe994fc1f8b4123321321f6ed5c022be6e84a88f905ea6fb73"
 		score = 80
 		quality = 85
@@ -260968,8 +261531,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Cutiedrop_Magicrat : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L61-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L61-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f289bbd71bdeaf2c42063642454679ec26de5ed24c020af40db694a0ced54884"
 		score = 80
 		quality = 85
@@ -260997,8 +261560,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_HHSD_Filetransfertool : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L87-L126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L87-L126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "665c1b27d64d5377be98aa4e629b077e56f3a44273d98653a338439b3dc05b65"
 		score = 70
 		quality = 85
@@ -261022,8 +261585,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Atharvan_3RAT : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L128-L142"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L128-L142"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "741318234e245a35accc0b102a7891559ce5ef868ccdc3e6e4c8e59d8dea8b24"
 		score = 80
 		quality = 85
@@ -261045,8 +261608,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Lilithrat_Variant : FILE
 		date = "2024-07-25"
 		modified = "2024-07-26"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L144-L179"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L144-L179"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3ce68908468ff85683b081842fa4faa579fbf6f7dc1a7fab5dcf7eac63d90aea"
 		score = 80
 		quality = 85
@@ -261076,8 +261639,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Sockstroy_Strings_Opcodes : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L181-L200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L181-L200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6ab31b285d0dba1745a2d8b172bd02931c6138e2b8e541203b88f111d179549b"
 		score = 80
 		quality = 85
@@ -261101,8 +261664,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Agni : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L202-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L202-L217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "302899b65e5a3a6beabbb46e80e3f0ff246c209206cc3a7f871011d68871d0b9"
 		score = 80
 		quality = 85
@@ -261124,8 +261687,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Golang_Validalpha_Handshake
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L219-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L219-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1978210d07d3298c0051c9faca16685636e3fb45131b4c2fcb7053a0b3ef84d1"
 		score = 75
 		quality = 85
@@ -261146,8 +261709,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Golang_Validalpha_Tasks
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L233-L248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L233-L248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0d3fb944888b289d345ffc8dfcc988abd04b8cabd1729a66e8236f95ee6147ee"
 		score = 80
 		quality = 85
@@ -261171,8 +261734,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Golang_Validalpha_Blackstring : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L250-L262"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L250-L262"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "07ea38890e99dd53437a23b7c4002851604b69a83bd7fb8971609226249e5954"
 		score = 90
 		quality = 85
@@ -261193,8 +261756,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_ELF_Backdoor_Fipps : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L292-L308"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L292-L308"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3b57eb6c6b89e93863b9600c4a1384f3e064f236e827ef9ffc37b1e5dcff7d24"
 		score = 80
 		quality = 85
@@ -261218,8 +261781,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Bindshell : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L310-L328"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L310-L328"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "409aa6a27d81e14ea90d90ee02924cb11f5fecef592e6577b084f9ab2dde35fc"
 		score = 70
 		quality = 85
@@ -261245,8 +261808,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Grease2 : FILE
 		date = "2024-07-25"
 		modified = "2024-07-26"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L330-L351"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L330-L351"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "138fc915206e0c2834090ebc0a808913488121d51c17de3dbfadcb4099fbfa2f"
 		score = 80
 		quality = 85
@@ -261270,8 +261833,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Nopineapple_Dtrack_Unpacked : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L353-L368"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L353-L368"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cf5f92a66ba3ff4db61102dcc50b781e8dd14ca7cb1eb70dae8eba2ed0910b66"
 		score = 80
 		quality = 85
@@ -261294,8 +261857,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Dtrack_Unpacked : FILE
 		date = "2024-07-25"
 		modified = "2024-07-26"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L370-L393"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L370-L393"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d8de583fc0de01e6784305d28dbf7cea859a24cf4df1dc59356601bc830e4770"
 		score = 75
 		quality = 85
@@ -261320,8 +261883,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Tigerrat_Crowdsourced_Rule : FILE
 		date = "2024-07-25"
 		modified = "2024-07-26"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L395-L424"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L395-L424"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5d203d8c7e624796571f4597f70be0b8303f21c096640f25018cad29d4abc05b"
 		score = 75
 		quality = 85
@@ -261349,8 +261912,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_WIN_Tiger_RAT_Auto : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L426-L566"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L426-L566"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1deef66efb44c0d17f33508a8b6f0d6253f0308f309e81657f78eb0f87121bf5"
 		score = 75
 		quality = 85
@@ -261386,8 +261949,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_WIN_Dtrack_Auto : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_andariel_jul24.yar#L568-L708"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_andariel_jul24.yar#L568-L708"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2bd68ee6e5f35a9b80c07120beba3fe1f3ba9a9137ee15bb04bb2740381a9a44"
 		score = 75
 		quality = 85
@@ -261422,8 +261985,8 @@ rule SIGNATURE_BASE_EXPL_Manageengine_CVE_2022_47966_Jan23_1
 		date = "2023-01-13"
 		modified = "2023-12-05"
 		reference = "https://www.horizon3.ai/manageengine-cve-2022-47966-iocs/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_manageengine_jan23.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_manageengine_jan23.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a62064e4f12632ba6c14cbbd9369ee919536334f19021a177c126b5dff7e568c"
 		score = 75
 		quality = 85
@@ -261445,8 +262008,8 @@ rule SIGNATURE_BASE_KHRAT_Malware : FILE
 		date = "2017-08-31"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_khrat.yar#L13-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_khrat.yar#L13-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cfc1a9fb4dbec4deb70616ab7c4cce3cf56429f61fd36f78245621527d011e20"
 		score = 75
 		quality = 85
@@ -261466,8 +262029,8 @@ rule SIGNATURE_BASE_MAL_KHRAT_Script
 		date = "2017-08-31"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_khrat.yar#L26-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_khrat.yar#L26-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c27a89028794b50b95850d90ee29b56606e6b58b862a26e287077e7f7be7f096"
 		score = 75
 		quality = 85
@@ -261492,8 +262055,8 @@ rule SIGNATURE_BASE_MAL_KHRAT_Scritplet : FILE
 		date = "2017-08-31"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_khrat.yar#L43-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_khrat.yar#L43-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cbbabd8e2f17827d96aeef4ea362f133cf3fcc31716c517b86a05a010ff62510"
 		score = 75
 		quality = 85
@@ -261522,8 +262085,8 @@ rule SIGNATURE_BASE_ATM_Malware_Dispenserxfs_1 : FILE
 		date = "2019-02-27"
 		modified = "2023-01-06"
 		reference = "https://twitter.com/r3c0nst/status/1100775857306652673"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_atm_dispenserxfs.yar#L4-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_atm_dispenserxfs.yar#L4-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c7331b29f7cd8c40f99e235664f86361ba99c9ca0092c1cfb6faf367764303e"
 		score = 80
 		quality = 85
@@ -261548,8 +262111,8 @@ rule SIGNATURE_BASE_Saudi_Phish_Trojan : FILE
 		date = "2017-10-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Z3JUAA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_saudi_aramco_phish.yar#L10-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_saudi_aramco_phish.yar#L10-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f7199d2e408cc057d88234e4041c7d87652d1ed361eaaf75bb37da45900e9f38"
 		score = 75
 		quality = 85
@@ -261576,8 +262139,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_DLL_Moveit_Jun23_1 : FILE
 		date = "2023-06-01"
 		modified = "2023-12-05"
 		reference = "https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_moveit_0day_jun23.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_moveit_0day_jun23.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "47c2ec1e833852941434586b61d6f435b9acb32b2ff48e0a9e8006e0f9ff8056"
 		score = 85
 		quality = 85
@@ -261602,8 +262165,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Moveit_Jun23_1 : FILE
 		date = "2023-06-01"
 		modified = "2023-12-05"
 		reference = "https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_moveit_0day_jun23.yar#L24-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_moveit_0day_jun23.yar#L24-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "436f9a503ad938541faa8f34604310ba6d932e40a41dc189ccd293b7191a7621"
 		score = 85
 		quality = 85
@@ -261629,8 +262192,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Moveit_Exploitation_Indicator_Jun23_1
 		date = "2023-06-01"
 		modified = "2023-12-05"
 		reference = "https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_moveit_0day_jun23.yar#L43-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_moveit_0day_jun23.yar#L43-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "26674d8dea5cb2e95e442c4c75d80ca610f7373f0b216c0b1c83a5b1f9f70316"
 		score = 70
 		quality = 85
@@ -261652,8 +262215,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Moveit_Exploitation_Indicator_Jun23_2
 		date = "2023-06-03"
 		modified = "2023-12-05"
 		reference = "https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_moveit_0day_jun23.yar#L58-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_moveit_0day_jun23.yar#L58-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "56328d078801a702ad47f01f356df6f00be8da593d03c549e77312af9b47b5be"
 		score = 70
 		quality = 85
@@ -261680,8 +262243,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Moveit_Exploitation_Indicator_Jun23_3
 		date = "2023-06-13"
 		modified = "2023-12-05"
 		reference = "https://attackerkb.com/topics/mXmV0YpC3W/cve-2023-34362/rapid7-analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_moveit_0day_jun23.yar#L81-L94"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_moveit_0day_jun23.yar#L81-L94"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2eaa06c31687c6368f036a705fdc1b1c42355f19c098ae764a998039cc4aebb5"
 		score = 70
 		quality = 85
@@ -261703,8 +262266,8 @@ rule SIGNATURE_BASE_ROKRAT_Malware : FILE
 		date = "2017-04-03"
 		modified = "2021-09-14"
 		reference = "http://blog.talosintelligence.com/2017/04/introducing-rokrat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rokrat.yar#L8-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rokrat.yar#L8-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8b8fa3f97ce13e501cc25b89e2cfdaf785f1cb9f57a9dbd3461596b1bc6178c2"
 		score = 75
 		quality = 85
@@ -261738,8 +262301,8 @@ rule SIGNATURE_BASE_ROKRAT_Dropper_Nov17 : FILE
 		date = "2017-11-28"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rokrat.yar#L48-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rokrat.yar#L48-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4a444342a4fb4d10aaf8efb5c26954847ce1089c9cec37d1ab3b03e0ac566c6c"
 		score = 75
 		quality = 85
@@ -261760,8 +262323,8 @@ rule SIGNATURE_BASE_Freeenki_Infostealer_Nov17 : FILE
 		date = "2017-11-28"
 		modified = "2023-01-06"
 		reference = "http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rokrat.yar#L63-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rokrat.yar#L63-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e823ef5506b2fdf30a6ff9bdf6eee552b767b66a6c007a30618fc212d598b540"
 		score = 75
 		quality = 85
@@ -261794,8 +262357,8 @@ rule SIGNATURE_BASE_Freeenki_Infostealer_Nov17_Export_Sig_Testing : FILE
 		date = "2017-11-28"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rokrat.yar#L94-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rokrat.yar#L94-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2c6d8784aa976501a77441c4e705b7fdc9654277e8cd3f6d966967fb2e1cd724"
 		score = 50
 		quality = 85
@@ -261815,8 +262378,8 @@ rule SIGNATURE_BASE_ROKRAT_Nov17_1 : FILE
 		date = "2017-11-28"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rokrat.yar#L110-L127"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rokrat.yar#L110-L127"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "12641d417408ef32292204f620efa3d1347238fa1c6f63b2b6f09a6c660e9e24"
 		score = 75
 		quality = 85
@@ -261842,8 +262405,8 @@ rule SIGNATURE_BASE_Invoke_Psimage : FILE
 		date = "2017-12-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/peewpw/Invoke-PSImage"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_invoke_psimage.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_invoke_psimage.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ce4bc73fcba3b82e4d11203aa2c3f0b2f85c6eb9e1784ad76a7b20500b4053f8"
 		score = 75
 		quality = 85
@@ -261877,8 +262440,8 @@ rule SIGNATURE_BASE_Telebots_Intercepterng : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_telebots.yar#L10-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_telebots.yar#L10-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cbf0d44d871ec471e891fb909612f58263ec0b0c702f87875f6e027362409318"
 		score = 75
 		quality = 85
@@ -261908,8 +262471,8 @@ rule SIGNATURE_BASE_Telebots_Killdisk_1 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_telebots.yar#L32-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_telebots.yar#L32-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e70d324c408bae1bb42b16f19cd0e6b87e8228c7480d571fef5266eee5695fd2"
 		score = 75
 		quality = 85
@@ -261938,8 +262501,8 @@ rule SIGNATURE_BASE_Telebots_Killdisk_2 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_telebots.yar#L53-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_telebots.yar#L53-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e4ae09a226c4eecae18e685423ef30b3776be518609f89a078c647fe8ee00f19"
 		score = 75
 		quality = 85
@@ -261964,8 +262527,8 @@ rule SIGNATURE_BASE_Telebots_Credraptor_Password_Stealer : FILE
 		date = "2016-12-14"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_telebots.yar#L70-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_telebots.yar#L70-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ed884cb7643a61109f87e2887bed7ddb838c73bce28812b76c35bb807629e116"
 		score = 75
 		quality = 85
@@ -261992,8 +262555,8 @@ rule SIGNATURE_BASE_Telebots_VBS_Backdoor_1 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_telebots.yar#L90-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_telebots.yar#L90-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4ff4963058674cf71c123af74c0947da2edf3b5e2622261d14200f406dbe2992"
 		score = 75
 		quality = 85
@@ -262019,8 +262582,8 @@ rule SIGNATURE_BASE_Telebots_VBS_Backdoor_2 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_telebots.yar#L108-L123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_telebots.yar#L108-L123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "299a2ca6eacc29b4a7697a8502a56cffda4f6bc6b3354d3cc133712c1755c476"
 		score = 75
 		quality = 85
@@ -262045,8 +262608,8 @@ rule SIGNATURE_BASE_Telebots_Win64_Spy_Keylogger_G : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_telebots.yar#L125-L144"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_telebots.yar#L125-L144"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1b4db8f290bd4f943a90669afd5bff6b766d0723fb3ee9c69d7097e737beadc8"
 		score = 75
 		quality = 85
@@ -262076,8 +262639,8 @@ rule SIGNATURE_BASE_SUSP_THOR_Unsigned_Oct23_1 : FILE
 		date = "2023-10-28"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_unsigned_thor.yar#L4-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_unsigned_thor.yar#L4-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "12303e3549071dd6c8896f7a1222eb5905f6b4d3f320134416a5b6d53857adeb"
 		score = 75
 		quality = 85
@@ -262100,8 +262663,8 @@ rule SIGNATURE_BASE_Win32_Buzus_Softpulse : FILE
 		date = "2015-05-13"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_buzus_softpulse.yar#L2-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_buzus_softpulse.yar#L2-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2f6df200e63a86768471399a74180466d2e99ea9"
 		logic_hash = "49625594db57e9d629860970c20493b76e554addc2edb41adba64673a820a94b"
 		score = 75
@@ -262130,8 +262693,8 @@ rule SIGNATURE_BASE_Bernhardpos
 		date = "2015-07-14"
 		modified = "2023-12-05"
 		reference = "http://morphick.com/blog/2015/7/14/bernhardpos-new-pos-malware-discovered-by-morphick"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_bernhard_pos.yar#L1-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_bernhard_pos.yar#L1-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e49820ef02ba5308ff84e4c8c12e7c3d"
 		logic_hash = "c00f2fda5a391b44767d918945069f18cef084dd4dc6aa94d8f945bf97ac462a"
 		score = 70
@@ -262157,8 +262720,8 @@ rule SIGNATURE_BASE_SUSP_Xored_URL_In_EXE : FILE
 		date = "2020-03-09"
 		modified = "2022-09-16"
 		reference = "https://twitter.com/stvemillertime/status/1237035794973560834"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_xor.yar#L4-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_xor.yar#L4-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2113324ae04a9022be4cf5c615ad231206eeefb5aa87a2236ec3c9deee9e7ec2"
 		score = 50
 		quality = 85
@@ -262198,8 +262761,8 @@ rule SIGNATURE_BASE_MAL_Sednit_Delphidownloader_Apr18_2 : FILE
 		date = "2018-04-24"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sednit_delphidownloader.yar#L11-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sednit_delphidownloader.yar#L11-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "32acbec3405007afce22b0521785439686338d4d3beb02a1d7b9005e49d87221"
 		score = 75
 		quality = 85
@@ -262235,8 +262798,8 @@ rule SIGNATURE_BASE_MAL_Sednit_Delphidownloader_Apr18_3 : FILE
 		date = "2018-04-24"
 		modified = "2023-01-06"
 		reference = "https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sednit_delphidownloader.yar#L40-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sednit_delphidownloader.yar#L40-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "20446692842ec9481f34dd976f6b309515c33159653f9988a59335d2f04e4138"
 		score = 75
 		quality = 85
@@ -262267,8 +262830,8 @@ rule SIGNATURE_BASE_Octowave_Installer_03_2025 : FILE
 		date = "2025-03-28"
 		modified = "2025-04-08"
 		reference = "https://x.com/CyberRaiju/status/1893450184224362946?t=u0X6ST2Qgnrf-ujjphGOSg&s=19"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_octowave_installer_mar25.yar#L1-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_octowave_installer_mar25.yar#L1-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "14b6247cf619ecb8f14fc0a860fa4285e58db2defa15488cda1b2431b3e3e980"
 		score = 75
 		quality = 60
@@ -262307,8 +262870,8 @@ rule SIGNATURE_BASE_Tempracer : FILE
 		date = "2016-03-30"
 		modified = "2023-12-05"
 		reference = "http://www.darknet.org.uk/2016/03/tempracer-windows-privilege-escalation-tool/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_tempracer.yar#L10-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_tempracer.yar#L10-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e17d80c4822d16371d75e1440b6ac44af490b71fbee1010a3e8a5eca94d22bb3"
 		logic_hash = "37355456e13ea9fa6429b68970e0450f4ddbd8da81c070a0383b1e048a05e35a"
 		score = 75
@@ -262335,8 +262898,8 @@ rule SIGNATURE_BASE_MAL_Shellcode_Loader_Apr23
 		date = "2023-04-03"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_mal_gopuram_apr23.yar#L3-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_mal_gopuram_apr23.yar#L3-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e4e423158757c80b5e4e77f6a343323a87798c6697cf6a832aa01a146712b250"
 		score = 80
 		quality = 85
@@ -262361,8 +262924,8 @@ rule SIGNATURE_BASE_APT_MAL_Gopuram_Backdoor_Apr23 : FILE
 		date = "2023-02-24"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_mal_gopuram_apr23.yar#L20-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_mal_gopuram_apr23.yar#L20-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aa3dd1f35d27d23eb775410cceae81d5b767dc0f1636aac67f2d2e988a3ed995"
 		score = 80
 		quality = 85
@@ -262388,8 +262951,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_DLL_Apr23_1 : FILE
 		date = "2023-04-03"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_mal_gopuram_apr23.yar#L43-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_mal_gopuram_apr23.yar#L43-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e0a8f3896c0119ce399e83fe3e565c66144693e84996aa3d01ca1b6315521782"
 		score = 75
 		quality = 85
@@ -262420,8 +262983,8 @@ rule SIGNATURE_BASE_APT_UNC4736_NK_MAL_TAXHAUL_3CX_Apr23_1 : FILE
 		date = "2023-03-04"
 		modified = "2023-12-05"
 		reference = "https://www.3cx.com/blog/news/mandiant-initial-results/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_mal_gopuram_apr23.yar#L77-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_mal_gopuram_apr23.yar#L77-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f67af611d0b3d96e4aaf7b3b5e49c1fb536e61a430b79ac0a0560ef3773ba140"
 		score = 80
 		quality = 85
@@ -262443,8 +263006,8 @@ rule SIGNATURE_BASE_SUSP_Maldoc_Excelmacro : FILE
 		date = "2020-11-03"
 		modified = "2023-12-05"
 		reference = "YARA Exchange - Undisclosed Macro Builder"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_macro_builders.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_macro_builders.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c5d0655eaf2ca36c828675f9673a1d4284ef8719fd9ec1d354ee3284d1fb0a0c"
 		score = 65
 		quality = 85
@@ -262469,8 +263032,8 @@ rule SIGNATURE_BASE_Triton_Trilog : FILE
 		date = "2017-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/vtQoCQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_triton.yar#L70-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_triton.yar#L70-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6406e9e7651978a6817079945dc801afdb6c16dd107527cbfd9a946eca27a51a"
 		score = 75
 		quality = 85
@@ -262495,8 +263058,8 @@ rule SIGNATURE_BASE_MAL_Crime_Win32_Loader_Guloader_1_Experimental : FILE
 		date = "2020-05-04"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1257206565146370050"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_guloader.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_guloader.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "03b7e0251b1c08798ce310cc4c11adfaa3071409d608c91c30d5fc7e28a079de"
 		score = 50
 		quality = 85
@@ -262519,8 +263082,8 @@ rule SIGNATURE_BASE_SUSP_SVG_JS_Payload_Mar25 : FILE
 		date = "2025-03-20"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_svg_js_phish_mar25.yar#L3-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_svg_js_phish_mar25.yar#L3-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7b4b8e42d4df56412969cd1c38dcb750d21b10a54d257a9b918bd6ae0e0f8d11"
 		hash = "4ae2ebc103f5de7ccfd75603b543d602b5c793e1ef7db19fbb60ff2e42611f75"
 		hash = "b92e9d6f8a516e78b3e848c4b5b2815b406c9478e6be3777f3e784ceedc66f4a"
@@ -262555,8 +263118,8 @@ rule SIGNATURE_BASE_Malware_QA_Not_Copy : FILE
 		date = "2016-08-29"
 		modified = "2023-12-05"
 		reference = "VT Research QA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_malware_set_qa.yar#L13-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_malware_set_qa.yar#L13-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4001d71101a9c6d4134e7ed4b9b03d34ada62241a668970e21a60d7a23dd7b86"
 		score = 80
 		quality = 85
@@ -262587,8 +263150,8 @@ rule SIGNATURE_BASE_Malware_QA_Update : FILE
 		date = "2016-08-29"
 		modified = "2023-12-05"
 		reference = "VT Research QA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_malware_set_qa.yar#L39-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_malware_set_qa.yar#L39-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "97e0fec7bb4ebf326b449cc0d65eb9f024b33e1d2e54c6d3893164b66c024b2a"
 		score = 80
 		quality = 85
@@ -262625,8 +263188,8 @@ rule SIGNATURE_BASE_Malware_QA_Tls : FILE
 		date = "2016-08-29"
 		modified = "2023-12-05"
 		reference = "VT Research QA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_malware_set_qa.yar#L71-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_malware_set_qa.yar#L71-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "20c849d8c60acd77a28244c7ebcbb2f96b233e74af6c52112a0c828e1de2ed84"
 		score = 80
 		quality = 85
@@ -262651,8 +263214,8 @@ rule SIGNATURE_BASE_Malware_QA_Get_The_Fucking_IP : FILE
 		date = "2016-08-29"
 		modified = "2023-12-05"
 		reference = "VT Research QA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_malware_set_qa.yar#L89-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_malware_set_qa.yar#L89-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ab6a60142ef0e7a6e079a1b62da0b962dc3b59584b785516e93c74669574a81b"
 		score = 80
 		quality = 85
@@ -262679,8 +263242,8 @@ rule SIGNATURE_BASE_Malware_QA_Vqgk : FILE
 		date = "2016-08-29"
 		modified = "2022-12-21"
 		reference = "VT Research QA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_malware_set_qa.yar#L109-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_malware_set_qa.yar#L109-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "19b7099cdb8a984f1ba6cf88024db398a81ac4f4bf3c16cac40c5ee0e5b465fd"
 		score = 80
 		quality = 85
@@ -262715,8 +263278,8 @@ rule SIGNATURE_BASE_Malware_QA_1177 : FILE
 		date = "2016-08-29"
 		modified = "2023-12-05"
 		reference = "VT Research QA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_malware_set_qa.yar#L139-L161"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_malware_set_qa.yar#L139-L161"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0fa8e6c048bcc51553e8078a71416013696dd937c1508cd636873eab56c3797f"
 		score = 80
 		quality = 81
@@ -262745,8 +263308,8 @@ rule SIGNATURE_BASE_Custom_Ssh_Backdoor_Server
 		date = "2015-05-14"
 		modified = "2022-08-18"
 		reference = "https://goo.gl/S46L3o"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_backdoor_ssh_python.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_backdoor_ssh_python.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0953b6c2181249b94282ca5736471f85d80d41c9"
 		logic_hash = "7bb142b69a75003e8f26d462c0895a3d807d5c326684e83d756178a3b91669dc"
 		score = 75
@@ -262770,8 +263333,8 @@ rule SIGNATURE_BASE_Dubseven_File_Set : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_between-hk-and-burma.yar#L1-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_between-hk-and-burma.yar#L1-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "af98ab901ca97a350aa837779d74208a780b1099e113cfa59bee2eb33690918e"
 		score = 75
 		quality = 85
@@ -262799,8 +263362,8 @@ rule SIGNATURE_BASE_Dubseven_Dropper_Registry_Checks : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_between-hk-and-burma.yar#L31-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_between-hk-and-burma.yar#L31-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "813ff641a4213cf9d56013768e284e7f622a223c6c4f585c3bbbcf69fc03723c"
 		score = 75
 		quality = 85
@@ -262827,8 +263390,8 @@ rule SIGNATURE_BASE_Dubseven_Dropper_Dialog_Remains : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_between-hk-and-burma.yar#L59-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_between-hk-and-burma.yar#L59-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "322ddc1210b6bde393970c61113e6efcb87a3529db386323dfd08973e5d2703e"
 		score = 75
 		quality = 85
@@ -262850,8 +263413,8 @@ rule SIGNATURE_BASE_Maindll_Mutex : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_between-hk-and-burma.yar#L83-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_between-hk-and-burma.yar#L83-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8d3311164104198e02e700c2e9a5293e55d75d63b39c75c4e375b7f35eb5fde4"
 		score = 75
 		quality = 85
@@ -262872,8 +263435,8 @@ rule SIGNATURE_BASE_Slserver_Dialog_Remains : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_between-hk-and-burma.yar#L106-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_between-hk-and-burma.yar#L106-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5b18f4a6c54b456ae697e9639e8c3041fd4f3141d89850c3e1d3d4e220c3cea3"
 		score = 75
 		quality = 85
@@ -262898,8 +263461,8 @@ rule SIGNATURE_BASE_Slserver_Mutex : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_between-hk-and-burma.yar#L138-L158"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_between-hk-and-burma.yar#L138-L158"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9bf3c6c93e77424463e3fb6f9f4d58e80254866462fe1287293b0a357737da20"
 		score = 75
 		quality = 85
@@ -262920,8 +263483,8 @@ rule SIGNATURE_BASE_Slserver_Command_And_Control : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_between-hk-and-burma.yar#L160-L180"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_between-hk-and-burma.yar#L160-L180"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "48a13d27b7dc9a7f3a65752142b2a291e7c3ee93ef67b36aa4202d065e74d80e"
 		score = 75
 		quality = 85
@@ -262942,8 +263505,8 @@ rule SIGNATURE_BASE_Slserver_Campaign_Code : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_between-hk-and-burma.yar#L182-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_between-hk-and-burma.yar#L182-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fbf53678399b0e14eae6f1bb6594b2aa665f76f10388e492bec2f9101a4dd4b1"
 		score = 75
 		quality = 85
@@ -262964,8 +263527,8 @@ rule SIGNATURE_BASE_Slserver_Unknown_String : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_between-hk-and-burma.yar#L204-L224"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_between-hk-and-burma.yar#L204-L224"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "18d3bb236282c506c161949883722da1cb0af6dd87bf5cb3d4a5b3d90f4a7db0"
 		score = 75
 		quality = 85
@@ -262986,8 +263549,8 @@ rule SIGNATURE_BASE_APT_MAL_SLOTHFULMEDIA_Oct20_1 : FILE
 		date = "2020-10-01"
 		modified = "2023-12-05"
 		reference = "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-275a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_iamtheking.yar#L2-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_iamtheking.yar#L2-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e50bda40eb05767e0903c3d8dd62b4e0290d89740c82c8b7f391d5763dc35156"
 		score = 75
 		quality = 85
@@ -263040,8 +263603,8 @@ rule SIGNATURE_BASE_Metasploit_Loader_Rsmudge : FILE
 		date = "2016-04-20"
 		modified = "2023-12-05"
 		reference = "https://github.com/rsmudge/metasploit-loader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_loader_rsmudge.yar#L10-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_loader_rsmudge.yar#L10-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "50b1898e3087a5e0876b87179252c452af48e00bbef52297060d70acd90d0133"
 		score = 75
 		quality = 85
@@ -263068,8 +263631,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Dropper_Gen1 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_threatgroup_3390.yar#L8-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_threatgroup_3390.yar#L8-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "927821e974cff6cd4d15b19bf4d0486abc57725ecdf6f00755dd4f912fbf82d1"
 		score = 70
 		quality = 85
@@ -263107,8 +263670,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Sample1 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_threatgroup_3390.yar#L50-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_threatgroup_3390.yar#L50-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "746df577e952e0354342a48fe9f1650e63e3470902e7c5bba36d36fa34ea2bff"
 		score = 80
 		quality = 85
@@ -263132,8 +263695,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Sample2 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_threatgroup_3390.yar#L67-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_threatgroup_3390.yar#L67-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c7e945131a867bf46a467784d7119c95342733cc723cdeeb76d69c8fdb326749"
 		score = 80
 		quality = 85
@@ -263159,8 +263722,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Gen : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_threatgroup_3390.yar#L86-L124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_threatgroup_3390.yar#L86-L124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cbc1dec88994427fc5003c9506f5a766531136ee80a16d00d2bf5bd5d7990cb3"
 		score = 90
 		quality = 85
@@ -263207,8 +263770,8 @@ rule SIGNATURE_BASE_Plugx_Nvsmartmax_Gen : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_threatgroup_3390.yar#L126-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_threatgroup_3390.yar#L126-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7795b0d978f9447a6cee808708d65992447e359539a8fe64331c06ad46ff7491"
 		score = 70
 		quality = 85
@@ -263244,8 +263807,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Dropper_Gen2 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_threatgroup_3390.yar#L156-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_threatgroup_3390.yar#L156-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bf274053fe7729471716a710e3bd5ed027d6ab2c45f7af9a1103bfa1ada9cbf4"
 		score = 70
 		quality = 85
@@ -263280,8 +263843,8 @@ rule SIGNATURE_BASE_Threatgroup3390_Strings : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_threatgroup_3390.yar#L185-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_threatgroup_3390.yar#L185-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d1e4889a48f4f9bfcc12237dd44cd8ad9db9918c6a5859de086d1ddc051ff937"
 		score = 60
 		quality = 85
@@ -263307,8 +263870,8 @@ rule SIGNATURE_BASE_Threatgroup3390_C2 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_threatgroup_3390.yar#L204-L323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_threatgroup_3390.yar#L204-L323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "be411bb8e301eb4ba611bc9d6c8f0e3b8c27b87c2dd3f8405d0eba0296117697"
 		score = 60
 		quality = 60
@@ -263436,8 +263999,8 @@ rule SIGNATURE_BASE_Kraken_Bot_Sample : FILE
 		date = "2015-05-07"
 		modified = "2023-12-05"
 		reference = "https://blog.gdatasoftware.com/blog/article/dissecting-the-kraken.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_kraken_bot1.yar#L8-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_kraken_bot1.yar#L8-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "798e9f43fc199269a3ec68980eb4d91eb195436d"
 		logic_hash = "2e0f0a981ce3483aad8e48f6a259f9875ea4f8449feb24bafbae07243dd82a16"
 		score = 90
@@ -263464,8 +264027,8 @@ rule SIGNATURE_BASE_FE_Webshell_PL_ATRIUM_1
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L12-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L12-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ca0175d86049fa7c796ea06b413857a3"
 		logic_hash = "869b397616495c644beb997602eac84ddcdbacce4c14755c555f5bda36663ca2"
 		score = 75
@@ -263489,12 +264052,12 @@ rule SIGNATURE_BASE_FE_Trojan_SH_ATRIUM_1
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L29-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L29-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a631b7a8a11e6df3fccb21f4d34dbd8a"
 		logic_hash = "672a293660d89d5d7d62a658c360bad0b6408611d8794744b17a81e6a75ceea7"
 		score = 75
-		quality = 60
+		quality = 35
 		tags = ""
 
 	strings:
@@ -263515,8 +264078,8 @@ rule SIGNATURE_BASE_FE_APT_Webshell_PL_HARDPULSE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L46-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L46-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "980cba9e82faf194edb6f3cc20dc73ff"
 		logic_hash = "37fc40fd998d3294edb05707170bc2deec524fc6451bff212901f9ac3e34bb35"
 		score = 75
@@ -263544,8 +264107,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_Linux32_LOCKPICK_1 : FILE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L66-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L66-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e8bfd3f5a2806104316902bbe1195ee8"
 		logic_hash = "1623c2dc63fe7d595069a024b715bbca267ec1c9400afcadc377ae58afb81a2a"
 		score = 75
@@ -263568,8 +264131,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_Linux32_PACEMAKER : FILE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L81-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L81-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d7881c4de4d57828f7e1cab15687274b"
 		logic_hash = "f3f89744ce558179f36da3b412ba4afb3798684e6d976ef59de565b5a3323ad6"
 		score = 75
@@ -263595,8 +264158,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_Linux_PACEMAKER : FILE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L99-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L99-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d7881c4de4d57828f7e1cab15687274b"
 		logic_hash = "cf83024cbbd500a301ac3c859b680cd79acabc232ea6f42c23fe9f8918a8d914"
 		score = 75
@@ -263621,8 +264184,8 @@ rule SIGNATURE_BASE_FE_APT_Webshell_PL_PULSECHECK_1
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L116-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L116-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a1dcdf62aafc36dd8cf64774dea80d79fb4e24ba2a82adf4d944d9186acd1cc1"
 		logic_hash = "aba457dd33232ef37ca145c5b7cd9c5fe809730339a55c5e90ac46b4a136f6cb"
 		score = 75
@@ -263651,12 +264214,12 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_PULSEJUMP_1
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L137-L153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L137-L153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "91ee23ee24e100ba4a943bb4c15adb4c"
 		logic_hash = "c9aa2b9ef8aff14c20ed6597b1a71eafc3e3c181aabf9a3a68df18945207ff86"
 		score = 75
-		quality = 85
+		quality = 60
 		tags = ""
 
 	strings:
@@ -263677,12 +264240,12 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_QUIETPULSE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L154-L172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L154-L172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "00575bec8d74e221ff6248228c509a16"
 		logic_hash = "226a56369e141834d4834400bbf1a006bbb6e9b39e16e24b0106bff1a9c202a9"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = ""
 
 	strings:
@@ -263705,8 +264268,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_RADIALPULSE_1
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L173-L190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L173-L190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d72daafedf41d484f7f9816f7f076a9249a6808f1899649b7daa22c0447bb37b"
 		logic_hash = "d65a466cc15214d8e26597588c039a6b9fb4637ef8f3b1ebea27f016fbd5cba8"
 		score = 75
@@ -263732,8 +264295,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_RADIALPULSE_2
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L191-L208"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L191-L208"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4a2a7cbc1c8855199a27a7a7b51d0117"
 		logic_hash = "4ade993176c918ec23e99fc585e9ab14d9f9e93a7eca00f2c3b0ebbd13d6ec5b"
 		score = 75
@@ -263759,8 +264322,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_RADIALPULSE_3
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L209-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L209-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4a2a7cbc1c8855199a27a7a7b51d0117"
 		logic_hash = "025308591e058de284f949fd4f788e4a4f46bb2f6c0e1161237f1f811d8179ba"
 		score = 75
@@ -263786,8 +264349,8 @@ rule SIGNATURE_BASE_FE_APT_Backdoor_Linux32_SLOWPULSE_1 : FILE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L227-L244"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L227-L244"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cd09ec795a8f4b6ced003500a44d810f49943514e2f92c81ab96c33e1c0fbd68"
 		logic_hash = "c1d92ea4ed8e5934c8356e1e52092935c53a138e454026737448f7f523ea06be"
 		score = 75
@@ -263813,8 +264376,8 @@ rule SIGNATURE_BASE_FE_APT_Webshell_PL_STEADYPULSE_1
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_pulsesecure.yar#L265-L284"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_pulsesecure.yar#L265-L284"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "168976797d5af7071df257e91fcc31ce1d6e59c72ca9e2f50c8b5b3177ad83cc"
 		logic_hash = "a0e3ebdd02ccf5cc8fc0a83c1d0224aed45dc5094eb85bd855e5b74b34e3aaaf"
 		score = 75
@@ -263842,8 +264405,8 @@ rule SIGNATURE_BASE_Malware_JS_Powershell_Obfuscated : FILE
 		date = "2017-03-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_javascript_powershell.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_javascript_powershell.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1dd745624971f10acb7911433f363b0cf20c8c45344f702d7f3549c58689b371"
 		score = 75
 		quality = 85
@@ -263866,8 +264429,8 @@ rule SIGNATURE_BASE_MAL_Go_Modbus_Jul24_1 : FILE
 		date = "2024-07-23"
 		modified = "2024-07-24"
 		reference = "https://hub.dragos.com/hubfs/Reports/Dragos-FrostyGoop-ICS-Malware-Intel-Brief-0724_.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_go_modbus.yar#L2-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_go_modbus.yar#L2-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d992c8159deca0ed2b2a33da3c31fdf0efa9a09ba941d059fa7fc1bad458aed1"
 		score = 75
 		quality = 85
@@ -263895,8 +264458,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_1 : FILE
 		date = "2018-02-07"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_middle_east_talosreport.yar#L13-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_middle_east_talosreport.yar#L13-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e5ea689de4be64a02aed31c85a4bd56561ba932587998bc276ddba248d73fa2d"
 		score = 75
 		quality = 85
@@ -263917,8 +264480,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_2 : FILE
 		date = "2018-02-07"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_middle_east_talosreport.yar#L28-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_middle_east_talosreport.yar#L28-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "414e7760c56d2a1713258bb5c5f65e4fb561523ae037f8715d7fba5914ef9211"
 		score = 75
 		quality = 85
@@ -263945,8 +264508,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_3 : FILE
 		date = "2018-02-07"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_middle_east_talosreport.yar#L50-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_middle_east_talosreport.yar#L50-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7d45f9f624285ed13a16901335585490459f22ef8af157c38b720118735ed432"
 		score = 75
 		quality = 85
@@ -263973,8 +264536,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_4 : FILE
 		date = "2018-02-07"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_middle_east_talosreport.yar#L68-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_middle_east_talosreport.yar#L68-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "83340b2d8f5f58f886eb318b80d7fbb0b9a4f5ad634db857edc405932f3ea5bc"
 		score = 75
 		quality = 85
@@ -263994,8 +264557,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_5 : FILE
 		date = "2018-02-07"
 		modified = "2022-08-18"
 		reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_middle_east_talosreport.yar#L81-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_middle_east_talosreport.yar#L81-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b958a09be09de03e702a0653cf51148698b35c29bed90edbc3a65e485f0c3aa6"
 		score = 75
 		quality = 85
@@ -264023,8 +264586,8 @@ rule SIGNATURE_BASE_SVG_Loadurl : FILE
 		date = "2015-05-24"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/psjCCc"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cryptowall_svg.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cryptowall_svg.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d9e40694e2d0099495289a2074e266bace9b0d9d776391020a1527eaabd2a395"
 		score = 50
 		quality = 85
@@ -264052,8 +264615,8 @@ rule SIGNATURE_BASE_TA459_Malware_May17_1 : FILE
 		date = "2017-05-31"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/RLf9qU"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta459.yar#L12-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta459.yar#L12-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2655d4c3a28ad2f77bbf50cd3dface7de49f675f0f974aa44d9b69c3f803da30"
 		score = 75
 		quality = 85
@@ -264077,8 +264640,8 @@ rule SIGNATURE_BASE_TA459_Malware_May17_2 : FILE
 		date = "2017-05-31"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/RLf9qU"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta459.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta459.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9904f3905672e5209df037dff1fa2e4d88ee33531096045eb9b9f7460458b6a2"
 		score = 75
 		quality = 85
@@ -264104,8 +264667,8 @@ rule SIGNATURE_BASE_Eternalrocks_Taskhost : FILE
 		date = "2017-05-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/stamparm/status/864865144748298242"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_eternalrocks.yar#L12-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_eternalrocks.yar#L12-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "45e5295f34280078c586c4cb643dba65aed63beffb1d6ded05de03403caf273a"
 		score = 75
 		quality = 85
@@ -264132,8 +264695,8 @@ rule SIGNATURE_BASE_Eternalrocks_Svchost : FILE
 		date = "2017-05-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/stamparm/status/864865144748298242"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_eternalrocks.yar#L32-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_eternalrocks.yar#L32-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "989df6d582949adbc4e0e2063c99d9ad83c367cedae1030dc23aade091216602"
 		score = 75
 		quality = 85
@@ -264159,8 +264722,8 @@ rule SIGNATURE_BASE_MAL_Ryuk_Ransomware : FILE
 		date = "2018-12-31"
 		modified = "2023-12-05"
 		reference = "https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ryuk_ransomware.yar#L3-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ryuk_ransomware.yar#L3-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "01e8ad348e5954374fc0f9fc25ba1ee83db4a2a50e622b27640aa2eb394dc5a0"
 		score = 75
 		quality = 85
@@ -264187,8 +264750,8 @@ rule SIGNATURE_BASE_APT_Cobaltstrike_Beacon_Indicator : FILE
 		date = "2018-11-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/JPCERTCC/aa-tools/blob/master/cobaltstrikescan.py"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cobaltstrike.yar#L40-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cobaltstrike.yar#L40-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0f429a7a8c8bbea22eba3bbf81e391dab8e957583283a995d1d60d42f17c20e7"
 		score = 75
 		quality = 83
@@ -264210,8 +264773,8 @@ rule SIGNATURE_BASE_HKTL_Cobaltstrike_Beacon_Strings
 		date = "2021-03-16"
 		modified = "2023-12-05"
 		reference = "https://www.elastic.co/blog/detecting-cobalt-strike-with-memory-signatures"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cobaltstrike.yar#L54-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cobaltstrike.yar#L54-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4349a7ad94df2269217b55c2aef9628c4eef078566c276936accdd4f996ba2cf"
 		score = 75
 		quality = 85
@@ -264234,8 +264797,8 @@ rule SIGNATURE_BASE_HKTL_Cobaltstrike_Beacon_XOR_Strings
 		date = "2021-03-16"
 		modified = "2023-12-05"
 		reference = "https://www.elastic.co/blog/detecting-cobalt-strike-with-memory-signatures"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cobaltstrike.yar#L69-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cobaltstrike.yar#L69-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b5009c29055784ce6371100417b862f723d7e3c1b4081c563fcd8770db48051f"
 		score = 75
 		quality = 85
@@ -264262,8 +264825,8 @@ rule SIGNATURE_BASE_HKTL_Cobaltstrike_Beacon_4_2_Decrypt
 		date = "2021-03-16"
 		modified = "2023-12-05"
 		reference = "https://www.elastic.co/blog/detecting-cobalt-strike-with-memory-signatures"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cobaltstrike.yar#L90-L102"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cobaltstrike.yar#L90-L102"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8685b1626c8d263f49ccf129dcd4fe1b42482fcdb37c2e109cedcecaed8c2407"
 		score = 75
 		quality = 85
@@ -264285,8 +264848,8 @@ rule SIGNATURE_BASE_HKTL_Win_Cobaltstrike : COMMODITY
 		date = "2021-05-25"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cobaltstrike.yar#L104-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cobaltstrike.yar#L104-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b041efb8ba2a88a3d172f480efa098d72eef13e42af6aa5fb838e6ccab500a7c"
 		logic_hash = "1e8a68050ff25f77e903af2e0a85579be1af77c64684e42e8f357eee4ae59377"
 		score = 75
@@ -264314,8 +264877,8 @@ rule SIGNATURE_BASE_CVE_2014_4076_Exploitcode : CVE_2014_4076 FILE
 		date = "2018-04-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/yarGen"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2014_4076.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2014_4076.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "96b8743de8b3968d64b74af93f5e61574a3b31d33df6d51e944b4f02c7b9723e"
 		score = 75
 		quality = 85
@@ -264342,8 +264905,8 @@ rule SIGNATURE_BASE_EXPL_Exchange_Proxynotshell_Patterns_CVE_2022_41040_Oct22_1
 		modified = "2023-03-15"
 		old_rule_name = "EXPL_Exchange_ProxyNoShell_Patterns_CVE_2022_41040_Oct22_1"
 		reference = "https://github.com/kljunowsky/CVE-2022-41040-POC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cve_2022_41040_proxynoshell.yar#L2-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cve_2022_41040_proxynoshell.yar#L2-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "81b0f0fea2762beb47826ff95545c87e960e098b9d5f45eacfe07b3ecf319ac5"
 		score = 75
 		quality = 60
@@ -264370,8 +264933,8 @@ rule SIGNATURE_BASE_Notpetya_Ransomware_Jun17 : FILE
 		date = "2017-06-27"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/h6iaGj"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_nopetya_jun17.yar#L12-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_nopetya_jun17.yar#L12-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e49fd918e9cc09a60434e62767794cd908f195cb71fd7a752a2b4802973bc92e"
 		score = 75
 		quality = 85
@@ -264408,8 +264971,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Proxytoken_Exploitation_Aug21_1 : CVE_2021_33766
 		date = "2021-08-30"
 		modified = "2023-12-05"
 		reference = "https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2021_33766_proxytoken.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2021_33766_proxytoken.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ff0c3e4f7491f5faec3e2688819ea5ec636a7d4eb57941afff6f53f60b0c0293"
 		score = 75
 		quality = 85
@@ -264436,8 +264999,8 @@ rule SIGNATURE_BASE_EXT_APT32_Goopdate_Installer
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://about.fb.com/news/2020/12/taking-action-against-hackers-in-bangladesh-and-vietnam/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt32.yar#L3-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt32.yar#L3-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "69730f2c2bb9668a17f8dfa1f1523e0e1e997ba98f027ce98f5cbaa869347383"
 		logic_hash = "1dcb3009c5c19ff4e54d82d3a4b99b3431e78664f1660522a781e815d96958c4"
 		score = 75
@@ -264463,8 +265026,8 @@ rule SIGNATURE_BASE_EXT_APT32_Osx_Backdoor_Loader : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://about.fb.com/news/2020/12/taking-action-against-hackers-in-bangladesh-and-vietnam/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt32.yar#L22-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt32.yar#L22-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "768510fa9eb807bba9c3dcb3c7f87b771e20fa3d81247539e9ea4349205e39eb"
 		logic_hash = "26964f95a9298b838e06fb9d7f739c8b87a976d8da7fb08416e952d26e84b84e"
 		score = 75
@@ -264493,8 +265056,8 @@ rule SIGNATURE_BASE_Plugx_J16_Gen : FILE
 		date = "2016-06-08"
 		modified = "2023-12-05"
 		reference = "VT Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_win_plugx.yar#L10-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_win_plugx.yar#L10-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3e988243663264b2647e098e36b83dd675141fa9765c9bd47c30f29bf176cd8f"
 		score = 75
 		quality = 85
@@ -264533,8 +265096,8 @@ rule SIGNATURE_BASE_Plugx_J16_Gen2 : FILE
 		date = "2016-06-08"
 		modified = "2023-12-05"
 		reference = "VT Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_win_plugx.yar#L42-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_win_plugx.yar#L42-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8fbe90cbff5d408d26b0a5ace6833a0e3100d11ff544184d9ccc2f39ee806de9"
 		score = 75
 		quality = 85
@@ -264564,8 +265127,8 @@ rule SIGNATURE_BASE_Scarcruft_Malware_Feb18_1 : FILE
 		date = "2018-02-03"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/craiu/status/959477129795731458"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_scarcruft.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_scarcruft.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa1ed130518a2096bd731dce917512d560160e271ad8f0ccd57fbedd478a5502"
 		score = 90
 		quality = 85
@@ -264587,8 +265150,8 @@ rule SIGNATURE_BASE_SUSP_Doc_Windowsinstaller_Call_Feb22_1 : FILE
 		date = "2022-02-26"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/threatinsight/status/1497355737844133895"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_maldoc.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_maldoc.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "279182487ab7d35264adfbd0d122ee7634cd92ae1711de78ec7f20928df34f49"
 		score = 65
 		quality = 85
@@ -264612,8 +265175,8 @@ rule SIGNATURE_BASE_Gen_Trojan_Mikey : FILE
 		date = "2015-05-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_mikey_trojan.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_mikey_trojan.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a8e6c3ca056b3ff2495d7728654b780735b3a4cb"
 		logic_hash = "5454953bba09d6fc866bcb23ef81a0b6763d8f82b8b606597548cbb5cf6053ed"
 		score = 70
@@ -264641,8 +265204,8 @@ rule SIGNATURE_BASE_Gen_Excel_Xor_Obfuscation_Velvetsweatshop : FILE
 		date = "2020-10-09"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/BouncyHat/status/1308896366782042113"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_excel_xor_obfuscation_velvetsweatshop.yar#L3-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_excel_xor_obfuscation_velvetsweatshop.yar#L3-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c38d56199d34adfc98d8032321239ab20c6eaa8abcafd56f8e1cf24fd3a4094f"
 		score = 75
 		quality = 85
@@ -264668,8 +265231,8 @@ rule SIGNATURE_BASE_EXPL_Exchange_Proxyshell_Failed_Aug21_1 : SCRIPT
 		date = "2021-08-08"
 		modified = "2021-08-09"
 		reference = "https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxyshell.yar#L1-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxyshell.yar#L1-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "690e74633ac8671727fe47f6398e536c1b7a4ac469d27d3f7507c75e175716bd"
 		score = 50
 		quality = 60
@@ -264691,11 +265254,11 @@ rule SIGNATURE_BASE_EXPL_Exchange_Proxyshell_Successful_Aug21_1 : SCRIPT
 		date = "2021-08-08"
 		modified = "2025-03-21"
 		reference = "https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxyshell.yar#L17-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxyshell.yar#L17-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "06ab609a8efe3b36b6356a9cf7b7b11b2fc2a556ec1df6995008a9df86b3fcee"
 		score = 65
-		quality = 58
+		quality = 83
 		tags = "SCRIPT"
 
 	strings:
@@ -264714,10 +265277,10 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Aug21_2 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "a351a466-695e-570e-8c7f-9c6c0534839c"
 		date = "2021-08-13"
-		modified = "2025-09-05"
+		modified = "2025-11-03"
 		reference = "https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-are-getting-hacked-via-proxyshell-exploits/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxyshell.yar#L35-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxyshell.yar#L35-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4ede197d482f0a9e553ba857b5049e7b7405e3df92460e19418fa0653c844982"
 		score = 75
 		quality = 85
@@ -264736,10 +265299,10 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Aug21_3 : FILE
 		author = "Max Altgelt"
 		id = "a7bca62b-c8f1-5a38-81df-f3d4582a590b"
 		date = "2021-08-23"
-		modified = "2025-09-05"
+		modified = "2025-11-03"
 		reference = "https://twitter.com/gossithedog/status/1429175908905127938?s=12"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxyshell.yar#L50-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxyshell.yar#L50-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f071aaa8918b359f786f2ac7447eeaedb5a6fca9e0a0c0e8820e011244424503"
 		score = 75
 		quality = 85
@@ -264758,10 +265321,10 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Sep21_1 : FILE
 		author = "Tobias Michalski"
 		id = "d0d23e17-6b6a-51d1-afd9-59cc2404bcd8"
 		date = "2021-09-17"
-		modified = "2025-09-05"
+		modified = "2025-11-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxyshell.yar#L66-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxyshell.yar#L66-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "219468c10d2b9d61a8ae70dc8b6d2824ca8fbe4e53bbd925eeca270fef0fd640"
 		logic_hash = "233ec15dff8da5f2beaa931eb06849aa37e548947c1068d688a1695d977605d8"
 		score = 75
@@ -264781,10 +265344,10 @@ rule SIGNATURE_BASE_APT_IIS_Config_Proxyshell_Artifacts : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "21888fc0-82c6-555a-9320-9cbb8332a843"
 		date = "2021-08-25"
-		modified = "2025-09-05"
+		modified = "2025-11-03"
 		reference = "https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxyshell.yar#L82-L105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxyshell.yar#L82-L105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a4557694629448d258b8b2fefc278e059217560e7a0ec3279863a16fb9b3989c"
 		score = 90
 		quality = 85
@@ -264812,10 +265375,10 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Exploitation_Aug21_1 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "1fa563fc-c91c-5f4e-98f1-b895e1acb4f4"
 		date = "2021-08-25"
-		modified = "2025-09-05"
+		modified = "2025-11-03"
 		reference = "https://twitter.com/VirITeXplorer/status/1430206853733097473"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxyshell.yar#L107-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxyshell.yar#L107-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8a2417bb85c7f91d98143d2f4c26d30416b3a01ba8abc1445ccfae5609825b4d"
 		score = 90
 		quality = 85
@@ -264834,11 +265397,11 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Aug15 : FILE
 		author = "Moritz Oettle"
 		id = "b1e6c0f3-787f-59b8-8123-4045522047ca"
 		date = "2021-09-04"
-		modified = "2025-09-04"
+		modified = "2025-11-03"
 		reference = "https://github.com/hvs-consulting/ioc_signatures/tree/main/Proxyshell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxyshell.yar#L121-L146"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
-		logic_hash = "d08f4e196185fbecd193724449281d63250ff75346bc53f414f3fbfd9a3961c8"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxyshell.yar#L121-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
+		logic_hash = "46c37f1d80c777acafa6ee64d7df18a6b94768f4463d9196027111a84a63a24f"
 		score = 75
 		quality = 85
 		tags = "FILE"
@@ -264854,9 +265417,10 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Aug15 : FILE
 		$g8 = "eval/*" ascii
 		$s1 = "AppcacheVer" ascii
 		$s3 = "LaTkWfI64XeDAXZS6pU1KrsvLAcGH7AZOQXjrFkT816RnFYJQR" ascii
+		$fp1 = "<input type=\"submit\" Value=\"Refresh This Page\""
 
 	condition:
-		filesize < 1KB and ( 1 of ( $s* ) or 4 of ( $g* ) )
+		filesize < 1KB and ( 1 of ( $s* ) or 4 of ( $g* ) ) and not 1 of ( $fp* )
 }
 rule SIGNATURE_BASE_WEBSHELL_Mailbox_Export_PST_Proxyshell_Aug26 : FILE
 {
@@ -264865,10 +265429,10 @@ rule SIGNATURE_BASE_WEBSHELL_Mailbox_Export_PST_Proxyshell_Aug26 : FILE
 		author = "Moritz Oettle"
 		id = "6aea414f-d27c-5202-84f8-b8620782fc90"
 		date = "2021-09-04"
-		modified = "2025-09-05"
+		modified = "2025-11-03"
 		reference = "https://github.com/hvs-consulting/ioc_signatures/tree/main/Proxyshell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxyshell.yar#L148-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxyshell.yar#L154-L180"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "07acbf74a4bf169fc128cd085759f33e89917e217703b3c6557ba5f954822fd4"
 		score = 85
 		quality = 85
@@ -264897,10 +265461,10 @@ rule SIGNATURE_BASE_SUSP_IIS_Config_Proxyshell_Artifacts : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "bde65d9e-b17d-5746-8d29-8419363d0511"
 		date = "2021-08-25"
-		modified = "2025-09-05"
+		modified = "2025-11-03"
 		reference = "https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxyshell.yar#L180-L195"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxyshell.yar#L186-L201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f2822a2b762c8e683c5e3a3f4a8232faa187b9a36182ea71e5286158b0e8115c"
 		score = 70
 		quality = 85
@@ -264923,8 +265487,8 @@ rule SIGNATURE_BASE_SUSP_IIS_Config_Virtualdir : FILE
 		date = "2021-08-25"
 		modified = "2022-09-17"
 		reference = "https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxyshell.yar#L197-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxyshell.yar#L203-L223"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0b9be085957f368bc1890c42e3f1e8b974eed8c77ecb4d2ba6add4d877a9b488"
 		score = 60
 		quality = 85
@@ -264947,10 +265511,10 @@ rule SIGNATURE_BASE_SUSP_ASPX_Possibledropperartifact_Aug21 : FILE
 		author = "Max Altgelt"
 		id = "52016598-74a1-53d6-812a-40b078ba0bb9"
 		date = "2021-08-23"
-		modified = "2025-09-05"
+		modified = "2025-11-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxyshell.yar#L219-L249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxyshell.yar#L225-L255"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7e2fc61897ed859d5165aca7360d8a27891f842a7a8e4894af3926427ac95ceb"
 		score = 60
 		quality = 85
@@ -264970,10 +265534,10 @@ rule SIGNATURE_BASE_WEBSHELL_Proxyshell_Exploitation_Nov21_1
 		author = "Florian Roth (Nextron Systems)"
 		id = "300eaadf-db0c-5591-84fc-abdf7cdd90c1"
 		date = "2021-11-01"
-		modified = "2025-09-05"
+		modified = "2025-11-03"
 		reference = "https://www.deepinstinct.com/blog/do-not-exchange-it-has-a-shell-inside"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxyshell.yar#L251-L265"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxyshell.yar#L257-L271"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d9812d3f53c346c4e318609e0c7de66811b27ffa7528a6ddeb6ac8436da59ef5"
 		score = 85
 		quality = 85
@@ -264996,8 +265560,8 @@ rule SIGNATURE_BASE_No_Powershell : FILE
 		date = "2016-05-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/Ben0xA/nps"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_nopowershell.yar#L8-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_nopowershell.yar#L8-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9fba467cfbf8cad0c8e6cf1e1c7eacd8b0be869ebe6c5180f50f5cdefa8b5bb5"
 		score = 80
 		quality = 85
@@ -265021,8 +265585,8 @@ rule SIGNATURE_BASE_EXT_APT_Bitter_Win32K_0Day_Feb21 : FILE
 		date = "2021-01-01"
 		modified = "2023-12-05"
 		reference = "https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bitter.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bitter.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "84a8d0ae14469eb6431e73295d821609c7a8b313630d645085ffd8faff6e5e43"
 		score = 75
 		quality = 85
@@ -265050,8 +265614,8 @@ rule SIGNATURE_BASE_APT_RU_APT27_Hyperbro_Vftrace_Loader_Jan22_1 : FILE
 		date = "2022-01-14"
 		modified = "2023-12-05"
 		reference = "https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2022-01-bfv-cyber-brief.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt27_hyperbro.yar#L3-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt27_hyperbro.yar#L3-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d8785ea937891636bea5ed8128de44fa6084a1a48800c1586739c5ca9e4c43bd"
 		score = 75
 		quality = 85
@@ -265075,8 +265639,8 @@ rule SIGNATURE_BASE_APT_CN_APT27_Compromised_Certficate_Jan22_1
 		date = "2022-01-29"
 		modified = "2023-12-05"
 		reference = "https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2022-01-bfv-cyber-brief.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt27_hyperbro.yar#L21-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt27_hyperbro.yar#L21-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "94a40d55936fc341eaba5e1accc8bfe3a401114298e7a3cc4d5c64af36eadf9e"
 		score = 80
 		quality = 85
@@ -265094,8 +265658,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Decrypted_Stage2 : FILE
 		date = "2022-02-07"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt27_hyperbro.yar#L35-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt27_hyperbro.yar#L35-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6eb56c4a92e89977e536ccc3c70170062aca072c6981b40aeea184ea2ca461a6"
 		score = 75
 		quality = 85
@@ -265123,8 +265687,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Stage3 : FILE
 		date = "2022-02-07"
 		modified = "2023-01-07"
 		reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt27_hyperbro.yar#L59-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt27_hyperbro.yar#L59-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "49c1e70d63d93244b4b44525f2b30c05512b5f3a30d6d7c43c9366a95c84e79b"
 		score = 50
 		quality = 85
@@ -265155,8 +265719,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Stage3_C2
 		date = "2022-02-07"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt27_hyperbro.yar#L86-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt27_hyperbro.yar#L86-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "676df1eaa782c6b876df138a0ddddc3c63e277b84d4414b044314ee219674420"
 		score = 50
 		quality = 81
@@ -265179,8 +265743,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Stage3_Persistence
 		date = "2022-02-07"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt27_hyperbro.yar#L103-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt27_hyperbro.yar#L103-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "db4b7be2bafe29b5e7c81a90e17a660cf73cff1c2e8edd04a9421daba09e3e0e"
 		score = 75
 		quality = 85
@@ -265203,8 +265767,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Encrypted_Stage2 : FILE
 		date = "2022-02-07"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt27_hyperbro.yar#L120-L389"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt27_hyperbro.yar#L120-L389"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c3b07bdb19730fc9c8cca8aa7581a32eb80e3dbc5c4d366fbb2f9966081c1a21"
 		score = 75
 		quality = 60
@@ -265481,8 +266045,8 @@ rule SIGNATURE_BASE_TA17_293A_Malware_1
 		date = "2017-07-17"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_293A.yar#L14-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_293A.yar#L14-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "408297496dfb1cc28e1caa7faaf8537b7970bb1742e1b373175f8273fe11f19d"
 		score = 50
 		quality = 75
@@ -265536,11 +266100,11 @@ rule SIGNATURE_BASE_TA17_293A_Energetic_Bear_Api_Hashing_Tool : FILE
 		description = "Energetic Bear API Hashing Tool"
 		author = "CERT RE Team"
 		id = "4e58800a-9618-5d8b-954c-e843be6002c2"
-		date = "2025-02-02"
+		date = "2025-02-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_293A.yar#L77-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_293A.yar#L77-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5f8a770c727cdd2d32d7cd1ad45ee8b37f7fc63c9e7f4311d318eb15d9050909"
 		score = 75
 		quality = 85
@@ -265566,8 +266130,8 @@ rule SIGNATURE_BASE_TA17_293A_Query_XML_Code_MAL_DOC_PT_2 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_293A.yar#L95-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_293A.yar#L95-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8d4c1b23aa8323fa9ddec362bb36e13e5f992883fbf7936b34cf03fe62ee6127"
 		score = 75
 		quality = 85
@@ -265590,8 +266154,8 @@ rule SIGNATURE_BASE_TA17_293A_Query_XML_Code_MAL_DOC : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_293A.yar#L108-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_293A.yar#L108-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fb3a84b66554e6c286ba64046d9b18a819f81108ee965862f288637ccee816d2"
 		score = 75
 		quality = 85
@@ -265615,8 +266179,8 @@ rule SIGNATURE_BASE_TA17_293A_Query_Javascript_Decode_Function : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_293A.yar#L122-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_293A.yar#L122-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8b42c67bdcdbb7c38128d8956904baa524d155b1e6957c5c1b5bc28fd8a57e8a"
 		score = 75
 		quality = 83
@@ -265641,8 +266205,8 @@ rule SIGNATURE_BASE_TA17_293A_Hacktool_PS_1 : FILE
 		date = "2017-10-21"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_293A.yar#L152-L166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_293A.yar#L152-L166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a59834684cc1e7a34eeb8fb7f6cd1c414d6eab3ae58c6df763b2ec548705b371"
 		score = 75
 		quality = 85
@@ -265666,8 +266230,8 @@ rule SIGNATURE_BASE_TA17_293A_Hacktool_Touch_MAC_Modification : FILE
 		date = "2017-10-21"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_293A.yar#L168-L184"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_293A.yar#L168-L184"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5f4c6b653d1b6f4427c6582513d3c19cb8d580e669260a1afda01eecf8ce3bfc"
 		score = 75
 		quality = 85
@@ -265693,8 +266257,8 @@ rule SIGNATURE_BASE_TA17_293A_Hacktool_Exploit_MS16_032 : FILE
 		date = "2017-10-21"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_293A.yar#L186-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_293A.yar#L186-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0f0bd4f8ae1e9689f111233ca8fdb9a9b6c20e526f22350c8204f64a54639dcd"
 		score = 75
 		quality = 85
@@ -265721,8 +266285,8 @@ rule SIGNATURE_BASE_Imphash_UPX_Packed_Malware_1_TA17_293A : FILE
 		date = "2017-10-21"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_293A.yar#L206-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_293A.yar#L206-L217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "398ccbd5e492fb1efa80dc07900ef77611c4b5bab95f715fce7b5dbeb0aff49d"
 		score = 75
 		quality = 85
@@ -265743,8 +266307,8 @@ rule SIGNATURE_BASE_Imphash_Malware_2_TA17_293A : HIGHVOL FILE
 		date = "2017-10-21"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_293A.yar#L219-L229"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_293A.yar#L219-L229"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5f91c07a9cc65c31eb9fd09bdd2752bc285c5a4b118ffe647391f7d187765de4"
 		score = 75
 		quality = 85
@@ -265763,8 +266327,8 @@ rule SIGNATURE_BASE_Cobaltstrike_C2_Host_Indicator : FILE
 		date = "2019-08-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cobaltstrike_evasive.yar#L1-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cobaltstrike_evasive.yar#L1-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4761e282e9473ba665a597894ed514d057309703a7d5b4e462ef0e779bbb8c39"
 		score = 60
 		quality = 65
@@ -265786,8 +266350,8 @@ rule SIGNATURE_BASE_Cobaltstrike_Sleep_Decoder_Indicator
 		date = "2021-07-19"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cobaltstrike_evasive.yar#L16-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cobaltstrike_evasive.yar#L16-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f3243c326df18edbd15c2d9120379588e61709efb9295b9584c0565c04ee38a5"
 		score = 75
 		quality = 85
@@ -265808,8 +266372,8 @@ rule SIGNATURE_BASE_Cobaltstrike_C2_Encoded_XOR_Config_Indicator
 		date = "2021-07-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cobaltstrike_evasive.yar#L28-L295"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cobaltstrike_evasive.yar#L28-L295"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6b25ee9064e925c183ef7599c95ecffce48c7f96eea714fa5f6441b21716277e"
 		score = 75
 		quality = 60
@@ -266086,8 +266650,8 @@ rule SIGNATURE_BASE_Cobaltstrike_MZ_Launcher
 		date = "2021-07-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cobaltstrike_evasive.yar#L297-L307"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cobaltstrike_evasive.yar#L297-L307"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aa188546db138dffdcdbf6538367b5d5bc37638a2784b24b7fcd913c15e56072"
 		score = 75
 		quality = 85
@@ -266108,8 +266672,8 @@ rule SIGNATURE_BASE_Cobaltstrike_Unmodifed_Beacon
 		date = "2019-08-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cobaltstrike_evasive.yar#L309-L320"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cobaltstrike_evasive.yar#L309-L320"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "10114a431fb70be8e18e67b22aa76bf2c0536f07d373f717c1dc51755e0847c9"
 		score = 75
 		quality = 85
@@ -266132,8 +266696,8 @@ rule SIGNATURE_BASE_SUSP_Xored_Mozilla_Oct19
 		modified = "2023-11-03"
 		old_rule_name = "SUSP_XORed_Mozilla"
 		reference = "https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_xor_hunting.yar#L2-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_xor_hunting.yar#L2-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e1b5c7a0adb4dc65cdf0a653255ac865a0ecebbf1ff08b7fc46d510d5e8aa6c9"
 		score = 60
 		quality = 85
@@ -266158,8 +266722,8 @@ rule SIGNATURE_BASE_SUSP_Xored_MSDOS_Stub_Message : FILE
 		date = "2019-10-28"
 		modified = "2023-10-11"
 		reference = "https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_xor_hunting.yar#L27-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_xor_hunting.yar#L27-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b6d7d7242511d2c26122fe2b880cfe39facb5f68ae45e19c1558163f0427c304"
 		score = 55
 		quality = 85
@@ -266192,8 +266756,8 @@ rule SIGNATURE_BASE_SNOWGLOBE_Babar_Malware : FILE
 		date = "2015-02-18"
 		modified = "2023-12-05"
 		reference = "http://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_snowglobe_babar.yar#L4-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_snowglobe_babar.yar#L4-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "27a0a98053f3eed82a51cdefbdfec7bb948e1f36"
 		logic_hash = "a93425a95efe471b815e2daf0b5e290b3472b722c6a48f8c22f0a6e9c588ffc9"
 		score = 80
@@ -266229,8 +266793,8 @@ rule SIGNATURE_BASE_Bluenoroffpos_DLL
 		date = "2018-06-07"
 		modified = "2023-12-05"
 		reference = "http://blog.trex.re.kr/3?category=737685"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_bluenoroff_pos.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_bluenoroff_pos.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "39f23045b3e5ef60c199091b7f01ac2a3a31bcb95219aebb9a4cfd0764886f19"
 		score = 75
 		quality = 73
@@ -266258,8 +266822,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Lnkfileoverrfc : FILE
 		date = "2018-09-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_lnk_files.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_lnk_files.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "52ff949a17039c1fa5707ff503aa1a96b3925bdfef01867c9b59a8d72493a84e"
 		score = 65
 		quality = 85
@@ -266283,8 +266847,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Suspiciouscommands : FILE
 		date = "2018-09-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_lnk_files.yar#L20-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_lnk_files.yar#L20-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a0380927ebc89e46f9138e01f154113c5e23680cea9b117b47406003ea565c1e"
 		score = 60
 		quality = 81
@@ -266324,8 +266888,8 @@ rule SIGNATURE_BASE_SUSP_DOC_LNK_In_ZIP : FILE
 		date = "2019-07-02"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/RedDrip7/status/1145877272945025029"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_lnk_files.yar#L53-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_lnk_files.yar#L53-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ef4cdaad05af12f210aa6324a1e34a42843f814c59fb0085ac18370917ad4866"
 		score = 50
 		quality = 85
@@ -266347,8 +266911,8 @@ rule SIGNATURE_BASE_Hunting_Rule_Shikataganai
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/10/shikata-ga-nai-encoder-still-going-strong.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_shikataganai.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_shikataganai.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "733522cb1d61f4bbb300d73ff21d9d7d10a78aae06e03408fce4b88e4c51f662"
 		score = 50
 		quality = 85
@@ -266381,8 +266945,8 @@ rule SIGNATURE_BASE_WEBSHELL_Csharp_Hash_String_Oct22 : FILE
 		date = "2022-10-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshell_csharp.yar#L2-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshell_csharp.yar#L2-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "29c187ad46d3059dc25d5f0958e0e8789fb2a51b9daaf90ea27f001b1a9a603c"
 		logic_hash = "28a07f3dd17fc469388867fa82a0e21abeee9c4e114af245b684535e4e194891"
 		score = 60
@@ -266411,8 +266975,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php5 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L8-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L8-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0fd91b6ad400a857a6a65c8132c39e6a16712f19"
 		logic_hash = "e882f115a67fe31ece1a81e1a2770b46370a92ac3aa23e348a12cdb5735e8a0e"
 		score = 70
@@ -266436,8 +267000,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Test3693 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L25-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L25-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "246d629ae3ad980b5bfe7e941fe90b855155dbfc"
 		logic_hash = "a10618d54fb7adbbd89a10f2e1ac067ccd1832140bcaf3b92394ebe7323f2d1e"
 		score = 70
@@ -266461,8 +267025,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Mycode12 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L42-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L42-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "64be8760be5ab5c2dcf829e3f87d3e50b1922f17"
 		logic_hash = "94cb0e414634af753db9ec0c63a3a34b4f9104e93e01d67cebab7b3a0c471198"
 		score = 70
@@ -266486,8 +267050,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Offlibrary : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L59-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L59-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "eb5275f99211106ae10a23b7e565d208a94c402b"
 		logic_hash = "ffec24bedfe0794e8f92da5067c41932339e61ec23d71a67ed4b634434cd10d6"
 		score = 70
@@ -266511,8 +267075,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Cfm_Xl : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L76-L91"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L76-L91"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "49c3d16ee970945367a7d6ae86b7ade7cb3b5447"
 		logic_hash = "b6683a24ad58a9444ec91f13e7da5db3e3e768afded09a23e1bbd0a0c23cf6b9"
 		score = 70
@@ -266536,8 +267100,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Linux : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L93-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L93-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "78339abb4e2bb00fe8a012a0a5b7ffce305f4e06"
 		logic_hash = "2c6278acd123e0d41ed4f0f8f0da27d5de1ad56efb8102c9eae442838a0416d0"
 		score = 70
@@ -266561,8 +267125,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Interception3389_Get : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L110-L126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L110-L126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ceb6306f6379c2c1634b5058e1894b43abcf0296"
 		logic_hash = "649e611c9d8948e60811af4209d737b3e797e6b42beba42439541ae543b062d6"
 		score = 70
@@ -266587,8 +267151,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Nc_1 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L128-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L128-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "51d83961171db000fe4476f36d703ef3de409676"
 		logic_hash = "80ea8f16d943a3775fe9999131272af9e7f1af60d413109e58ecdef036484760"
 		score = 70
@@ -266612,8 +267176,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Blacksky : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L145-L160"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L145-L160"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a60a599c6c8b6a6c0d9da93201d116af257636d7"
 		logic_hash = "3b92f63f536361d8ba0cde853fb546f271abdec3a7c1d44688a42610f5f90c57"
 		score = 70
@@ -266637,8 +267201,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp3 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L162-L177"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L162-L177"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "87c5a76989bf08da5562e0b75c196dcb3087a27b"
 		logic_hash = "e5f30a445be30c491e669c633bf2df08cbfb1017ecfc91f9ed83275550488304"
 		score = 70
@@ -266662,8 +267226,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Sniff : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L179-L194"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L179-L194"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e246256696be90189e6d50a4ebc880e6d9e28dfd"
 		logic_hash = "198442e75422055e7d65c5d1aef55819036a99077aa79dbd5006ba97c4fe4af8"
 		score = 70
@@ -266687,8 +267251,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Udf_Udf : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L196-L211"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L196-L211"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "df63372ccab190f2f1d852f709f6b97a8d9d22b9"
 		logic_hash = "c7db32b5e66601e0b8322ac67b6b9ba8d6222891ed01db557bfac9985140421a"
 		score = 70
@@ -266712,8 +267276,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_JSP_Jsp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L213-L228"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L213-L228"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c58fed3d3d1e82e5591509b04ed09cb3675dc33a"
 		logic_hash = "089e1a553900d149a4087ac81254295d74de15d9baaf73e60ce4f061e450e8c7"
 		score = 70
@@ -266737,8 +267301,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_T00Ls_Lpk_Sethc_V4_Mail : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L230-L245"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L230-L245"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0a9b7b438591ee78ee573028cbb805a9dbb9da96"
 		logic_hash = "b835a6d0c736116e0a8b277dadbf25c2ac333b0d7937a6f67ed59887c610a57a"
 		score = 70
@@ -266762,8 +267326,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Phpwebbackup : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L247-L262"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L247-L262"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c788cb280b7ad0429313837082fe84e9a49efab6"
 		logic_hash = "45452fc415fbafe170a1b1f5a58df40f0ec65a9a6678e675b40a8c54e2d8bd6c"
 		score = 70
@@ -266787,8 +267351,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Dz_Phpcms_Phpbb : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L264-L281"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L264-L281"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "33f23c41df452f8ca2768545ac6e740f30c44d1f"
 		logic_hash = "1455df58f51c3ae7558b89c940d97ea5870f261217b2a09727bb6678bcbd5500"
 		score = 70
@@ -266814,8 +267378,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Picloaked_1 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L283-L299"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L283-L299"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3eab1798cbc9ab3b2c67d3da7b418d07e775db70"
 		logic_hash = "a816ac9e98b7c5208f075ffcb9a6525016d6a5c468005d78ecab90d651423705"
 		score = 70
@@ -266840,8 +267404,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Assembly : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L301-L315"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L301-L315"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2bcb4d22758b20df6b9135d3fb3c8f35a9d9028e"
 		logic_hash = "34dc47b2f91a15a62175f3cab88d5ff24d2a3aa62f74fb9e43a4aaae96ced999"
 		score = 70
@@ -266864,8 +267428,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php8 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L317-L334"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L317-L334"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b7b49f1d6645865691eccd025e140c521ff01cce"
 		logic_hash = "435ceb72c082f702284c464979a907a59a42bb4aa07311f9b2da1a9831efac11"
 		score = 70
@@ -266891,8 +267455,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Tuoku_Script_Xx : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L336-L352"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L336-L352"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2f39f1d9846ae72fc673f9166536dc21d8f396aa"
 		logic_hash = "67c542f172fd1b97fbee4697fd42bab9486e3d779ce62993617e5a5205bd75d4"
 		score = 70
@@ -266917,8 +267481,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_JSPMSSQL : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L354-L369"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L354-L369"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c6b4faecd743d151fe0a4634e37c9a5f6533655f"
 		logic_hash = "c08e69345cb09e41840a81dcd8a015f9e1be93d570b64c310be74631e5314e2f"
 		score = 70
@@ -266942,8 +267506,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Injection_Transit_Jmpost : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L371-L386"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L371-L386"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f80ec26bbdc803786925e8e0450ad7146b2478ff"
 		logic_hash = "6c7f52cf7ff6df9867ea2c46cd8f40ef0e077d4e1d9033cde0649a209bffe21b"
 		score = 70
@@ -266967,8 +267531,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Web_Asp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L388-L403"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L388-L403"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "aebf6530e89af2ad332062c6aae4a8ca91517c76"
 		logic_hash = "5d2d7e6b9340ee4fd845ff05c99526c919214974b1a0def66492fe3cd4a75fe9"
 		score = 70
@@ -266992,8 +267556,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Wshell_Asp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L405-L421"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L405-L421"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4a0afdf5a45a759c14e99eb5315964368ca53e9c"
 		logic_hash = "f3c4af85e4798d3a809d8edd9cc46d1df44453f14ed050b002fe789da4d6096f"
 		score = 70
@@ -267018,8 +267582,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp404 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L423-L439"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L423-L439"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bed51971288aeabba6dabbfb80d2843ec0c4ebf6"
 		logic_hash = "c84be2e561a08317be11cdb0fe103f8ad182a64d8cd1bf987163ebbeabe20f00"
 		score = 70
@@ -267044,8 +267608,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_Asp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L441-L457"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L441-L457"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cee91cd462a459d31a95ac08fe80c70d2f9c1611"
 		logic_hash = "c98c3f4db5ea812827b6108ef88b57116621142202248f4f26f0c71bd76e33ec"
 		score = 70
@@ -267070,8 +267634,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Cfm_List : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L459-L474"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L459-L474"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "85d445b13d2aef1df3b264c9b66d73f0ff345cec"
 		logic_hash = "41c7c5ba6187a8871dec83bcd859b9377813d60cea8ef2b4ad390c67de04e010"
 		score = 70
@@ -267095,8 +267659,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L476-L491"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L476-L491"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bf12e1d741075cd1bd324a143ec26c732a241dea"
 		logic_hash = "707e2795d82636fbbc4d9f5324e509a526f77f9ead8f3c4d59dd0e95bc94f11e"
 		score = 70
@@ -267120,8 +267684,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Tuoku_Script_Oracle : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L493-L509"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L493-L509"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fc7043aaac0ee2d860d11f18ddfffbede9d07957"
 		logic_hash = "3ad4207e426ed2f9df0e0bac0e906af437b0774ba2ebb541afbe7e29b395ad63"
 		score = 70
@@ -267146,8 +267710,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Aspx4 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L511-L527"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L511-L527"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "200a8f15ffb6e3af31d28c55588003b5025497eb"
 		logic_hash = "0aab8e327b4477cb0b8cd5d4b1e4b52c160180656dad57b0498654da1c8d7a29"
 		score = 70
@@ -267172,8 +267736,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Aspx : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L529-L546"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L529-L546"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8378619b2a7d446477946eabaa1e6744dec651c1"
 		logic_hash = "b59684633fd72bd1804a96850a8b358db98c169415b6e65fe3ecfb4d9fde72d0"
 		score = 70
@@ -267199,8 +267763,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Su7_X_9_X : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L548-L563"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L548-L563"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "808396b51023cc8356f8049cfe279b349ca08f1a"
 		logic_hash = "2d2398cf0f9e253eea343d39b6555f2633f92f627f1c93cc28123d5a7f3d1bf1"
 		score = 70
@@ -267224,8 +267788,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Cfmshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L565-L580"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L565-L580"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "740796909b5d011128b6c54954788d14faea9117"
 		logic_hash = "0767012ec8fd4a18a64eca04d459efb55fafd29ed052dab8a0eb1b8f4ce7aa66"
 		score = 70
@@ -267249,8 +267813,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp4 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L582-L598"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L582-L598"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4005b83ced1c032dc657283341617c410bc007b8"
 		logic_hash = "ae02d1efc975a8592a00cbab823355fb778fbb589f5752dd913aa432b316c3a4"
 		score = 70
@@ -267275,8 +267839,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_2_Admin_By_Lake2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L600-L617"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L600-L617"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cb8039f213e611ab2687edd23e63956c55f30578"
 		logic_hash = "a67c08b3a4bed2385d2fa8c007615bfb37a2d739cc13ee2e0f5eda00536b6ea8"
 		score = 70
@@ -267302,8 +267866,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php3 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L619-L634"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L619-L634"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e2924cb0537f4cdfd6f1bd44caaaf68a73419b9d"
 		logic_hash = "ba3892feacbbe3d7c6b6308a22ca22b19ae84b6490df2c976852260da2a96ca1"
 		score = 70
@@ -267327,8 +267891,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_By_Goldsun : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L636-L653"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L636-L653"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d4d7a632af65a961a1dbd0cff80d5a5c2b397e8c"
 		logic_hash = "962b2e75c03f716fc039cf26aa238e9a3faf5a7ea8fb3d4da556fa601790055a"
 		score = 70
@@ -267354,8 +267918,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php10 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L655-L670"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L655-L670"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3698c566a0ae07234c8957112cdb34b79362b494"
 		logic_hash = "76bb2dfd518173f031cc3c93b2098edaef4aca09f0dd8228223257b0b7df452b"
 		score = 70
@@ -267379,8 +267943,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_Servu : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L671-L686"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L671-L686"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7de701b86820096e486e64ca34f1fa9f2fbba641"
 		logic_hash = "d3956b6daa0649233372aea4176e0d43c44d866146884222f92b7efe01f288bb"
 		score = 70
@@ -267404,8 +267968,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Portrecall_Jsp2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L688-L704"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L688-L704"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "412ed15eb0d24298ba41731502018800ffc24bfc"
 		logic_hash = "1ec77a1b0d30cdebce1b5b07445247016230b733a594d8d1de642c2c8af63031"
 		score = 70
@@ -267430,8 +267994,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Aspx2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L706-L723"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L706-L723"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "95db7a60f4a9245ffd04c4d9724c2745da55e9fd"
 		logic_hash = "7af90992bc3f708d877dcd5841c0d132793e41a0796607907084516d955b3ae0"
 		score = 70
@@ -267457,8 +268021,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Hy2006A : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L725-L740"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L725-L740"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "20da92b2075e6d96636f883dcdd3db4a38c01090"
 		logic_hash = "a24bf11a2728bb8d18ea005b057648770956694e0b257d4464ad15ee3e24eda2"
 		score = 70
@@ -267482,8 +268046,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php1 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L742-L758"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L742-L758"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c2f4b150f53c78777928921b3a985ec678bfae32"
 		logic_hash = "aadf47ac6231b41e720efdd85c481ebac8fccb572e57b86b27a95dd367c0d81b"
 		score = 70
@@ -267508,8 +268072,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Jspshell2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L760-L775"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L760-L775"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cc7bc1460416663012fc93d52e2078c0a277ff79"
 		logic_hash = "3a60991fa557655fbd2450739976ac612a0ea2a3df22873382b05438cac12762"
 		score = 70
@@ -267533,8 +268097,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Tuoku_Script_Mysql : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L777-L791"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L777-L791"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8e242c40aabba48687cfb135b51848af4f2d389d"
 		logic_hash = "bde2ea1ccfc88138456a1b255a32a7323f5ef0f677499db6dc6670987cc37585"
 		score = 70
@@ -267558,8 +268122,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php9 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L793-L807"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L793-L807"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cd3962b1dba9f1b389212e38857568b69ca76725"
 		logic_hash = "bea117862ebc9220a4d9aee091c808274f9907fceb83b528055998ddcc90aa5f"
 		score = 70
@@ -267582,8 +268146,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Portrecall_Jsp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L809-L823"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L809-L823"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "65e8e4d13ad257c820cad12eef853c6d0134fce8"
 		logic_hash = "98f279c3e50308f67f88ecf8459943187ea152664fe0206c4a7d3435242df2a6"
 		score = 70
@@ -267606,8 +268170,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Aspx3 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L825-L840"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L825-L840"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dd61481771f67d9593214e605e63b62d5400c72f"
 		logic_hash = "11bf511ee70ff4bde0a9320cb80dd9efa0f437d432c78a859153cfcc8e80db01"
 		score = 70
@@ -267631,8 +268195,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Shell_Shell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L842-L857"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L842-L857"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1816006827d16ed73cefdd2f11bd4c47c8af43e4"
 		logic_hash = "ac22d89353b4316289bf6c6e13332ac401f4b57f6c29b71861cb48359c1e55f9"
 		score = 70
@@ -267656,8 +268220,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell__Php1_Php7_Php9 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L859-L878"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L859-L878"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6ea5b362f8d8f2e99725d4dd4d2ada5c3939a45a3dde0084571600452ab4673c"
 		score = 70
 		quality = 85
@@ -267685,8 +268249,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell__Serv_U_By_Goldsun_Asp3_Serv_U_Asp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L880-L899"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L880-L899"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b733e80f234a85a4f65eedd94f535860b4da464adb80a91afc547a8d96b5dc7a"
 		score = 70
 		quality = 85
@@ -267714,8 +268278,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell__Asp4_Asp4_MSSQL__MSSQL_ : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L901-L921"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L901-L921"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a8ec5ad87c83c16f47391c3ce08cee74c6be1e42c288eec6d1559867d28489c6"
 		score = 70
 		quality = 85
@@ -267744,8 +268308,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell__Injection_Jmcook_Jmpost_Manualinjection
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L923-L942"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L923-L942"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0f3a4f81326154a6a6ac448d18be29ad534917bc39aba26cc458f06b43001681"
 		score = 70
 		quality = 85
@@ -267773,8 +268337,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Cmfshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L944-L959"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L944-L959"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b9b2107c946431e4ad1a8f5e53ac05e132935c0e"
 		logic_hash = "f138a82c2d6a831626fe200308eb89cb50ffeec2f2722599eb4ccbd082bad73d"
 		score = 70
@@ -267798,8 +268362,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php4 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L961-L975"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L961-L975"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "179975f632baff6ee4d674fe3fabc324724fee9e"
 		logic_hash = "e625b6d1fd2c1e62306ccae2775ee7b53ddcdd7a6baef55b386dfcd92dc2e764"
 		score = 70
@@ -267822,8 +268386,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Linux_2_6_Exploit : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L977-L991"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L977-L991"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ec22fac0510d0dc2c29d56c55ff7135239b0aeee"
 		logic_hash = "7f3e2937796358a949ce980210ddeb1a606a7b9c2b4d9c4a4acad49bb556dfc8"
 		score = 70
@@ -267846,8 +268410,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L993-L1009"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L993-L1009"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b3ac478e72a0457798a3532f6799adeaf4a7fc87"
 		logic_hash = "6107afe9895c4e0c865e78bece160246815a0d3c589bfc79f8b369b94481cd89"
 		score = 70
@@ -267872,8 +268436,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_FTP_MYSQL_MSSQL_SSH : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L1011-L1029"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L1011-L1029"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fe63b215473584564ef2e08651c77f764999e8ac"
 		logic_hash = "a66884c71ce0cce05ba6607bf66dc55bfae5393746328c06f5c9ca98005d0caf"
 		score = 70
@@ -267900,8 +268464,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Shell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L1031-L1047"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L1031-L1047"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b7b34215c2293ace70fc06cbb9ce73743e867289"
 		logic_hash = "be3961d6568acfaadfa09efda2f914259a59f4e30725c7d434e89f6020e40515"
 		score = 70
@@ -267926,8 +268490,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L1049-L1064"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L1049-L1064"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "05a3f93dbb6c3705fd5151b6ffb64b53bc555575"
 		logic_hash = "70804d914c6f31422632943bf663f997eb747a290a13b27bfcc66bc3129f136d"
 		score = 70
@@ -267951,8 +268515,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Rootkit : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L1066-L1081"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L1066-L1081"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3bfc1c95782e702cf56184e7d438edcf5802eab3"
 		logic_hash = "5569a179f011ece9802676542d5556fe8d2a2b144e26065b9e0c5bd06c970201"
 		score = 70
@@ -267976,8 +268540,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Jspshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L1083-L1098"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L1083-L1098"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d16af622f7688d4e0856a2678c4064d3d120e14b"
 		logic_hash = "9b952f941eb87d7a1b4f747f4e0b0b5ee8876190c6f684b811057a2c78044047"
 		score = 70
@@ -268001,8 +268565,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_Serv_U : FILE
 		date = "2015-06-23"
 		modified = "2023-01-27"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L1100-L1117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L1100-L1117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1c6415a247c08a63e3359b06575b36017befc0c0"
 		logic_hash = "89cfcbaa38c3b0b6c31af634b4588dcc8bc7a5aa3edac955a162173341d03622"
 		score = 70
@@ -268027,8 +268591,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Webshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L1119-L1135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L1119-L1135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7ef773df7a2f221468cc8f7683e1ace6b1e8139a"
 		logic_hash = "7d80390a86b1858d2cf4f2be56df7e734aea402de0878adf40ef36721719ca74"
 		score = 70
@@ -268053,8 +268617,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Tuoku_Script_Mssql_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L1137-L1153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L1137-L1153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ad55512afa109b205e4b1b7968a89df0cf781dc9"
 		logic_hash = "1d4b75eeeddda6e92b8ec38679d5e2b9d21abf2d2b467b91a066dcf628725f0a"
 		score = 70
@@ -268079,8 +268643,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp1 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_webshells.yar#L1155-L1171"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_webshells.yar#L1155-L1171"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "78b5889b363043ed8a60bed939744b4b19503552"
 		logic_hash = "3b454b1254d05b2208aee02e966c9c56a338dd3d33a2c6acc2c4df3208314055"
 		score = 70
@@ -268105,8 +268669,8 @@ rule SIGNATURE_BASE_Worddoc_Powershell_Urldownloadtofile : FILE
 		date = "2017-02-23"
 		modified = "2024-04-03"
 		reference = "https://www.arbornetworks.com/blog/asert/additional-insights-shamoon2/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_susp.yar#L10-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_susp.yar#L10-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e4ea4e6092011bccfc5132186b910075361f4f77f01ae00c51c486d77a996775"
 		score = 75
 		quality = 85
@@ -268135,8 +268699,8 @@ rule SIGNATURE_BASE_Suspicious_Powershell_Code_1 : FILE
 		date = "2017-02-22"
 		modified = "2024-04-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_susp.yar#L32-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_susp.yar#L32-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0a254e0e4f0fdaa5907f5fe0b0c3d5226e2fdac4072349019abc2b2b11cbde30"
 		score = 60
 		quality = 58
@@ -268163,8 +268727,8 @@ rule SIGNATURE_BASE_Suspicious_Powershell_Webdownload_1 : HIGHVOL FILE
 		date = "2017-02-22"
 		modified = "2024-04-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_susp.yar#L52-L91"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_susp.yar#L52-L91"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "56ad9c71c34956e94325452d829627a30b1499552725232a07100f05a050ef1b"
 		score = 60
 		quality = 85
@@ -268209,8 +268773,8 @@ rule SIGNATURE_BASE_Powershell_In_Word_Doc : FILE
 		date = "2017-06-27"
 		modified = "2024-04-03"
 		reference = "Internal Research - ME"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_susp.yar#L104-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_susp.yar#L104-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6a9b295f1c430c285aedc5e6df268ea2023c8bdaccd04cf8a5d021419cd6bd64"
 		score = 50
 		quality = 83
@@ -268234,8 +268798,8 @@ rule SIGNATURE_BASE_Susp_Powershell_Sep17_1 : FILE
 		date = "2017-09-30"
 		modified = "2024-04-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_susp.yar#L131-L148"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_susp.yar#L131-L148"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6c8a1e72b2c4685a5a5749d86901b123976092aee373412bf04c62aa32145be8"
 		score = 60
 		quality = 85
@@ -268260,8 +268824,8 @@ rule SIGNATURE_BASE_Susp_Powershell_Sep17_2 : FILE
 		date = "2017-09-30"
 		modified = "2024-04-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_susp.yar#L150-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_susp.yar#L150-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0819f57afb6d1d878e4db4079bfd43ccac520829c877de04d16d8bd048a35ab5"
 		score = 65
 		quality = 85
@@ -268287,8 +268851,8 @@ rule SIGNATURE_BASE_Wscript_Shell_Powershell_Combo : FILE
 		date = "2018-02-07"
 		modified = "2024-04-03"
 		reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_susp.yar#L172-L193"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_susp.yar#L172-L193"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0ab5808593c999c1ce342051a8e292153aa20516cf48071565d677399adfb160"
 		score = 50
 		quality = 85
@@ -268315,8 +268879,8 @@ rule SIGNATURE_BASE_SUSP_Powershell_String_K32_Remprocess : FILE
 		date = "2018-03-31"
 		modified = "2024-04-03"
 		reference = "https://github.com/nccgroup/redsnarf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_susp.yar#L195-L215"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_susp.yar#L195-L215"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "03c80de8e59e640709c4ee1912dc47c398e265f9b88845a6de88031e2eb46ba3"
 		score = 65
 		quality = 85
@@ -268346,8 +268910,8 @@ rule SIGNATURE_BASE_Powershell_JAB_B64 : FILE
 		date = "2018-04-02"
 		modified = "2024-04-03"
 		reference = "https://twitter.com/ItsReallyNick/status/980915287922040832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_susp.yar#L217-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_susp.yar#L217-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4746a73774f945e63455ca7dd58ef67290f7c66d2dca80d06d52d2545c69a190"
 		score = 60
 		quality = 83
@@ -268370,8 +268934,8 @@ rule SIGNATURE_BASE_SUSP_PS1_Frombase64String_Content_Indicator : FILE
 		date = "2020-01-25"
 		modified = "2024-04-03"
 		reference = "https://gist.github.com/Neo23x0/6af876ee72b51676c82a2db8d2cd3639"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_susp.yar#L233-L284"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_susp.yar#L233-L284"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a9ec7a00e9faee5cc081a2bc86abf8027fcd3cfe590cdd4f2f99425b6723f23f"
 		score = 65
 		quality = 83
@@ -268432,8 +268996,8 @@ rule SIGNATURE_BASE_Elise_Jan18_1 : FILE
 		date = "2018-01-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/blu3_team/status/955971742329135105"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lotusblossom_elise.yar#L13-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lotusblossom_elise.yar#L13-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d43486db0d4263f91924da89f1922ad965ed91eadd07ae0705eecd371f31fa44"
 		score = 75
 		quality = 85
@@ -268458,8 +269022,8 @@ rule SIGNATURE_BASE_Upatre_Hazgurut : FILE
 		date = "2015-10-13"
 		modified = "2023-12-05"
 		reference = "https://weankor.vxstream-sandbox.com/sample/6b857ef314938d37997c178ea50687a281d8ff9925f0c4e70940754643e2c0e3?environmentId=7"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_upatre_oct15.yar#L8-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_upatre_oct15.yar#L8-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "41dd2f615d1c75ef81073d26bfbdb4f5c6735d9a3ff6d543ca77d6e16fe7eb5b"
 		score = 70
 		quality = 85
@@ -268502,8 +269066,8 @@ rule SIGNATURE_BASE_Cloudduke_Malware : FILE
 		date = "2015-07-22"
 		modified = "2023-12-05"
 		reference = "https://www.f-secure.com/weblog/archives/00002822.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cloudduke.yar#L10-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cloudduke.yar#L10-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eaa159a99b6518db736adfd555bfcd052c2ae21b2e60a1db80b90459c47c90ab"
 		score = 60
 		quality = 85
@@ -268539,8 +269103,8 @@ rule SIGNATURE_BASE_SFXRAR_Acrotray : FILE
 		date = "2015-07-22"
 		modified = "2023-12-05"
 		reference = "https://www.f-secure.com/weblog/archives/00002822.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cloudduke.yar#L42-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cloudduke.yar#L42-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3b318ab2854eb7614dd1a42d3971a96d1d485d5cce552336ad3a7f39886ba710"
 		score = 70
 		quality = 85
@@ -268568,8 +269132,8 @@ rule SIGNATURE_BASE_CN_Honker_Mafix_Root : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L8-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L8-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "826778ef9c22177d41698b467586604e001fed19"
 		logic_hash = "db54561ba4b9c1bd4d9b183658b98f6fd3165b05c8d6d7f006ae3b5fc96ba549"
 		score = 70
@@ -268594,8 +269158,8 @@ rule SIGNATURE_BASE_CN_Honker_Passwd_Dict_3389 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L26-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L26-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2897e909e48a9f56ce762244c3a3e9319e12362f"
 		logic_hash = "2be79fc7388ca12f06577e689944bcfa72ed1e1b6da5a7fa15c8da69a4555a9a"
 		score = 70
@@ -268624,8 +269188,8 @@ rule SIGNATURE_BASE_CN_Honker_Perl_Serv_U : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L48-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L48-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f333c597ff746ebd5a641fbc248497d61e3ec17b"
 		logic_hash = "deb4ee54f9127bc093f96f7dbf3633fbfc3f66358c76fb15928dabbbffdd4963"
 		score = 70
@@ -268649,8 +269213,8 @@ rule SIGNATURE_BASE_CN_Honker_F4Ck_Team_F4Ck : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L65-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L65-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e216f4ba3a07de5cdbb12acc038cd8156618759e"
 		logic_hash = "be4817bcaae952eb13c35dd89606ec733c682b2e197054bb348c3934012bd105"
 		score = 70
@@ -268675,8 +269239,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_3389 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L83-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L83-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f92b74f41a2138cc05c6b6993bcc86c706017e49"
 		logic_hash = "32603edd3f188a9f4919795df04112883d7b88da46b13fcd0b0e0065fd4c016b"
 		score = 70
@@ -268699,8 +269263,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_3389_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L99-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L99-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5ff92f39ade12f8ba6cb75dfdc9bb907e49f0ebd"
 		logic_hash = "637b3368fac624ca78d2f573b8b937b6b265426d7ed923f3a3d06039663c97ad"
 		score = 70
@@ -268724,8 +269288,8 @@ rule SIGNATURE_BASE_CN_Honker_Injection_Transit_Jmcook : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L116-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L116-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5e1851c77ce922e682333a3cb83b8506e1d7395d"
 		logic_hash = "f7a9aca65b92d4b9c787d83a421b54a23844fa8e061c6c627ddde8ab5b7f4396"
 		score = 70
@@ -268749,8 +269313,8 @@ rule SIGNATURE_BASE_CN_Honker_Pwdump7_Pwdump7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L133-L147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L133-L147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "67d0e215c96370dcdc681bb2638703c2eeea188a"
 		logic_hash = "50e4ec9716b4e9d824fb301bb493dcdcd9782d87c0fb8040b82a87faf56292cb"
 		score = 70
@@ -268773,8 +269337,8 @@ rule SIGNATURE_BASE_CN_Honker_Portrecall_Pr : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L149-L165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L149-L165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "583cf6dc2304121d835f2879803a22fea76930f3"
 		logic_hash = "f33373e87887506651b1fac464f860a3cf18ad681ba124b606524f6f2255e693"
 		score = 70
@@ -268799,8 +269363,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_3389_3 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L167-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L167-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cfedec7bd327897694f83501d76063fe16b13450"
 		logic_hash = "df07958e44c7896bc7bdf2b79bc95969593eb21b9c9ed51213fd15affb731ec2"
 		score = 70
@@ -268825,8 +269389,8 @@ rule SIGNATURE_BASE_CN_Honker_Alien_D : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L185-L203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L185-L203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "de9cd4bd72b1384b182d58621f51815a77a5f07d"
 		logic_hash = "2eca697dd1f2ad80c5cd71507cd5f8abd2364b11dfe3206a1043e3d4f5835797"
 		score = 70
@@ -268853,8 +269417,8 @@ rule SIGNATURE_BASE_CN_Honker_Chinachopper_Db : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L205-L221"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L205-L221"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "af79ff2689a6b7a90a5d3c0ebe709e42f2a15597"
 		logic_hash = "b650498df99c4620e3904ce8980cd58eb0cb5e0a7a275d54bdbcc41a687bec8e"
 		score = 70
@@ -268879,8 +269443,8 @@ rule SIGNATURE_BASE_CN_Honker_Syconfig : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L223-L237"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L223-L237"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ff75353df77d610d3bccfbffb2c9dfa258b2fac9"
 		logic_hash = "6b7f918b83bac84df5ac6b247d4162dd385aba0a32570366c62fc4830199e86e"
 		score = 70
@@ -268903,8 +269467,8 @@ rule SIGNATURE_BASE_CN_Honker_Linux_Bin : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L239-L254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L239-L254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "26e71e6ebc6a3bdda9467ce929610c94de8a7ca0"
 		logic_hash = "d02fcf23e46a0b6d44c382e34d73ef6239b6a1afc690e417aa0e6b0898e277c0"
 		score = 70
@@ -268928,8 +269492,8 @@ rule SIGNATURE_BASE_CN_Honker_Intersect2_Beta : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L256-L272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L256-L272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3ba5f720c4994cd4ad519b457e232365e66f37cc"
 		logic_hash = "bc6a83f8f851f7fb5b620be889619fcbd9f34ba27d495c2040e207caf95854bb"
 		score = 70
@@ -268954,8 +269518,8 @@ rule SIGNATURE_BASE_CN_Honker_IIS_Logcleaner1_0_Readme : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L274-L289"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L274-L289"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2ab47d876b49e9a693f602f3545381415e82a556"
 		logic_hash = "3cbd7b2e1710c78bc8ab8d2730cc6da8eb95038f8431d5d0081db984b3d706cf"
 		score = 70
@@ -268979,8 +269543,8 @@ rule SIGNATURE_BASE_CN_Honker_Alien_Command : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L291-L306"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L291-L306"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5896b74158ef153d426fba76c2324cd9c261c709"
 		logic_hash = "a55be30fdb6598669d144308af5a9b6a21ab6140c75fdfc18cecf5d9add4a530"
 		score = 70
@@ -269004,8 +269568,8 @@ rule SIGNATURE_BASE_CN_Honker_Portrecall_Bc : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L308-L324"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L308-L324"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2084990406398afd856b2309c7f579d7d61c3767"
 		logic_hash = "f51644f195e42b91dae80ba1770aeb40790ea8528b6d09f5fed0f71d93bda5fc"
 		score = 70
@@ -269030,8 +269594,8 @@ rule SIGNATURE_BASE_CN_Honker_Tuoku_Script_MSSQL_ : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L326-L342"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L326-L342"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7097c21f92306983add3b5b29a517204cd6cd819"
 		logic_hash = "4d721fd9711799cf3fd8ba6c300e270ed25faa2fb938ea01464e9bc9a3768e22"
 		score = 70
@@ -269056,8 +269620,8 @@ rule SIGNATURE_BASE_CN_Honker_Nc_MOVE : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L344-L360"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L344-L360"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4195370c103ca467cddc8f2724a8e477635be424"
 		logic_hash = "49f41162919bb04744041ae6f7438e61d98fb7d5984a17535d9c4ce4d398671b"
 		score = 70
@@ -269082,8 +269646,8 @@ rule SIGNATURE_BASE_CN_Honker_Mssqlpw_Scan : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_scripts.yar#L362-L377"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_scripts.yar#L362-L377"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e49def9d72bfef09a639ef3f7329083a0b8b151c"
 		logic_hash = "eb3bd38ca317f0b10358581fc3dbb8ca81b991b9a4f4f2d256d81a31028411b9"
 		score = 70
@@ -269107,8 +269671,8 @@ rule SIGNATURE_BASE_Gen_Suspicious_Inpage_Dropper : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/Ahmedfshosha/status/1138138981521154049"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_InPage_dropper.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_InPage_dropper.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8ab5d0bffa72b32f4c388f42a38a799c178fddf9f06b1262842e146c43448bd4"
 		score = 65
 		quality = 85
@@ -269135,8 +269699,8 @@ rule SIGNATURE_BASE_Locky_Ransomware
 		date = "2016-02-17"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/qScSrE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_locky.yar#L8-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_locky.yar#L8-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5e945c1d27c9ad77a2b63ae10af46aee7d29a6a43605a9bfbf35cebbcff184d8"
 		logic_hash = "c7584ea39c4aceedeb0ea2952be6ff212461674175855274f1783eef80ffba86"
 		score = 75
@@ -269159,8 +269723,8 @@ rule SIGNATURE_BASE_APT_APT28_Generic_Poco_Openssl
 		date = "2020-08-13"
 		modified = "2023-12-05"
 		reference = "https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt28_drovorub.yar#L1-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt28_drovorub.yar#L1-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b6a78c358b3aee6b172ec29e72ce810c6fbf332f180d5879f0889f47688225e1"
 		score = 50
 		quality = 85
@@ -269188,8 +269752,8 @@ rule SIGNATURE_BASE_APT_APT28_Drovorub_Library_And_Unique_Strings : FILE
 		date = "2020-08-13"
 		modified = "2023-12-05"
 		reference = "https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt28_drovorub.yar#L23-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt28_drovorub.yar#L23-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "adb0d4cb6d589213e6a125d3cc20fcea8164b697bdd24d897ce75e7c7f06120a"
 		score = 75
 		quality = 85
@@ -269216,8 +269780,8 @@ rule SIGNATURE_BASE_APT_APT28_Drovorub_Unique_Network_Comms_Strings
 		date = "2020-08-13"
 		modified = "2023-12-05"
 		reference = "https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt28_drovorub.yar#L44-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt28_drovorub.yar#L44-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8c82766b76c36fe64c6aa99577e1997d7181dbd36a4c27329845ae8a413f5327"
 		score = 75
 		quality = 85
@@ -269254,8 +269818,8 @@ rule SIGNATURE_BASE_Powershell_Emp_Eval_Jul17_A1 : FILE
 		date = "2017-07-27"
 		modified = "2023-12-05"
 		reference = "PowerShell Empire Eval"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_ps_empire_eval.yar#L11-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_ps_empire_eval.yar#L11-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e77ff4e216601c62a049569a6ea1aae13fc2612b480f4d7fad4e99dc72155da3"
 		score = 65
 		quality = 85
@@ -269279,8 +269843,8 @@ rule SIGNATURE_BASE_Powershell_Emp_Eval_Jul17_A2 : FILE
 		date = "2017-07-27"
 		modified = "2023-12-05"
 		reference = "PowerShell Empire Eval"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_ps_empire_eval.yar#L27-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_ps_empire_eval.yar#L27-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "28f320e721a61d7e2db39830652038eb4090429d73162888570a97b0bc1504d8"
 		score = 65
 		quality = 85
@@ -269304,8 +269868,8 @@ rule SIGNATURE_BASE_VULN_Confluence_Questions_Plugin_CVE_2022_26138_Jul22_1 : CV
 		date = "2022-07-21"
 		modified = "2023-12-05"
 		reference = "https://www.bleepingcomputer.com/news/security/atlassian-fixes-critical-confluence-hardcoded-credentials-flaw/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vul_confluence_questions_plugin_cve_2022_26138.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vul_confluence_questions_plugin_cve_2022_26138.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c164bd3d9ed1e155d51112e14340b814f6ea782604540c84a6e9efb5c6041156"
 		score = 50
 		quality = 85
@@ -269333,8 +269897,8 @@ rule SIGNATURE_BASE_Waterbug_Wipbot_2013_Core_PDF : FILE
 		date = "2015-01-22"
 		modified = "2023-12-05"
 		reference = "http://t.co/rF35OaAXrl"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbug.yar#L3-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbug.yar#L3-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a854926a4a98eb1d13a582b4ff4504b9740b8bbe7aa6b5192aeb4d2438a58926"
 		score = 75
 		quality = 35
@@ -269356,8 +269920,8 @@ rule SIGNATURE_BASE_Waterbug_Wipbot_2013_Dll
 		date = "2015-01-22"
 		modified = "2023-12-05"
 		reference = "http://t.co/rF35OaAXrl"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbug.yar#L17-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbug.yar#L17-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f29ff81d62bd6bea776aeddc0725b034624f836c234441f63a8b697e959d3f8d"
 		score = 75
 		quality = 85
@@ -269381,8 +269945,8 @@ rule SIGNATURE_BASE_Waterbug_Wipbot_2013_Core : FILE
 		date = "2015-01-22"
 		modified = "2023-01-27"
 		reference = "http://t.co/rF35OaAXrl"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbug.yar#L34-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbug.yar#L34-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "59e1363225b1f7765e953e3d6803270b82f4268431d92ef00ed1010df0793e5f"
 		score = 75
 		quality = 85
@@ -269406,8 +269970,8 @@ rule SIGNATURE_BASE_Waterbug_Turla_Dropper
 		date = "2015-01-22"
 		modified = "2023-12-05"
 		reference = "http://t.co/rF35OaAXrl"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbug.yar#L50-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbug.yar#L50-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6836b8d28fb41d9459f24d22e3c428b022b26885b7dce1caa5b0d5a7a1b7f82b"
 		score = 75
 		quality = 85
@@ -269429,8 +269993,8 @@ rule SIGNATURE_BASE_Waterbug_Fa_Malware : FILE
 		date = "2015-01-22"
 		modified = "2023-01-27"
 		reference = "http://t.co/rF35OaAXrl"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbug.yar#L64-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbug.yar#L64-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b3ac0d69551f27c7f81e24eb00e110639d4b31c8581dfee82715d65528b09632"
 		score = 75
 		quality = 85
@@ -269456,8 +270020,8 @@ rule SIGNATURE_BASE_Waterbug_Sav : FILE
 		date = "2015-01-22"
 		modified = "2023-01-27"
 		reference = "http://t.co/rF35OaAXrl"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbug.yar#L114-L129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbug.yar#L114-L129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c8622ac6cb1f0b9965fe6ee1a4860f19d8b0dc1c586e2a3771420b8d78648066"
 		score = 75
 		quality = 85
@@ -269481,8 +270045,8 @@ rule SIGNATURE_BASE_Foudre_Backdoor_1 : FILE
 		date = "2017-08-01"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Nbqbt6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_foudre.yar#L13-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_foudre.yar#L13-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e42959162017ddf6da1d0b2950096e93e0e98c3e5f88ae28fc48e82ef98ca87b"
 		score = 75
 		quality = 85
@@ -269508,8 +270072,8 @@ rule SIGNATURE_BASE_Foudre_Backdoor_Dropper_1 : FILE
 		date = "2017-08-01"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/Nbqbt6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_foudre.yar#L31-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_foudre.yar#L31-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "77ae856e74ceb04e73c26154d7b4cf98ed0e1d8b9ac6ed78775becbff2473e13"
 		score = 75
 		quality = 85
@@ -269538,8 +270102,8 @@ rule SIGNATURE_BASE_Foudre_Backdoor_Component_1 : FILE
 		date = "2017-08-01"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/Nbqbt6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_foudre.yar#L53-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_foudre.yar#L53-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2eb267ab93c297101aef0cfcca78d0299ca7baa96b983a5f2ff547394cbac82d"
 		score = 75
 		quality = 85
@@ -269565,8 +270129,8 @@ rule SIGNATURE_BASE_Foudre_Backdoor_SFX : FILE
 		date = "2017-08-01"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Nbqbt6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_foudre.yar#L77-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_foudre.yar#L77-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dd5492f5314cb87fdb7c8b29bdf31e1fcd8541ed47b20f309538437d9c6ac600"
 		score = 75
 		quality = 85
@@ -269592,8 +270156,8 @@ rule SIGNATURE_BASE_ATM_Malware_Loup_1 : FILE
 		date = "2020-08-17"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/r3c0nst/status/1295275546780327936"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_atm_loup.yar#L3-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_atm_loup.yar#L3-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6c9e9f78963ab3e7acb43826906af22571250dc025f9e7116e0201b805dc1196"
 		logic_hash = "5068c3f27cf821f512fb9a473d2bd45066d550f30fbc26f0cbebbe103e6f4ccb"
 		score = 75
@@ -269618,8 +270182,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Sep1_A1 : FILE
 		date = "2017-09-12"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dragonfly.yar#L13-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dragonfly.yar#L13-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d235dc964ac74d2b635251d07b2a9119b731a6c3c45b6b2a81ca88e6fc8b63b7"
 		score = 75
 		quality = 85
@@ -269639,8 +270203,8 @@ rule SIGNATURE_BASE_Dragonfly_APT_Sep17_1 : FILE
 		date = "2017-09-12"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dragonfly.yar#L29-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dragonfly.yar#L29-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c885fb690b7e047203529f0c4a6dd60dea822ce60a47e42b52d3216bc26da62e"
 		score = 75
 		quality = 85
@@ -269665,8 +270229,8 @@ rule SIGNATURE_BASE_Dragonfly_APT_Sep17_2 : FILE
 		date = "2017-09-12"
 		modified = "2023-01-06"
 		reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dragonfly.yar#L46-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dragonfly.yar#L46-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "433711dd15c8d1044b381046747194e47402288df06da6bbc61055dc9c90f52a"
 		score = 75
 		quality = 85
@@ -269696,8 +270260,8 @@ rule SIGNATURE_BASE_Dragonfly_APT_Sep17_3 : FILE
 		date = "2017-09-12"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dragonfly.yar#L68-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dragonfly.yar#L68-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f564685eb1426d1a3eb888a888bfdf3a8fa9bc96af07fb0bc5f10c0a324f1d9d"
 		score = 75
 		quality = 85
@@ -269723,8 +270287,8 @@ rule SIGNATURE_BASE_Dragonfly_APT_Sep17_4 : FILE
 		date = "2017-09-12"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dragonfly.yar#L91-L109"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dragonfly.yar#L91-L109"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "61af81f0cd1eccba3a1000e6715c9715e8e67849e5edd4279728a7e47bd8cb75"
 		score = 75
 		quality = 85
@@ -269752,8 +270316,8 @@ rule SIGNATURE_BASE_EXPL_LOG_CVE_2021_27065_Exchange_Forensic_Artefacts_Mar21_1
 		date = "2021-03-02"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium_log_sigs.yar#L2-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium_log_sigs.yar#L2-L13"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9306cf177928266ea921461e9da80ad5bb37e1e0848559898a414956cfbc2b49"
 		score = 75
 		quality = 85
@@ -269774,11 +270338,11 @@ rule SIGNATURE_BASE_EXPL_LOG_CVE_2021_26858_Exchange_Forensic_Artefacts_Mar21_1
 		date = "2021-03-02"
 		modified = "2021-03-04"
 		reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium_log_sigs.yar#L15-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium_log_sigs.yar#L15-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0a8296b7e990e52330412288e9ff71e08a5258fc63c4754e6d0e6d64302f55e6"
 		score = 65
-		quality = 60
+		quality = 85
 		tags = "LOG, CVE-2021-26858"
 
 	strings:
@@ -269796,8 +270360,8 @@ rule SIGNATURE_BASE_LOG_Exchange_Forensic_Artefacts_Cleanup_Activity_Mar21_1 : L
 		date = "2021-03-08"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/jdferrell3/status/1368626281970024448"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium_log_sigs.yar#L48-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium_log_sigs.yar#L48-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "12e5b76dafcae13f1eb21913ae0bde233152fd8b9d29f073893418ac9f742de3"
 		score = 70
 		quality = 85
@@ -269822,11 +270386,11 @@ rule SIGNATURE_BASE_EXPL_LOG_CVE_2021_27055_Exchange_Forensic_Artefacts : LOG
 		date = "2021-03-10"
 		modified = "2021-03-15"
 		reference = "https://www.praetorian.com/blog/reproducing-proxylogon-exploit/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium_log_sigs.yar#L67-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium_log_sigs.yar#L67-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "131ff0ce189dfeace0922000b0d15dfb5a1270bee8fba8e4d66aa75b1d3f864f"
 		score = 65
-		quality = 35
+		quality = 60
 		tags = "LOG"
 
 	strings:
@@ -269851,8 +270415,8 @@ rule SIGNATURE_BASE_LOG_CVE_2021_27065_Exchange_Forensic_Artefacts_Mar21_2 : LOG
 		date = "2021-03-10"
 		modified = "2023-12-05"
 		reference = "https://www.praetorian.com/blog/reproducing-proxylogon-exploit/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium_log_sigs.yar#L92-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium_log_sigs.yar#L92-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "13e2e46689bc0e87c3cf13dc2ce213c384afe6c03c21e62a467974a0518c12da"
 		score = 65
 		quality = 60
@@ -269873,8 +270437,8 @@ rule SIGNATURE_BASE_HKTL_Koh_Tokenstealer : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/GhostPack/Koh"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_hktl_koh_tokenstealer.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_hktl_koh_tokenstealer.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e2c4d948e23f1a3a92689f35fedde6e041d09cd88deac9ff3249556be0b8f789"
 		score = 75
 		quality = 85
@@ -269899,8 +270463,8 @@ rule SIGNATURE_BASE_APT_Backdoor_SUNBURST_1
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_solarwinds_sunburst.yar#L6-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_solarwinds_sunburst.yar#L6-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1fc006dead2fd540717e00e468bf30f37bdb1d061a805e33683e4a77db7f9156"
 		score = 85
 		quality = 77
@@ -269929,8 +270493,8 @@ rule SIGNATURE_BASE_APT_Backdoor_SUNBURST_2
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_solarwinds_sunburst.yar#L28-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_solarwinds_sunburst.yar#L28-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2bf0697b110bca88f712cbccaf0d2ba614d6093d6d9595659aefe088848d3826"
 		score = 85
 		quality = 83
@@ -269990,8 +270554,8 @@ rule SIGNATURE_BASE_APT_Webshell_SUPERNOVA_1 : FILE
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_solarwinds_sunburst.yar#L80-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_solarwinds_sunburst.yar#L80-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8471e6b3675e7e9ccfe5b81ab4c599668f2de528f3b179a675f50aa1fd7814b2"
 		score = 85
 		quality = 81
@@ -270018,8 +270582,8 @@ rule SIGNATURE_BASE_APT_Webshell_SUPERNOVA_2 : FILE
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_solarwinds_sunburst.yar#L100-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_solarwinds_sunburst.yar#L100-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "96e344bd2ba3ee07784852db3e9935352762c2fa7b6be88f00cac10a90706ffc"
 		score = 85
 		quality = 83
@@ -270045,8 +270609,8 @@ rule SIGNATURE_BASE_APT_Hacktool_PS1_COSMICGALE_1
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_solarwinds_sunburst.yar#L119-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_solarwinds_sunburst.yar#L119-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c7b4d3c29d57b8db8d21e3a436c83617bc3fe14e66ccc1500b33a3774f09ee12"
 		score = 85
 		quality = 40
@@ -270075,8 +270639,8 @@ rule SIGNATURE_BASE_APT_Dropper_Raw64_TEARDROP_1
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_solarwinds_sunburst.yar#L141-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_solarwinds_sunburst.yar#L141-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6ab5197e7a1a123055b361a2ef79f8a77a7935606fccc8f163ea5914c94cd14d"
 		score = 85
 		quality = 85
@@ -270099,8 +270663,8 @@ rule SIGNATURE_BASE_APT_Dropper_Win64_TEARDROP_1 : FILE
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_solarwinds_sunburst.yar#L157-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_solarwinds_sunburst.yar#L157-L174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a1fa9b9c700601d10cb77ec714b972f04308de615dfc519f680fc956227cc11d"
 		score = 70
 		quality = 85
@@ -270125,8 +270689,8 @@ rule SIGNATURE_BASE_Honeybee_Dropper_Maldoc : FILE
 		date = "2018-03-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JAHZVL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_honeybee.yar#L13-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_honeybee.yar#L13-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8bc680a59a7bd269eea001c2c74e41ecd93a9b848210779fc7d9c24dfab7767a"
 		score = 75
 		quality = 85
@@ -270158,8 +270722,8 @@ rule SIGNATURE_BASE_Ophoneybee_Malware_1 : FILE
 		date = "2018-03-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JAHZVL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_honeybee.yar#L37-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_honeybee.yar#L37-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5cd37bc515bc1dd61ee58cfdf34622e4f884cc771d1fa2c793986be94b751a70"
 		score = 75
 		quality = 85
@@ -270197,8 +270761,8 @@ rule SIGNATURE_BASE_Ophoneybee_Maocheng_Dropper : FILE
 		date = "2018-03-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JAHZVL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_honeybee.yar#L73-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_honeybee.yar#L73-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "85bcde1d821c052636a75dce4d8c3753188dd7da5fce2b3401d51c02d1c2fa6b"
 		score = 75
 		quality = 85
@@ -270221,8 +270785,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_1 : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dubnium.yar#L10-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dubnium.yar#L10-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "94763f42dacbeede9a72c3ecc222164a5808bd74c5d2d783c76831221a9c30c8"
 		score = 75
 		quality = 85
@@ -270246,8 +270810,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_2 : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dubnium.yar#L26-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dubnium.yar#L26-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5b633a7e002609fa78b0de8fb818af1b47fbe77497d161b6b41602fb34780ca8"
 		score = 75
 		quality = 85
@@ -270271,8 +270835,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_3 : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dubnium.yar#L42-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dubnium.yar#L42-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "851efb71cd80040fdd13d9961d1e0084421c783afc43417ff1ac3ed023a73ae1"
 		score = 75
 		quality = 85
@@ -270302,8 +270866,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_5 : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dubnium.yar#L64-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dubnium.yar#L64-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0f84f502ba9a4fe304851badfa98d9e8500cdef472d4358cfd327365ac04dda3"
 		score = 75
 		quality = 85
@@ -270336,8 +270900,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_6 : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dubnium.yar#L89-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dubnium.yar#L89-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3425734b3259ebd5390cf16d2e394a4cc735dc3fc9fcc627b46bcc77729e465e"
 		score = 75
 		quality = 85
@@ -270365,8 +270929,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_7 : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dubnium.yar#L109-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dubnium.yar#L109-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "76cf4acee025fcae1dec975a124f4bf808f1f09f99f7fa6a4e965febd6a89e3a"
 		score = 75
 		quality = 85
@@ -270398,8 +270962,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_Sshopenssl : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dubnium.yar#L133-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dubnium.yar#L133-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5cad6b0785e8c9627f1b9678dc6206cf36cd33ead2283f77655fdb0ea36249e9"
 		score = 75
 		quality = 85
@@ -270428,8 +270992,8 @@ rule SIGNATURE_BASE_Rottenpotato_Potato : FILE
 		date = "2017-02-07"
 		modified = "2022-12-21"
 		reference = "https://github.com/foxglovesec/RottenPotato"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rottenpotato.yar#L10-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rottenpotato.yar#L10-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "79d2dfd5c2cfd12301c1924dce2ca2a2c3cc070565671c3e0cd69123d2245b1c"
 		score = 90
 		quality = 85
@@ -270460,8 +271024,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Powerup : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_toolkit.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_toolkit.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "64562c623de89df59d15db48990c25886c67b79ac9341cf8f21ef372057ccd85"
 		score = 80
 		quality = 85
@@ -270491,8 +271055,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Inveigh_Bruteforce : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_toolkit.yar#L33-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_toolkit.yar#L33-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b23b6ad66e054e435415464262004ead6e7ee121185d76c02110506293b3867b"
 		score = 80
 		quality = 85
@@ -270517,8 +271081,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Invoke_Shellcode : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_toolkit.yar#L51-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_toolkit.yar#L51-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "03e9a8c5e45781d73fd13c331d82802a18e4255b506e896019d6f08c5a67dedf"
 		score = 80
 		quality = 85
@@ -270545,8 +271109,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Invoke_Mimikatz : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_toolkit.yar#L71-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_toolkit.yar#L71-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0bca6245befb5183f6a45406823c45267b0a31fb0d4505606b98025f6494f2cc"
 		score = 80
 		quality = 85
@@ -270574,8 +271138,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Invoke_Relfectivepeinjection : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_toolkit.yar#L92-L111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_toolkit.yar#L92-L111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "910b8b1dbc7306369f90eae0dfd5949347b2c41fa0eb5f590aed8e90e8db199a"
 		score = 80
 		quality = 85
@@ -270603,8 +271167,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Persistence : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_toolkit.yar#L113-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_toolkit.yar#L113-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bfe6b20fb712fcf7b45d0ef80075bc9a254867d2251109f377a378f887b38494"
 		score = 80
 		quality = 85
@@ -270634,8 +271198,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Invoke_Mimikatz_Relfectivepeinjection : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_toolkit.yar#L136-L162"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_toolkit.yar#L136-L162"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "220597cb76c189adc33a9ac740c8164b52743f61523898aefb7a74206b23b76b"
 		score = 80
 		quality = 85
@@ -270670,8 +271234,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Inveigh_Bruteforce_2 : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_toolkit.yar#L164-L181"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_toolkit.yar#L164-L181"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5c035898a9574e2516cbc66efcf57f7380fd979c4a5099f8a0a190ad21af32c0"
 		score = 80
 		quality = 85
@@ -270697,8 +271261,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Powerup_2 : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_toolkit.yar#L183-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_toolkit.yar#L183-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8cbd86f103d8b49e72787cbb85fc97e6a02d5332039ce29359cb673c273760b7"
 		score = 80
 		quality = 85
@@ -270726,8 +271290,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Persistence_2 : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_toolkit.yar#L204-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_toolkit.yar#L204-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "47d1c3593edeba02e1c08cc53b4ba3d375b73dd04816b84e807e28be2bcf917e"
 		score = 80
 		quality = 85
@@ -270758,8 +271322,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Inveigh_Bruteforce_3 : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_toolkit.yar#L228-L248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_toolkit.yar#L228-L248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "09afe669e90bd73318a9f9f68fda362451f6611f8585de67176c5dc43f05f937"
 		score = 80
 		quality = 85
@@ -270789,8 +271353,8 @@ rule SIGNATURE_BASE_Agent_BTZ_Proxy_DLL_1 : FILE
 		date = "2017-08-07"
 		modified = "2023-12-05"
 		reference = "http://www.intezer.com/new-variants-of-agent-btz-comrat-found/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_agent_btz.yar#L13-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_agent_btz.yar#L13-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ea430b2888b487a5c7a91b73e8a7893b53d67e8ac95ae85fe9d15c633b2ee660"
 		score = 75
 		quality = 85
@@ -270815,8 +271379,8 @@ rule SIGNATURE_BASE_Agent_BTZ_Proxy_DLL_2 : FILE
 		date = "2017-08-07"
 		modified = "2023-12-05"
 		reference = "http://www.intezer.com/new-variants-of-agent-btz-comrat-found/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_agent_btz.yar#L29-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_agent_btz.yar#L29-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "41960e6deaee5d087b0eeee515b323cef8ead45ad305d053f6eb1897e204b003"
 		score = 75
 		quality = 85
@@ -270850,8 +271414,8 @@ rule SIGNATURE_BASE_Agent_BTZ_Aug17 : FILE
 		date = "2017-08-07"
 		modified = "2023-12-05"
 		reference = "http://www.intezer.com/new-variants-of-agent-btz-comrat-found/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_agent_btz.yar#L54-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_agent_btz.yar#L54-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cf4fc7820d516cf0322bf25460301b4d04f914814fc2a069164814dd4e1158be"
 		score = 75
 		quality = 85
@@ -270877,8 +271441,8 @@ rule SIGNATURE_BASE_APT_Turla_Agent_BTZ_Gen_1 : FILE
 		date = "2018-06-16"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_agent_btz.yar#L75-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_agent_btz.yar#L75-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8616d95e683f213916f06a7bf672ced90b2fa55cb4331176021614b4f0b03aed"
 		score = 80
 		quality = 85
@@ -270913,8 +271477,8 @@ rule SIGNATURE_BASE_HKTL_Keyword_Injectdll : FILE
 		date = "2019-04-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/zerosum0x0/koadic"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_hacktool.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_hacktool.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "51c54026672e9ad36d2d68ae8dba61437f8808fbf2ad3c3c7bb086d8abb63987"
 		score = 60
 		quality = 85
@@ -270937,8 +271501,8 @@ rule SIGNATURE_BASE_HKTL_Python_Sectools
 		date = "2023-01-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/p0dalirius/sectools"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_hacktool.yar#L18-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_hacktool.yar#L18-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "814ba1aa62bbb7aba886edae0f4ac5370818de15ca22a52a6ab667b4e93abf84"
 		hash = "b3328ac397d311e6eb79f0a5b9da155c4d1987e0d67487ea681ea59d93641d9e"
 		hash = "8cd205d5380278cff6673520439057e78fb8bf3d2b1c3c9be8463e949e5be4a1"
@@ -270964,8 +271528,8 @@ rule SIGNATURE_BASE_Powershell_Susp_Parameter_Combo : HIGHVOL FILE
 		date = "2017-03-12"
 		modified = "2022-09-15"
 		reference = "https://goo.gl/uAic1X"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_invocation.yar#L2-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_invocation.yar#L2-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d56d97b4f0506430f21ccb029524111c404c03f8cef25710b96c6c0915fdcf22"
 		score = 60
 		quality = 31
@@ -271034,8 +271598,8 @@ rule SIGNATURE_BASE_Invoke_Mimikatz
 		date = "2016-08-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_invoke_mimikatz.yar#L10-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_invoke_mimikatz.yar#L10-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b9bfa54a64d6f6b8af97ec62c9102ccf0912a19b65fbd25a4836480e63497a00"
 		score = 75
 		quality = 85
@@ -271059,8 +271623,8 @@ rule SIGNATURE_BASE_SUSP_Nullsoftinst_Combo_Oct20_1 : FILE
 		date = "2020-10-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/malwrhunterteam/status/1313023627177193472"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_anomalies_keyword_combos.yar#L2-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_anomalies_keyword_combos.yar#L2-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8aef24295281da5ffa1c6f865eaa6cc8d60ea1df670058220bdb97651b6114cd"
 		score = 65
 		quality = 85
@@ -271095,8 +271659,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_Lsls : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyberintproject/status/961714165550342146"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cn_campaign_njrat.yar#L13-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cn_campaign_njrat.yar#L13-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c6542391e8d1a4fe4d26fd8b2dfb1fcab7b39c67dcc6495f2e5f95c4d6f8d61c"
 		score = 75
 		quality = 85
@@ -271119,8 +271683,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_C : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyberintproject/status/961714165550342146"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cn_campaign_njrat.yar#L28-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cn_campaign_njrat.yar#L28-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cfdc7ce8b89a16d2ae604268a030bd41259fed87a7f37b0dca8f7c467703c7f2"
 		score = 75
 		quality = 85
@@ -271153,8 +271717,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_System3 : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyberintproject/status/961714165550342146"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cn_campaign_njrat.yar#L57-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cn_campaign_njrat.yar#L57-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8292ae1de39c57bc5ed6fa078570e92dbcd22cd13d5b5f22d158986708139fbe"
 		score = 75
 		quality = 85
@@ -271181,8 +271745,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_Mal1 : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cn_campaign_njrat.yar#L77-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cn_campaign_njrat.yar#L77-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cf532761d07ee3e84028a9071409f081a7a85728d55c215c912f0b70902f101f"
 		score = 75
 		quality = 85
@@ -271213,8 +271777,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_Keylogger_1 : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cn_campaign_njrat.yar#L105-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cn_campaign_njrat.yar#L105-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "efba7004614c690e469082255cf7b5cb62cac5da2bfcc26e036e2eafcb5728f9"
 		score = 75
 		quality = 85
@@ -271242,8 +271806,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_Mal4 : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cn_campaign_njrat.yar#L124-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cn_campaign_njrat.yar#L124-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "044901271adb06036e7d5aa8f2b6f893be10445bee95453c293d0025994e8d21"
 		score = 75
 		quality = 85
@@ -271267,8 +271831,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_Mal5 : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cn_campaign_njrat.yar#L140-L160"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cn_campaign_njrat.yar#L140-L160"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "971276d5033477a08a1ec037cff9735667c2b4f7d9d4a7bcd88f2b1d8c348d4f"
 		score = 75
 		quality = 85
@@ -271298,8 +271862,8 @@ rule SIGNATURE_BASE_SUSP_RAR_Ntdsdit : FILE
 		date = "2019-12-16"
 		modified = "2022-11-15"
 		reference = "https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_rar_exfil.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_rar_exfil.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "12e527b040e02f573f2a6e0fac4ff99ec441bf189c9bb7e1f763619c079a5bfa"
 		score = 70
 		quality = 85
@@ -271322,8 +271886,8 @@ rule SIGNATURE_BASE_Winagent_Badpatch_1 : FILE
 		date = "2017-10-20"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/RvDwwA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_bad_patch.yar#L11-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_bad_patch.yar#L11-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "568086edb8884877f9dcb0cffa1e4c05164e6884bf80ce50692cedfa3e8d5750"
 		score = 75
 		quality = 85
@@ -271360,8 +271924,8 @@ rule SIGNATURE_BASE_Winagent_Badpatch_2 : FILE
 		date = "2017-10-20"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/RvDwwA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_bad_patch.yar#L41-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_bad_patch.yar#L41-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "649cfca8fa9d3b9f12b56fd81d4133a00eb5449e67fca2abe85fbfb778912df8"
 		score = 75
 		quality = 85
@@ -271404,8 +271968,8 @@ rule SIGNATURE_BASE_Rombertik_Carbongrabber : FILE
 		date = "2015-05-05"
 		modified = "2023-12-05"
 		reference = "http://blogs.cisco.com/security/talos/rombertik"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_rombertik_carbongrabber.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_rombertik_carbongrabber.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ddc3ebcc460909a4afc9994cae53c9b7642f92ab6f16e2653f6b2d5002a33cda"
 		score = 75
 		quality = 85
@@ -271436,8 +272000,8 @@ rule SIGNATURE_BASE_Rombertik_Carbongrabber_Panel_Installscript : FILE
 		date = "2015-05-05"
 		modified = "2023-12-05"
 		reference = "http://blogs.cisco.com/security/talos/rombertik"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_rombertik_carbongrabber.yar#L33-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_rombertik_carbongrabber.yar#L33-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cd6c152dd1e0689e0bede30a8bd07fef465fbcfa"
 		logic_hash = "a0edc53aea21bc317f510a4a463ca677d9dc1ec234ca9824bc46711c851f2ccc"
 		score = 75
@@ -271467,8 +272031,8 @@ rule SIGNATURE_BASE_Rombertik_Carbongrabber_Panel : FILE
 		date = "2015-05-05"
 		modified = "2023-12-05"
 		reference = "http://blogs.cisco.com/security/talos/rombertik"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_rombertik_carbongrabber.yar#L55-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_rombertik_carbongrabber.yar#L55-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e6e9e4fc3772ff33bbeeda51f217e9149db60082"
 		logic_hash = "8b7fde3c3894b7aa83e05f6a1b820195276f8738fde218485c0465afaed88427"
 		score = 75
@@ -271496,8 +272060,8 @@ rule SIGNATURE_BASE_Rombertik_Carbongrabber_Builder : FILE
 		date = "2015-05-05"
 		modified = "2023-12-05"
 		reference = "http://blogs.cisco.com/security/talos/rombertik"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_rombertik_carbongrabber.yar#L75-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_rombertik_carbongrabber.yar#L75-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b50ecc0ba3d6ec19b53efe505d14276e9e71285f"
 		logic_hash = "e9d13913ee03926920eba33a4dac2a6e9aeaaa54949c5bfea8dd956cf233abae"
 		score = 75
@@ -271524,8 +272088,8 @@ rule SIGNATURE_BASE_Rombertik_Carbongrabber_Builder_Server : FILE
 		date = "2015-05-05"
 		modified = "2023-12-05"
 		reference = "http://blogs.cisco.com/security/talos/rombertik"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_rombertik_carbongrabber.yar#L94-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_rombertik_carbongrabber.yar#L94-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "895fab8d55882eac51d4b27a188aa67205ff0ae5"
 		logic_hash = "693c92128166c72aded066fa66eef906a9f6027c65b889f3a487a38382f29982"
 		score = 75
@@ -271558,8 +272122,8 @@ rule SIGNATURE_BASE_HKTL_Bruteratel_Badger_Indicators_Oct22_4 : FILE
 		date = "2022-10-12"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/embee_research/status/1580030310778953728"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/hktl_bruteratel_c4_badger.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/hktl_bruteratel_c4_badger.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9af05225f462c8d4ec1fb14dc06bb789f76b0d818cb82c3dfcd5abc693727f33"
 		score = 75
 		quality = 85
@@ -271583,8 +272147,8 @@ rule SIGNATURE_BASE_Octowave_Loader_03_2025 : FILE
 		date = "2025-03-19"
 		modified = "2025-03-21"
 		reference = "https://yaratoolkit.securitybreak.io/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_octowave_loader_mar25.yar#L1-L285"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_octowave_loader_mar25.yar#L1-L285"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "266568d5f0f95cc805a833745a9e63689234ae927c2903230438c080f7ec2e56"
 		score = 75
 		quality = 85
@@ -271737,8 +272301,8 @@ rule SIGNATURE_BASE_Octowave_Loader_Supporting_File_03_2025 : FILE
 		date = "2025-03-19"
 		modified = "2025-03-21"
 		reference = "https://x.com/CyberRaiju/status/1893450184224362946?t=u0X6ST2Qgnrf-ujjphGOSg&s=19"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_octowave_loader_mar25.yar#L287-L312"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_octowave_loader_mar25.yar#L287-L312"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "42abd38e704a17ef81b423829c2dd356749873a5d036e43cc2746debfb3f5434"
 		score = 75
 		quality = 85
@@ -271768,8 +272332,8 @@ rule SIGNATURE_BASE_Muddywater_Mal_Doc_Feb18_1 : FILE
 		date = "2018-02-26"
 		modified = "2023-12-05"
 		reference = "Internal Research - TI2T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_muddywater.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_muddywater.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b675b004f86695821737b7fc05276c8350e44f5822ec458a74658f895ccf7082"
 		score = 75
 		quality = 85
@@ -271793,8 +272357,8 @@ rule SIGNATURE_BASE_Muddywater_Mal_Doc_Feb18_2 : FILE
 		date = "2018-02-26"
 		modified = "2023-12-05"
 		reference = "Internal Research - TI2T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_muddywater.yar#L28-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_muddywater.yar#L28-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b198396d27b32f8aa57a25cd6e33deb2bcfb726731e2e07f8b9d50b5f6ff13a0"
 		score = 75
 		quality = 85
@@ -271822,8 +272386,8 @@ rule SIGNATURE_BASE_MAL_Muddywater_Droppedtask_Jun18_1 : FILE
 		date = "2018-06-12"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/719c94eb-0a00-47cc-b583-ad4f9e25ebdb"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_muddywater.yar#L48-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_muddywater.yar#L48-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "776ae1adab223ae258d1c1c0c501e177dafe196964a2ede31789a7caa8495b2d"
 		score = 75
 		quality = 85
@@ -271850,8 +272414,8 @@ rule SIGNATURE_BASE_MAL_Emotet_JS_Dropper_Oct19_1 : FILE
 		date = "2019-10-03"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/aaa75105-dc85-48ca-9732-085b2ceeb6eb/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_emotet.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_emotet.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "563077f3bc8ee18a887eecb9f0591c693e5543a9875eebad2186745154af1ade"
 		score = 75
 		quality = 85
@@ -271876,8 +272440,8 @@ rule SIGNATURE_BASE_MAL_Emotet_Jan20_1 : FILE
 		date = "2020-01-29"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_emotet.yar#L20-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_emotet.yar#L20-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "23ffcdde3eae7637e5b47a0f940cbebafccfd4c3f222b882e73d7d02447b83c3"
 		score = 75
 		quality = 85
@@ -271901,8 +272465,8 @@ rule SIGNATURE_BASE_MAL_Emotet_BKA_Quarantine_Apr21
 		date = "2021-03-23"
 		modified = "2023-12-05"
 		reference = "https://www.bka.de/DE/IhreSicherheit/RichtigesVerhalten/StraftatenImInternet/FAQ/FAQ_node.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_emotet.yar#L39-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_emotet.yar#L39-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cc75be5f641e21446a41bf9cc855330a612847e7e3a3be935577d33195f40d05"
 		score = 75
 		quality = 85
@@ -271926,8 +272490,8 @@ rule SIGNATURE_BASE_MAL_Emotet_BKA_Cleanup_Apr21 : FILE
 		date = "2021-03-23"
 		modified = "2023-12-05"
 		reference = "https://www.bka.de/DE/IhreSicherheit/RichtigesVerhalten/StraftatenImInternet/FAQ/FAQ_node.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_emotet.yar#L54-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_emotet.yar#L54-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "533adaed96d015ea2dcd54d5aaf9e71b5b70430ed5733a98618925cf978a6515"
 		score = 75
 		quality = 85
@@ -271951,8 +272515,8 @@ rule SIGNATURE_BASE_Skeleton_Key_Patcher
 		date = "2015-01-13"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/aAk3lN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_skeletonkey.yar#L3-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_skeletonkey.yar#L3-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "451b77152e38a120bd8d8a832f0f7c003974113ead18aabfe043a332fb1f484c"
 		score = 70
 		quality = 85
@@ -271979,8 +272543,8 @@ rule SIGNATURE_BASE_Skeleton_Key_Injected_Code
 		date = "2015-01-13"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/aAk3lN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_skeletonkey.yar#L26-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_skeletonkey.yar#L26-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e87cb9a49d0df6f75ca1ae51f8255ea476b699e82d525d7eca06bfda3462d84b"
 		score = 70
 		quality = 85
@@ -272004,8 +272568,8 @@ rule SIGNATURE_BASE_SUSP_RANSOMWARE_Indicator_Jul20 : FILE
 		date = "2020-07-28"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_generic.yar#L2-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_generic.yar#L2-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3dd1b29f45afba16d58619416e0d420acd38fb8ae1fc846035229a27b9e5c9d9"
 		score = 60
 		quality = 85
@@ -272045,8 +272609,8 @@ rule SIGNATURE_BASE_HKTL_Redmimicry_Agent
 		date = "2020-06-22"
 		modified = "2023-01-06"
 		reference = "https://redmimicry.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_redmimicry.yar#L2-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_redmimicry.yar#L2-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "645da2764ca911c4aae80b90622d2c61933dee929403858fc49f7bc0d44300c6"
 		score = 75
 		quality = 85
@@ -272077,8 +272641,8 @@ rule SIGNATURE_BASE_HKTL_Redmimicry_Winntiloader
 		date = "2020-06-22"
 		modified = "2023-01-10"
 		reference = "https://redmimicry.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_redmimicry.yar#L28-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_redmimicry.yar#L28-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d8ef457ac41a7c45cc7e97330bdd3de12eb3391c03d0a6a87ddc669c841c325d"
 		score = 75
 		quality = 85
@@ -272102,8 +272666,8 @@ rule SIGNATURE_BASE_MAL_JS_Efile_Apr23_1
 		date = "2023-04-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/Ax_Sharma/status/1643178696084271104/photo/1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_efile_apr23.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_efile_apr23.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6d94162e5719b92d9df349e7d48cd70e218998b0e120870a435a8073fa49c532"
 		score = 75
 		quality = 85
@@ -272125,8 +272689,8 @@ rule SIGNATURE_BASE_MAL_PHP_Efile_Apr23_1
 		date = "2023-04-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/malwrhunterteam/status/1642988428080865281?s=12&t=C0_T_re0wRP_NfKa27Xw9w"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_efile_apr23.yar#L18-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_efile_apr23.yar#L18-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ec4ac3f5c19f506a70eacb5fe3173cc06bf20567bbc9a96f3b269910382e5fa2"
 		score = 75
 		quality = 85
@@ -272149,8 +272713,8 @@ rule SIGNATURE_BASE_HKTL_EXPL_POC_Libssh_Auth_Bypass_CVE_2023_2283_Jun23_1 : CVE
 		date = "2023-06-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/github/securitylab/tree/1786eaae7f90d87ce633c46bbaa0691d2f9bf449/SecurityExploits/libssh/pubkey-auth-bypass-CVE-2023-2283"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_libssh_cve_2023_2283_jun23.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_libssh_cve_2023_2283_jun23.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4c3d54d7f4902c1da664e41096b5931e6534aaaf63243f12e05b81af63d8b28f"
 		score = 85
 		quality = 85
@@ -272172,8 +272736,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Spork_Downloader : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_slingshot.yar#L11-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_slingshot.yar#L11-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5dac11c595d838cb6b5f1e548307ea79d119c890c54e954453cf1a264e1d14ed"
 		score = 75
 		quality = 85
@@ -272196,8 +272760,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Minisling : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_slingshot.yar#L26-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_slingshot.yar#L26-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7d370271fea6c607c051eb49681600b4f59878c2fd2d43d71194bddda78d7b09"
 		score = 75
 		quality = 85
@@ -272219,8 +272783,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Ring0_Loader : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_slingshot.yar#L40-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_slingshot.yar#L40-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c231158e44de01585e9fb4bd9768b388016972e2026e049070cdc6cd35362609"
 		score = 75
 		quality = 85
@@ -272249,8 +272813,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Malware_1 : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_slingshot.yar#L60-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_slingshot.yar#L60-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "43cf94058fe3833a4623ecb784eea50e199536d4903fb9457843b7b5e9a244e3"
 		score = 75
 		quality = 85
@@ -272275,8 +272839,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Malware_2 : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_slingshot.yar#L81-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_slingshot.yar#L81-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d56dadf747c64cb518ddc9aaee38fd50c67fe7344d7569d9ef3169099e7f36c5"
 		score = 75
 		quality = 85
@@ -272305,8 +272869,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Malware_3 : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_slingshot.yar#L102-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_slingshot.yar#L102-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "420c54ce90a13258e0dd54524fe7df4dd97d3e8f1eeaa8ca14350670a87e87c6"
 		score = 75
 		quality = 85
@@ -272332,8 +272896,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Malware_4 : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_slingshot.yar#L124-L144"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_slingshot.yar#L124-L144"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a9f4b7b4079ebd5ffbee4c82032d28b0015968cb369fae2b0f19b054bf5a1c3c"
 		score = 75
 		quality = 85
@@ -272360,8 +272924,8 @@ rule SIGNATURE_BASE_Mal_Lockbit4_Hashing_Alg_Win_Feb24 : FILE
 		date = "2024-02-16"
 		modified = "2025-03-20"
 		reference = "https://0x0d4y.blog/lockbit4-0-evasion-tales/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lockbit4_hashing_alg_win_feb24.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lockbit4_hashing_alg_win_feb24.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "062311f136d83f64497fd81297360cd4"
 		logic_hash = "41497ea30a4cfdd111726a5819ec404a1eeba1693f5d6b89ac38558eb1c6bde9"
 		score = 100
@@ -272387,8 +272951,8 @@ rule SIGNATURE_BASE_MAL_WIN_Megazord_Apr25 : FILE
 		date = "2025-04-11"
 		modified = "2025-04-16"
 		reference = "https://ish.com.br/wp-content/uploads/2025/04/A-Anatomia-do-Ransomware-Akira-e-sua-expansao-multiplataforma.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_win_megazord_apr25.yar#L1-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_win_megazord_apr25.yar#L1-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fd380db23531bb7bb610a7b32fc2a6d5"
 		logic_hash = "1a73e67b9a43c4f1bbe9f3dbebeb428bbfa705f7c858909a7bbf0673951d677e"
 		score = 80
@@ -272421,8 +272985,8 @@ rule SIGNATURE_BASE_MAL_Github_Repo_Compromise_Myjino_Ru_Aug22
 		date = "2022-08-03"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/stephenlacy/status/1554697077430505473"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_repo_compromise_myjino_ru.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_repo_compromise_myjino_ru.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5cbe6ee46a68d89b1e772762e29baa907458235cd014f20a0d0932e95c046f19"
 		score = 90
 		quality = 85
@@ -272444,8 +273008,8 @@ rule SIGNATURE_BASE_MAL_Backnet_Nov18_1 : FILE
 		date = "2018-11-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/valsov/BackNet"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_backnet.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_backnet.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ea809a65a3cd786efe03ff7d831847e658851f76ee9dd084cb6c622b6e44c75f"
 		score = 75
 		quality = 85
@@ -272473,8 +273037,8 @@ rule SIGNATURE_BASE_Darkeyev3_Cryptor : FILE
 		date = "2015-05-24"
 		modified = "2023-12-05"
 		reference = "http://darkeyev3.blogspot.fi/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/generic_cryptors.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/generic_cryptors.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fdd3a9c22aebb40d000a642f2433adc7dd591784bdf2924edc3effce7bbfa5c2"
 		score = 55
 		quality = 85
@@ -272505,11 +273069,11 @@ rule SIGNATURE_BASE_Groups_Cpassword : FILE
 		date = "2015-09-08"
 		modified = "2023-12-05"
 		reference = "http://www.grouppolicy.biz/2013/11/why-passwords-in-group-policy-preference-are-very-bad/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_gpp_cpassword.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_gpp_cpassword.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "de37dc77d9a2462f5d54ad5225405c6d95dad39e67a893f5442b26dc641a20f9"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 
@@ -272531,8 +273095,8 @@ rule SIGNATURE_BASE_APT_PS1_Sysaid_EXPL_Forensicartifacts_Nov23_1 : SCRIPT CVE_2
 		date = "2023-11-09"
 		modified = "2023-12-05"
 		reference = "https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_sysaid_cve_2023_47246.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_sysaid_cve_2023_47246.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "85efeea88961ca99b22004726d88efc46c748273b9a0b3be674f4cbb12cd3dd1"
 		score = 85
 		quality = 85
@@ -272554,8 +273118,8 @@ rule SIGNATURE_BASE_MAL_Loader_Turtleloader_Nov23 : CVE_2023_47246 FILE
 		date = "2023-11-09"
 		modified = "2023-12-05"
 		reference = "https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_sysaid_cve_2023_47246.yar#L17-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_sysaid_cve_2023_47246.yar#L17-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "14a1636ed4dc3c897fefe53946e67339f91da9e2fbed2c99b9b4119dcc2649c0"
 		score = 85
 		quality = 85
@@ -272582,8 +273146,8 @@ rule SIGNATURE_BASE_MAL_Grace_Dec22
 		date = "2022-12-13"
 		modified = "2023-12-05"
 		reference = "https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_sysaid_cve_2023_47246.yar#L40-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_sysaid_cve_2023_47246.yar#L40-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8276662dadfa2f8e07dd7882a60e55bd22ecf1f8f66a09940f16236598646560"
 		score = 70
 		quality = 85
@@ -272611,8 +273175,8 @@ rule SIGNATURE_BASE_APT_Fnv1A_Plus_Extra_XOR_In_MSIL_Experimental : FILE
 		date = "2020-12-22"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_backdoor_sunburst_fnv1a_experimental.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_backdoor_sunburst_fnv1a_experimental.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6db212b21fec8d2c1b4cff9e32bdc027835ed660e7552b49f4418e7d0b35ca11"
 		score = 50
 		quality = 85
@@ -272638,8 +273202,8 @@ rule SIGNATURE_BASE_Typical_Malware_String_Transforms : FILE
 		date = "2016-07-31"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_transformed_strings.yar#L10-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_transformed_strings.yar#L10-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1d3813e0d20b82ceda56d03589bb944f747dfe931396ed514fb6b36f72f98c26"
 		score = 60
 		quality = 83
@@ -272683,8 +273247,8 @@ rule SIGNATURE_BASE_EXT_SUSP_OBFUSC_Macos_Roothelper_Obfuscated : FILE
 		date = "2021-06-07"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/imp0rtp3/status/1401912205621202944"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_hktl_roothelper.yar#L2-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_hktl_roothelper.yar#L2-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2121de0409f3f8e4c4e079944efb605776e0475cadc25607eb888cc6461ecaf3"
 		score = 65
 		quality = 83
@@ -272725,8 +273289,8 @@ rule SIGNATURE_BASE_Turla_APT_Srsvc : TURLA FILE
 		date = "2016-06-09"
 		modified = "2023-12-05"
 		reference = "https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "76bd2aacde66114090d1c1767da64728219230964a0bc78a5d830819c46bac3a"
 		score = 75
 		quality = 85
@@ -272755,8 +273319,8 @@ rule SIGNATURE_BASE_Turla_APT_Malware_Gen1 : TURLA FILE
 		date = "2016-06-09"
 		modified = "2023-12-05"
 		reference = "https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla.yar#L33-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla.yar#L33-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3676d01d5e4044fd49292eb7b4376ff90f0a41141f89a19b13c5518b01257be3"
 		score = 75
 		quality = 85
@@ -272802,8 +273366,8 @@ rule SIGNATURE_BASE_RUAG_APT_Malware_Gen2 : FILE
 		date = "2016-06-09"
 		modified = "2023-01-06"
 		reference = "https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla.yar#L73-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla.yar#L73-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "62c65a5c85930dd2a928508401113ffba28bc6a07188d9bf5c68234bea10e1aa"
 		score = 90
 		quality = 85
@@ -272844,8 +273408,8 @@ rule SIGNATURE_BASE_Turla_APT_Malware_Gen3 : TURLA FILE
 		date = "2016-06-09"
 		modified = "2023-12-05"
 		reference = "https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla.yar#L110-L150"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla.yar#L110-L150"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8c24cf71841efc974c8a4d8eb5662137592c1d454821c9beadc50d83cb19333c"
 		score = 75
 		quality = 85
@@ -272893,8 +273457,8 @@ rule SIGNATURE_BASE_Turla_Mal_Script_Jan18_1 : FILE
 		date = "2018-01-19"
 		modified = "2023-12-05"
 		reference = "https://ghostbin.com/paste/jsph7"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla.yar#L152-L169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla.yar#L152-L169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2386abf8afdf8ed9cfd55cb3dcbb998eb732744c601fd9af701cf64c366a0e62"
 		score = 75
 		quality = 85
@@ -272922,8 +273486,8 @@ rule SIGNATURE_BASE_Turla_Kazuarrat : FILE
 		date = "2018-04-08"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DrunkBinary/status/982969891975319553"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla.yar#L173-L192"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla.yar#L173-L192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d7f15fe8e33a9e3516eab5c3c5664aeee25d1d153f01b888a50dd2accba432ca"
 		score = 75
 		quality = 85
@@ -272950,8 +273514,8 @@ rule SIGNATURE_BASE_MAL_Turla_Agent_BTZ : FILE
 		date = "2018-04-12"
 		modified = "2023-01-06"
 		reference = "https://www.gdatasoftware.com/blog/2014/11/23937-the-uroburos-case-new-sophisticated-rat-identified"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla.yar#L195-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla.yar#L195-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3a091d29ef5981b9ab9c0e4114fef9de70acbcbc8ea8518183a567459e1086fa"
 		score = 90
 		quality = 85
@@ -272986,8 +273550,8 @@ rule SIGNATURE_BASE_MAL_Turla_Sample_May18_1 : FILE
 		date = "2018-05-03"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/omri9741/status/991942007701598208"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla.yar#L228-L250"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla.yar#L228-L250"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f5bb26bc787acb89fe5a337121aabc0cd15ed3fd5cbe64ef4e7031e04dc14fb1"
 		score = 75
 		quality = 85
@@ -273019,8 +273583,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Turla_Apr20_1 : FILE
 		date = "2020-04-05"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/Int2e_/status/1246115636331319309"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla.yar#L252-L272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla.yar#L252-L272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d463f5a151bb0c3440d719b4c7c0d1ca34de1e0bed7fb9167ecf396607abd3ff"
 		score = 75
 		quality = 85
@@ -273048,8 +273612,8 @@ rule SIGNATURE_BASE_APT_MAL_Tinyturla_Sep21_1 : FILE
 		date = "2021-09-21"
 		modified = "2023-12-05"
 		reference = "https://blog.talosintelligence.com/2021/09/tinyturla.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla.yar#L275-L295"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla.yar#L275-L295"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ede598374bc4a8a870aa29498be4200b4a3d7b289dfcb680fb3f91108d212bca"
 		score = 75
 		quality = 85
@@ -273079,8 +273643,8 @@ rule SIGNATURE_BASE_Poisonivy_Generic_3 : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_poisonivy_gen3.yar#L2-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_poisonivy_gen3.yar#L2-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e1cbdf740785f97c93a0a7a01ef2614be792afcd"
 		logic_hash = "8116b07c00218a0e9784447f322455ff24ae754770b85db760b1c397e10e5695"
 		score = 75
@@ -273116,8 +273680,8 @@ rule SIGNATURE_BASE_Turla_Png_Dropper : FILE
 		date = "2018-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_png_dropper_nov18.yar#L3-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_png_dropper_nov18.yar#L3-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c859310660603d0748cf17daea0799af7684f2a9f77f729871eb57338fbfcca6"
 		score = 75
 		quality = 85
@@ -273171,8 +273735,8 @@ rule SIGNATURE_BASE_Turla_Png_Reg_Enum_Payload : FILE
 		date = "2018-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_png_dropper_nov18.yar#L51-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_png_dropper_nov18.yar#L51-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b01d0c3a26ce955570ed5607514906bd8860f36637957e39a15f74a7dbb1a1e6"
 		score = 75
 		quality = 85
@@ -273196,8 +273760,8 @@ rule SIGNATURE_BASE_VULN_Printerdriver_Privesc_CVE_2021_3438_Jul21 : FILE
 		date = "2021-07-20"
 		modified = "2023-12-05"
 		reference = "https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vul_cve_2021_3438_printdriver.yar#L4-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vul_cve_2021_3438_printdriver.yar#L4-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b58c2623c8fb84162c1c9390d0398639061ed5b1d4a8e007685e6fabe42bde54"
 		score = 70
 		quality = 85
@@ -273220,8 +273784,8 @@ rule SIGNATURE_BASE_Minirat_Gen_1 : FILE
 		date = "2018-01-22"
 		modified = "2023-12-05"
 		reference = "https://www.eff.org/deeplinks/2018/01/dark-caracal-good-news-and-bad-news"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_darkcaracal.yar#L12-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_darkcaracal.yar#L12-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "53c4ba16ae2c3eb3a6c7371e7fc8b962cfbee5b70abd8267294834eac3e55769"
 		score = 75
 		quality = 85
@@ -273249,8 +273813,8 @@ rule SIGNATURE_BASE_MAL_Fake_Document_Software_Indicators_Nov23 : FILE
 		date = "2023-11-13"
 		modified = "2024-04-24"
 		reference = "https://nochlab.blogspot.com/2023/09/net-in-javascript-fake-pdf-converter.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_fake_document_software.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_fake_document_software.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5f0a088bf672559fbac90313768d41b79be7f1f56c6ddb36f0dcd265a07f98b2"
 		score = 80
 		quality = 85
@@ -273278,8 +273842,8 @@ rule SIGNATURE_BASE_MAL_Malware_Imphash_Mar23_1 : HIGHVOL FILE
 		date = "2023-03-20"
 		modified = "2023-03-22"
 		reference = "https://yaraify.abuse.ch/statistics/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_imphash_detection.yar#L4-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_imphash_detection.yar#L4-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc"
 		hash = "0a25a78c6b9df52e55455f5d52bcb3816460001cae3307b05e76ac70193b0636"
 		hash = "d87a35decd0b81382e0c98f83c7f4bf25a2b25baac90c9dcff5b5a147e33bcc8"
@@ -273346,8 +273910,8 @@ rule SIGNATURE_BASE_HKTL_Imphashes_Aug22_1 : FILE
 		date = "2022-08-17"
 		modified = "2023-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_imphash_detection.yar#L93-L192"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_imphash_detection.yar#L93-L192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e76701b889138f9635cfe3a2f08710db3a6f0a3c3a15faa705ff0904d0566a1f"
 		score = 80
 		quality = 85
@@ -273366,8 +273930,8 @@ rule SIGNATURE_BASE_SUSP_Imphash_Mar23_2 : HIGHVOL FILE
 		date = "2023-03-23"
 		modified = "2023-11-25"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_imphash_detection.yar#L194-L295"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_imphash_detection.yar#L194-L295"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "12bf2795f4a140adbaa0af6ad4b2508d398d8ba69e9dadb155f800b10f7458c4"
 		hash = "14ec56489fbcc3c7f1ef9a4d4a80ff302a5e233cdc4429a29c635a88fb1278d6"
 		hash = "13731912823d6ce01c28a8d7d7f961505f461620bb35adbb409d4954ba1f4b8e"
@@ -273417,8 +273981,8 @@ rule SIGNATURE_BASE_SUSP_Imphash_Mar23_3 : FILE
 		date = "2023-03-23"
 		modified = "2025-08-15"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_imphash_detection.yar#L297-L329"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_imphash_detection.yar#L297-L329"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b5296cf0eb22fba6e2f68d0c9de9ef7845f330f7c611a0d60007aa87e270c62a"
 		hash = "5a5a5f71c2270cea036cd408cde99f4ebf5e04a751c558650f5cb23279babe6d"
 		hash = "481b0d9759bfd209251eccb1848048ebbe7bd2c87c5914a894a5bffc0d1d67ff"
@@ -273447,8 +274011,8 @@ rule SIGNATURE_BASE_APT_NK_Lazarus_RC4_Loop : FILE
 		date = "2020-06-10"
 		modified = "2023-12-05"
 		reference = "https://labs.f-secure.com/publications/ti-report-lazarus-group-cryptocurrency-vertical"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_aug20.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_aug20.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b0e96bfff924a0c9b39e1ab03097ae0790743417d9da70917d64bc238905971e"
 		score = 75
 		quality = 85
@@ -273471,8 +274035,8 @@ rule SIGNATURE_BASE_APT_NK_Lazarus_Network_Backdoor_Unpacked : FILE
 		date = "2020-06-10"
 		modified = "2023-12-05"
 		reference = "https://labs.f-secure.com/publications/ti-report-lazarus-group-cryptocurrency-vertical"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_aug20.yar#L17-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_aug20.yar#L17-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bfc3cf400eeea332e2e44b65f9728e94af0adde76b32ed4be527b25484f80745"
 		score = 75
 		quality = 75
@@ -273502,8 +274066,8 @@ rule SIGNATURE_BASE_Hvs_APT37_Smb_Scanner : FILE
 		date = "2020-12-15"
 		modified = "2023-12-05"
 		reference = "https://www.hybrid-analysis.com/sample/d16163526242508d6961f061aaffe3ae5321bd64d8ceb6b2788f1570757595fc?environmentId=2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_dec20.yar#L2-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_dec20.yar#L2-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0bea71db7052f1c22c01cfbf710d4ed24651cbbd8b0fd29f09dfd49c4e314028"
 		score = 75
 		quality = 85
@@ -273539,8 +274103,8 @@ rule SIGNATURE_BASE_Hvs_APT37_Cred_Tool : FILE
 		date = "2020-12-15"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_dec20.yar#L31-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_dec20.yar#L31-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4fb7247b88f2d252e7c9d5034c209945bc9e17f49de3dcdb5bf50b5afb302987"
 		score = 75
 		quality = 85
@@ -273570,8 +274134,8 @@ rule SIGNATURE_BASE_Hvs_APT37_RAT_Loader
 		date = "2020-12-15"
 		modified = "2023-12-05"
 		reference = "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_dec20.yar#L52-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_dec20.yar#L52-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b70e66d387e42f5f04b69b9eb15306036702ab8a50b16f5403289b5388292db9"
 		logic_hash = "241f2683adc29e8aca30ae24278f3703fef0fed6b276dae488fdb32c167af1c9"
 		score = 75
@@ -273591,8 +274155,8 @@ rule SIGNATURE_BASE_Hvs_APT37_Webshell_Img_Thumbs_Asp : FILE
 		date = "2020-12-15"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_dec20.yar#L68-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_dec20.yar#L68-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "94d2448d3794ae3f29678a7337473d259b5cfd1c7f703fe53ee6c84dd10a48ef"
 		logic_hash = "58ccee11c08330c8cd4148e623a2e59e024d6d5f3067331dbdd962d0f6a8daa4"
 		score = 75
@@ -273627,8 +274191,8 @@ rule SIGNATURE_BASE_Hvs_APT37_Webshell_Template_Query_Asp : FILE
 		date = "2020-12-15"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_dec20.yar#L97-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_dec20.yar#L97-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "961a66d01c86fa5982e0538215b17fb9fae2991331dfea812b8c031e2ceb0d90"
 		logic_hash = "d8bd017e9103bddb0b8a86effa8a4b0617b54bd643bcc36b6f678a3e60f8559f"
 		score = 75
@@ -273659,8 +274223,8 @@ rule SIGNATURE_BASE_Hvs_APT37_Webshell_Controllers_Asp : FILE
 		date = "2020-12-15"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_dec20.yar#L140-L218"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_dec20.yar#L140-L218"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "829462fc6d84aae04a962dfc919d0a392265fbf255eab399980d2b021e385517"
 		logic_hash = "a6e53e99f7500683d3b62a7630cecb53ee6c13b335cbf9912366675db964aefe"
 		score = 75
@@ -273748,8 +274312,8 @@ rule SIGNATURE_BASE_Golddragon_Malware_Feb18_1 : FILE
 		date = "2018-02-03"
 		modified = "2023-12-05"
 		reference = "https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_golddragon.yar#L13-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_golddragon.yar#L13-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "873cf7aa18027615fe8c44140879811254229a238f7d426144fb7c1a6e07ea74"
 		score = 90
 		quality = 85
@@ -273768,8 +274332,8 @@ rule SIGNATURE_BASE_Golddragon_Aux_File : FILE
 		date = "2018-02-03"
 		modified = "2023-12-05"
 		reference = "https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_golddragon.yar#L31-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_golddragon.yar#L31-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4c5eb04cdafe3a69e584c64b833d8c6d21890660e92cc050bb29798dbcdf5326"
 		score = 90
 		quality = 85
@@ -273792,8 +274356,8 @@ rule SIGNATURE_BASE_Golddragon_Ghost419_RAT : FILE
 		date = "2018-02-03"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/rW1yvZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_golddragon.yar#L46-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_golddragon.yar#L46-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b953c5e21c332add4ff3b8fef9d623904eb929b0e7fc86e6c7109cd81bc3819b"
 		score = 75
 		quality = 85
@@ -273838,8 +274402,8 @@ rule SIGNATURE_BASE_Golddragon_Runningrat : FILE
 		date = "2018-02-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/rW1yvZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_golddragon.yar#L88-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_golddragon.yar#L88-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "02b0ac613bb01cb5bbe947661880070790bbb7c6ba9925e70bc200df34747a0b"
 		score = 75
 		quality = 85
@@ -273881,8 +274445,8 @@ rule SIGNATURE_BASE_Golddragon_Runnignrat : FILE
 		date = "2018-02-03"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/rW1yvZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_golddragon.yar#L130-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_golddragon.yar#L130-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5bcc2ebbd54c31cf418430149eb558e8e26355161d0b53f403e7dfd2e1707baa"
 		score = 75
 		quality = 85
@@ -273913,8 +274477,8 @@ rule SIGNATURE_BASE_Rtf_Cve2017_11882_Ole : MALICIOUS EXPLOIT CVE_2017_11882
 		date = "2025-06-03"
 		modified = "2025-06-03"
 		reference = "https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2017_11882.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2017_11882.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "51cf2a6c0c1a29abca9fd13cb22421da"
 		logic_hash = "6856d3c78cc06899d2bc1f876dce6b718513ebad80f37d7b5914a14d1da5064c"
 		score = 60
@@ -273938,8 +274502,8 @@ rule SIGNATURE_BASE_Rtf_Cve2017_11882 : MALICIOUS EXPLOIT CVE_2017_1182
 		date = "2025-06-03"
 		modified = "2025-06-03"
 		reference = "https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2017_11882.yar#L20-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2017_11882.yar#L20-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "51cf2a6c0c1a29abca9fd13cb22421da"
 		logic_hash = "37a65f086d393aae3dc88b3dd2520fff6e96b92fd6ae1be0a110f4eb826ae12d"
 		score = 60
@@ -273967,11 +274531,11 @@ rule SIGNATURE_BASE_Packager_Cve2017_11882 : CVE_2017_11882 FILE
 		date = "2025-06-03"
 		modified = "2025-06-03"
 		reference = "https://github.com/rxwx/CVE-2017-11882/blob/master/packager_exec_CVE-2017-11882.py"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2017_11882.yar#L41-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2017_11882.yar#L41-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "94e0c70e8140bb7fa3d184447617b534a8b9a24cdad535e6818be9662f0b9144"
 		score = 60
-		quality = 54
+		quality = 79
 		tags = "CVE-2017-11882, FILE"
 
 	strings:
@@ -273992,8 +274556,8 @@ rule SIGNATURE_BASE_CVE_2017_11882_RTF : CVE_2017_11882 FILE
 		date = "2018-02-13"
 		modified = "2025-06-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2017_11882.yar#L58-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2017_11882.yar#L58-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "729fa8215a24990371369158d4582cc0ba9387eb0e7221860bf7216046c447cb"
 		score = 60
 		quality = 85
@@ -274021,8 +274585,8 @@ rule SIGNATURE_BASE_EXP_Potential_CVE_2017_11882 : FILE
 		date = "2025-06-03"
 		modified = "2025-06-03"
 		reference = "https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobalt-strike-payload-exploiting-cve-2017-11882.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2017_11882.yar#L82-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2017_11882.yar#L82-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a6e91e5b9807c94d32bac8a21c2c009320d16830155aae129a7fc2c67d393141"
 		score = 75
 		quality = 60
@@ -274056,8 +274620,8 @@ rule SIGNATURE_BASE_Crime_Win32_Ransom_Maze_Dll_1 : FILE
 		date = "2020-04-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1251388507219726338"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_maze_ransomware.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_maze_ransomware.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5b76636c05141687fa5cc507ac67d6a5d1f6c89166fd302e94fe61b412451159"
 		score = 75
 		quality = 85
@@ -274082,8 +274646,8 @@ rule SIGNATURE_BASE_Woolengoldfish_Sample_1
 		date = "2015-03-25"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/NpJpVZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_woolengoldfish.yar#L13-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_woolengoldfish.yar#L13-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7ad0eb113bc575363a058f4bf21dbab8c8f7073a"
 		logic_hash = "9490715a2fc7d3c742771a8211bcfb4c0a0bafba4d5de8eee5825fdabaded6af"
 		score = 60
@@ -274107,8 +274671,8 @@ rule SIGNATURE_BASE_Woolengoldfish_Generic_1
 		date = "2015-03-25"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/NpJpVZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_woolengoldfish.yar#L30-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_woolengoldfish.yar#L30-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "79879be4f49c8830573eb4a9f958ef9060413ea8b5dd3f8f3d5816e146d3a0b7"
 		score = 90
 		quality = 85
@@ -274145,8 +274709,8 @@ rule SIGNATURE_BASE_Woolengoldfish_Generic_2
 		date = "2015-03-25"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/NpJpVZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_woolengoldfish.yar#L62-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_woolengoldfish.yar#L62-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "25d2ea25543b0a6330e443333f1ac7a59874631c8ee7faeb4ea6d94c62c255fc"
 		score = 90
 		quality = 85
@@ -274172,8 +274736,8 @@ rule SIGNATURE_BASE_Woolengoldfish_Generic_3
 		date = "2015-03-25"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/NpJpVZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_woolengoldfish.yar#L81-L111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_woolengoldfish.yar#L81-L111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ac51c25ad6ef6668238fef1de50517d48e6509f57cd6dd723595777ae16d8a6c"
 		score = 90
 		quality = 83
@@ -274210,12 +274774,12 @@ rule SIGNATURE_BASE_OSX_Backdoor_Evilosx : FILE
 		date = "2018-02-23"
 		modified = "2023-12-05"
 		reference = "https://github.com/Marten4n6/EvilOSX, https://twitter.com/JohnLaTwC/status/966139336436498432"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_osx_evilosx.yar#L1-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_osx_evilosx.yar#L1-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "89e5b8208daf85f549d9b7df8e2a062e47f15a5b08462a4224f73c0a6223972a"
 		logic_hash = "393abf7cf74f8d079049cf8f0bdb3a79bf16185c80c43b823e19b67a9031aef6"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -274239,8 +274803,8 @@ rule SIGNATURE_BASE_APT_Nazar_Svchost_Commands
 		date = "2020-04-26"
 		modified = "2023-12-05"
 		reference = "https://www.epicturla.com/blog/the-lost-nazar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nazar.yar#L1-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nazar.yar#L1-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c71e8a3b2d69c51ed3f822f62b90906fc0a21d32f1f1850cdef71c335964f9b1"
 		score = 75
 		quality = 85
@@ -274267,8 +274831,8 @@ rule SIGNATURE_BASE_Cobaltstrike_Resources_Beacon_Dll_V3_8_1
 		date = "2022-11-18"
 		modified = "2023-12-05"
 		reference = "https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_gcti_cobaltstrike.yar#L1020-L1061"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_gcti_cobaltstrike.yar#L1020-L1061"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "67b6557f614af118a4c409c992c0d9a0cc800025f77861ecf1f3bbc7c293d603"
 		logic_hash = "cde078a6ae7d0d835900e85498cf5ae20663ba8d5d3f912810e157261561e16a"
 		score = 75
@@ -274295,8 +274859,8 @@ rule SIGNATURE_BASE_LOG_Teamviewer_Connect_Chinese_Keyboard_Layout
 		date = "2019-10-12"
 		modified = "2020-12-16"
 		reference = "https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/default-input-locales-for-windows-language-packs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/log_teamviewer_keyboard_layouts.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/log_teamviewer_keyboard_layouts.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ba3bc7cbdfc5a47f6bc4cd9049c52eb95d25465af107ae3d068ef785b714279a"
 		score = 60
 		quality = 85
@@ -274321,8 +274885,8 @@ rule SIGNATURE_BASE_LOG_Teamviewer_Connect_Russian_Keyboard_Layout
 		date = "2019-10-12"
 		modified = "2022-12-07"
 		reference = "https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/default-input-locales-for-windows-language-packs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/log_teamviewer_keyboard_layouts.yar#L23-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/log_teamviewer_keyboard_layouts.yar#L23-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9de52ec41fb410fcff50d49eb7871eadd07b520c3cfa089e1eeecc580e610eaa"
 		score = 60
 		quality = 85
@@ -274345,8 +274909,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Wmiexec : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L32-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L32-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1ac78768ae230aa00f392f7a7886589b14814e9c7379528d2ecd218852086ee4"
 		score = 75
 		quality = 85
@@ -274371,8 +274935,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Sniffer : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L49-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L49-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "77f4a7cdfced27ea342fe0fe6debebb720b7494b3f352465ab2fd92f2b7178ab"
 		score = 75
 		quality = 85
@@ -274396,8 +274960,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Mmcexec : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L65-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L65-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1aee75155ed3d868f576d7d650f0791ac54e351851f7bfb65390b4ae5c4c83b9"
 		score = 75
 		quality = 85
@@ -274421,8 +274985,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Ifmap : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L81-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L81-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bbe875e03434c040da914e81ec5ef691ba8fd02607631e118d958819d0e94ff5"
 		score = 75
 		quality = 85
@@ -274446,8 +275010,8 @@ rule SIGNATURE_BASE_Karmasmb : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L97-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L97-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "94322dda799bcb25caeb7f9e526bcc14c6dfd9247080b4bb79dcd7b340fcb36c"
 		score = 75
 		quality = 85
@@ -274470,8 +275034,8 @@ rule SIGNATURE_BASE_Samrdump : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L112-L126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L112-L126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6bc0a4d9f9bd0d72e7f2ce4b0f8608296e6f2db14fd3a1740e0eebfe35629018"
 		score = 75
 		quality = 85
@@ -274495,8 +275059,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Rpcdump : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L128-L142"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L128-L142"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cf0a64391ef0a5d3f87996fb3e4f152a3ff4938356b96f840aa3f4f4f30aaa97"
 		score = 75
 		quality = 85
@@ -274520,8 +275084,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Secretsdump : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L144-L158"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L144-L158"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "462748d60764c6fbaeede48b5a98cb68f61cf695f976bf6db94cb497be48fcb2"
 		score = 75
 		quality = 85
@@ -274545,8 +275109,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Esentutl : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L160-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L160-L174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e972ad610df65309f4e5996ad0b537670b944f43b810fda5a890ea995193a97a"
 		score = 75
 		quality = 85
@@ -274570,8 +275134,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Opdump : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L176-L190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L176-L190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "18b772e19fd61d77f3a671ee097e0f032738a73a360f4cfe79df4eb6377e12b1"
 		score = 75
 		quality = 85
@@ -274595,8 +275159,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Sniff : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L192-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L192-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b317e23d1f76cec4d5b14cb95d463ec410551052b30f1d2d5f52a441104108c0"
 		score = 75
 		quality = 85
@@ -274620,8 +275184,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Smbexec : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L208-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L208-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0f424dd5cc525ef0bd9671c4c1b8da0a1ff9eb79056cc081c1ebe7c9bf75fee6"
 		score = 75
 		quality = 85
@@ -274645,8 +275209,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Goldenpac : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L224-L239"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L224-L239"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0c764083a699204819f9ff6e2664a50d467447d0fff040ef32a8e28cc678b3cd"
 		score = 75
 		quality = 85
@@ -274671,8 +275235,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Netview : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L241-L256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L241-L256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e0beb6235838b4e8a1312ba53c539c6c3d732ba13a0190c654dcf7ec4389e364"
 		score = 75
 		quality = 85
@@ -274697,8 +275261,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Smbtorture : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L258-L272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L258-L272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "63cbd6511c5498b39fa5efadb8fe0caeeaa8d4c2afe534a0169ea38f205a9cba"
 		score = 75
 		quality = 85
@@ -274722,8 +275286,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Mimikatz : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L274-L289"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L274-L289"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0dce4086887877aa77063dfa3c69d7a17cfa0815c4ca417144d3bbb6ebe68650"
 		score = 75
 		quality = 85
@@ -274748,8 +275312,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Smbrelayx : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L291-L307"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L291-L307"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2afcede9d9f5af102c68e705f29242bc3a56485e79c0acfc347a4ea7f823dfda"
 		score = 75
 		quality = 85
@@ -274775,8 +275339,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Wmipersist : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L309-L323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L309-L323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "df0dfaed264e0acc57f74e40addcaf52f6d8e832524eb638b682a358c81da83f"
 		score = 75
 		quality = 85
@@ -274800,8 +275364,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Lookupsid : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L325-L339"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L325-L339"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "629ddd49377017d6ea2aac9665b21dfdf9a50c917bf915ea892faafd841bf817"
 		score = 75
 		quality = 85
@@ -274825,8 +275389,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Wmiquery : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L341-L355"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L341-L355"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa237b5c1b4881804c33152a1ce9f3a571b506178fde455a8dd9f92af68c5610"
 		score = 75
 		quality = 85
@@ -274850,8 +275414,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Atexec : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L357-L373"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L357-L373"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e9537a67e17fb980505aead84b15c7dc8a2f3f1e9a4088edd8b313f1b7a9675d"
 		score = 75
 		quality = 85
@@ -274877,8 +275441,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Psexec : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L375-L390"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L375-L390"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "922b2adec9c73d36343c0182f72f5a325c93c051a22e3f80236f942287d0738b"
 		score = 75
 		quality = 85
@@ -274903,8 +275467,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Generic_1 : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L392-L427"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L392-L427"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a66953ca6a99a7880d757a754bb3010aa394de73292975a3741ec5cf1f20385d"
 		score = 75
 		quality = 85
@@ -274949,8 +275513,8 @@ rule SIGNATURE_BASE_Impacket_Lateral_Movement : FILE
 		date = "2018-03-22"
 		modified = "2025-03-29"
 		reference = "https://github.com/CoreSecurity/impacket"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_impacket_tools.yar#L429-L447"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_impacket_tools.yar#L429-L447"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6628c27474d5235d5b510a55215762980a5b526b353b740344cb669e8e023e3c"
 		score = 60
 		quality = 85
@@ -274977,8 +275541,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Pipe_Backdoor : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron.yara#L4-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron.yara#L4-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "72f6c6fa65f15e4bab18a0f9d5b5b2f571b21d70c7ff306020784ce604a2e0a5"
 		score = 75
 		quality = 85
@@ -275005,8 +275569,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_LSA : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron.yara#L23-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron.yara#L23-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aaeee77b596e304836e23241fdc602d0ffed3379b386724210859c84033ac2b5"
 		score = 75
 		quality = 60
@@ -275035,8 +275599,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_SSPI : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron.yara#L49-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron.yara#L49-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "99d7444ffc45076e97ac3f5c9909ae26a927bbdcfef274d12d162c59e8113d65"
 		score = 75
 		quality = 60
@@ -275055,8 +275619,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Mytrampoline : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron.yara#L65-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron.yara#L65-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0bd98815fbf6e82cf477e4f4f98360a4c132b2b21e2e5991f6c10903bd4df52b"
 		score = 75
 		quality = 85
@@ -275083,8 +275647,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_Container : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron.yara#L85-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron.yara#L85-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9b36f2f1161fd2ff856db520efca8648892656b7a2587dce1a7445af4fbba013"
 		score = 75
 		quality = 60
@@ -275107,8 +275671,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Encryption : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron.yara#L105-L123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron.yara#L105-L123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ae3a681b0cf9ed93d25fa35982daab48c460ba9737eb643ba28a972ea3a7b401"
 		score = 75
 		quality = 85
@@ -275132,8 +275696,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Generic_Pipe_Backdoor : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron.yara#L125-L144"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron.yara#L125-L144"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ec8a311ec1bd98532c278f72c77e58edb5890db940046dfcd14adf1495e9de1e"
 		score = 75
 		quality = 83
@@ -275159,12 +275723,12 @@ rule SIGNATURE_BASE_Persistence_Agent_Macos : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://ghostbin.com/paste/mz5nf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_osx_pyagent_persistence.yar#L1-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_osx_pyagent_persistence.yar#L1-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4288a81779a492b5b02bad6e90b2fa6212fa5f8ee87cc5ec9286ab523fc02446 cec7be2126d388707907b4f9d681121fd1e3ca9f828c029b02340ab1331a5524 e1cf136be50c4486ae8f5e408af80b90229f3027511b4beed69495a042af95be"
 		logic_hash = "2613fcb32cbdbb24df6c48fcb5d16549783e50246d2cdb8c473375644dd88254"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = "FILE"
 
 	strings:
@@ -275192,8 +275756,8 @@ rule SIGNATURE_BASE_MAL_WIPER_Caddywiper_Mar22_1 : FILE
 		date = "2022-03-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ESETresearch/status/1503436420886712321?s=20&t=xh8JK6fEmRIrnqO7Ih_PNg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ua_caddywiper.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ua_caddywiper.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0d0278596010953e7068979c92a33dc0ace1bfa94979077412128d1ca756f834"
 		score = 85
 		quality = 85
@@ -275221,8 +275785,8 @@ rule SIGNATURE_BASE_CN_Honker_MAC_IPMAC : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "24d55b6bec5c9fff4cd6f345bacac7abadce1611"
 		logic_hash = "395dfb840346bbf3f68fa198e76349cf65c703b28fd168b85d846d07df1845fe"
 		score = 70
@@ -275247,8 +275811,8 @@ rule SIGNATURE_BASE_CN_Honker_Getsyskey : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L28-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L28-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "17cec5e75cda434d0a1bc8cdd5aa268b42633fe9"
 		logic_hash = "1f12ea9d62d4aaf695328fb335445f3dae3996595402586d2ee52098e6727d10"
 		score = 70
@@ -275272,8 +275836,8 @@ rule SIGNATURE_BASE_CN_Honker_Churrasco : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L45-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L45-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5a3c935d82a5ff0546eff51bb2ef21c88198f5b8"
 		logic_hash = "f60589bda76367578388cbe6af912c80c9364a7047ed52ca2b4156a1b277e7ca"
 		score = 70
@@ -275301,8 +275865,8 @@ rule SIGNATURE_BASE_CN_Honker_Mysql_Injectv1_1_Creak : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L66-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L66-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a1f066789f48a76023598c5777752c15f91b76b0"
 		logic_hash = "f61557216a7e90ff9655ad8aea4a9adf0e4435c7a3f7958423e46fd2265bad07"
 		score = 70
@@ -275326,8 +275890,8 @@ rule SIGNATURE_BASE_CN_Honker_ASP_Wshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L83-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L83-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3ae33c835e7ea6d9df74fe99fcf1e2fb9490c978"
 		logic_hash = "f6f83acb76248a1b00f1acac621e68888c93b34d4813d8f8613d5d9095c53a8a"
 		score = 70
@@ -275353,8 +275917,8 @@ rule SIGNATURE_BASE_CN_Honker_Exp_Iis7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L102-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L102-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0a173c5ece2fd4ac8ecf9510e48e95f43ab68978"
 		logic_hash = "91ceec96297e5cc027e261fd708899787b9be4ac15e209e0734a3b8563ae31b5"
 		score = 70
@@ -275380,8 +275944,8 @@ rule SIGNATURE_BASE_CN_Honker_Segmentweapon : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L121-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L121-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "494ef20067a7ce2cc95260e4abc16fcfa7177fdf"
 		logic_hash = "9afb70a3ae158b7abbda6725b8c9901121b78fa0e874db12b4ac08bf59b26fb5"
 		score = 70
@@ -275405,8 +275969,8 @@ rule SIGNATURE_BASE_CN_Honker_Alien_Iispwd : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L138-L153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L138-L153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5d157a1b9644adbe0b28c37d4022d88a9f58cedb"
 		logic_hash = "16dc6ec4b668fdc43e3a9a8ea31ad0caa1a80b1015ab60eec0eb76bfacd69c5f"
 		score = 70
@@ -275430,8 +275994,8 @@ rule SIGNATURE_BASE_CN_Honker_Md5Cracktools : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L155-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L155-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9dfd9c9923ae6f6fe4cbfa9eb69688269285939c"
 		logic_hash = "a176393c0324bcc634a31c261aa6b528fb5a5893c40a5534b34253a1922c8285"
 		score = 70
@@ -275455,8 +276019,8 @@ rule SIGNATURE_BASE_CN_Honker_Coolscan_Scan : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L172-L187"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L172-L187"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e1c5fb6b9f4e92c4264c7bea7f5fba9a5335c328"
 		logic_hash = "89c7d24d821e907f79ab5630eed13275c5216cff6bf203b5c8f66bb1a178039b"
 		score = 70
@@ -275480,8 +276044,8 @@ rule SIGNATURE_BASE_CN_Honker_Mempodipper2_6 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L189-L203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L189-L203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ba2c79911fe48660898039591e1742b3f1a9e923"
 		logic_hash = "1a2c42757199818b94a73b9faff3380911655992ef3214a33a220eac15850c4b"
 		score = 70
@@ -275504,8 +276068,8 @@ rule SIGNATURE_BASE_CN_Honker_COOKIE_Cookie : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L205-L220"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L205-L220"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f7727160257e0e716e9f0cf9cdf9a87caa986cde"
 		logic_hash = "6d942e53a253cb157e535f86ca457c93a6039b2c5ebb3969dc3e271242b478d4"
 		score = 70
@@ -275529,8 +276093,8 @@ rule SIGNATURE_BASE_CN_Honker_Wwwscan_1_Wwwscan : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L222-L237"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L222-L237"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6bed45629c5e54986f2d27cbfc53464108911026"
 		logic_hash = "7b0b6bbcba49c8f950ea3cf5a364059ba784c87a41eba6d825a9ca4e3a07bfbc"
 		score = 70
@@ -275554,8 +276118,8 @@ rule SIGNATURE_BASE_CN_Honker_D_Injection_V2_32 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L239-L254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L239-L254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3a000b976c79585f62f40f7999ef9bdd326a9513"
 		logic_hash = "0107903a481b09faa92a5fbb162fd981f976ed864be3a0840b43063461e20974"
 		score = 70
@@ -275579,8 +276143,8 @@ rule SIGNATURE_BASE_CN_Honker_Net_Priv_Esc2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L256-L271"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L256-L271"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4851e0088ad38ac5b3b1c75302a73698437f7f17"
 		logic_hash = "53cf3d984bc82428eb0a6ee416bcd5429718a1d615ce1c1ba399cda42268d26c"
 		score = 70
@@ -275604,8 +276168,8 @@ rule SIGNATURE_BASE_CN_Honker_Oracle_V1_0_Oracle : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L273-L289"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L273-L289"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0264f4efdba09eaf1e681220ba96de8498ab3580"
 		logic_hash = "6f1bb6b14445a9ca29768ab2dcf831a98cb5d153d03ebc4bc497bb8f8144a365"
 		score = 70
@@ -275630,8 +276194,8 @@ rule SIGNATURE_BASE_CN_Honker_Interception : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L291-L306"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L291-L306"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ea813aed322e210ea6ae42b73b1250408bf40e7a"
 		logic_hash = "d1ae5f8ff21659b95f6e62b1d5e3ec15b122a2b5889e8984f3d9f6d2fa938d17"
 		score = 70
@@ -275655,8 +276219,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_Dubrute_V3_0_RC3_3_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L308-L324"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L308-L324"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "49b311add0940cf183e3c7f3a41ea6e516bf8992"
 		logic_hash = "6d2f6721c942332af1be0b6537e9b9d0b5b3e91eb3912dcd095aa18bccfc4ad5"
 		score = 70
@@ -275681,8 +276245,8 @@ rule SIGNATURE_BASE_CN_Honker_Windows_Exp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L326-L341"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L326-L341"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "04334c396b165db6e18e9b76094991d681e6c993"
 		logic_hash = "6a146545fd12e7603bf1e2ccb9b2d308b13fe2acdb9248a79c80b6c1de37fd73"
 		score = 70
@@ -275706,8 +276270,8 @@ rule SIGNATURE_BASE_CN_Honker_Safe3Wvs_Cgiscan : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L343-L358"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L343-L358"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f94bbf2034ad9afa43cca3e3a20f142e0bb54d75"
 		logic_hash = "990dcede3bb83216af7e72e2a49bc2355ebd45ebd3fc658ba337a285dcdf799f"
 		score = 70
@@ -275731,8 +276295,8 @@ rule SIGNATURE_BASE_CN_Honker_Pr_Debug : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L360-L375"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L360-L375"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d11e6c6f675b3be86e37e50184dadf0081506a89"
 		logic_hash = "0b7508e3a508adc9416f16549290e06468520c156dbd5192e5a352820586af9f"
 		score = 70
@@ -275756,8 +276320,8 @@ rule SIGNATURE_BASE_CN_Honker_T00Ls_Lpk_Sethc_V4_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L377-L392"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L377-L392"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "98f21f72c761e504814f0a7db835a24a2413a6c2"
 		logic_hash = "bd6f9b6e831573164fddf7f0188087eb0076410b77c9c06cfacadebe6a53b525"
 		score = 70
@@ -275781,8 +276345,8 @@ rule SIGNATURE_BASE_CN_Honker_Matrixay1073 : FILE
 		date = "2015-06-23"
 		modified = "2023-01-27"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L394-L412"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L394-L412"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fef951e47524f827c7698f4508ba9551359578a5"
 		logic_hash = "e64cae48344e5dae8ec80b2897305a0b380340bdd2973eb0828582f18ef8bf2b"
 		score = 70
@@ -275808,8 +276372,8 @@ rule SIGNATURE_BASE_CN_Honker_Sword1_5 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L414-L431"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L414-L431"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "96ee5c98e982aa8ed92cb4cedb85c7fda873740f"
 		logic_hash = "0f7630b2ec983df2a065b049000cef6de38f884254748a342b2fd84d8c5985af"
 		score = 70
@@ -275835,8 +276399,8 @@ rule SIGNATURE_BASE_CN_Honker_Havij_Havij : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L433-L448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L433-L448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0d8b275bd1856bc6563dd731956f3b312e1533cd"
 		logic_hash = "e8aff3e1e536cd35b10bdaab4818542bce284e7ed3aa7ef1920763669faf4c8a"
 		score = 70
@@ -275860,8 +276424,8 @@ rule SIGNATURE_BASE_CN_Honker_Exp_Ms11011 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L450-L468"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L450-L468"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5ad7a4962acbb6b0e3b73d77385eb91feb88b386"
 		logic_hash = "f92d71f163a49a158d85b821d71fd17e84e0d3deb19515ae0cf6a063a05c027b"
 		score = 70
@@ -275888,8 +276452,8 @@ rule SIGNATURE_BASE_CN_Honker_DLL_Passive_Privilege_Escalation_Ws2Help : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L470-L485"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L470-L485"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e539b799c18d519efae6343cff362dcfd8f57f69"
 		logic_hash = "e13f33e48d5c1aeaef6c50287f74e03fb7b65667d597768d448e76f5a375b34f"
 		score = 70
@@ -275913,8 +276477,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L487-L503"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L487-L503"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c85bd09d241c2a75b4e4301091aa11ddd5ad6d59"
 		logic_hash = "d48a10313afcb5a2084229937703bbc11958a5cd11f8f27fbc8dae15ddfd5ed1"
 		score = 70
@@ -275939,8 +276503,8 @@ rule SIGNATURE_BASE_CN_Honker_Aspxclient : FILE
 		date = "2015-06-23"
 		modified = "2022-12-21"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L505-L523"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L505-L523"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "67569a89128f503a459eab3daa2032261507f2d2"
 		logic_hash = "4d0a93434673952fed38e384db526275b9eb32bac9a207c91f792d4d113c40f1"
 		score = 70
@@ -275966,8 +276530,8 @@ rule SIGNATURE_BASE_CN_Honker_Fckeditor : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L525-L540"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L525-L540"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4b16ae12c204f64265acef872526b27111b68820"
 		logic_hash = "0fd231fc81b2b7b5647a8016774f35751ac68646856a15c17ce4d2c07eaf1761"
 		score = 70
@@ -275991,8 +276555,8 @@ rule SIGNATURE_BASE_CN_Honker_Codeeer_Explorer : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L542-L557"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L542-L557"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f32e05f3fefbaa2791dd750e4a3812581ce0f205"
 		logic_hash = "299d0181beb5032dcb327516a7526d6131e2212623ffa9e592f54f80473b098d"
 		score = 70
@@ -276016,8 +276580,8 @@ rule SIGNATURE_BASE_CN_Honker_Swordhonkeredition : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L559-L575"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L559-L575"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3f9479151c2cada04febea45c2edcf5cece1df6c"
 		logic_hash = "cc18e68f7c3eff69a75333f3b605c89b024c6763f7b97e0ce20ce14bfe28df0d"
 		score = 70
@@ -276042,8 +276606,8 @@ rule SIGNATURE_BASE_CN_Honker_HASH_Pwdump7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L577-L594"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L577-L594"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "93a2d7c3a9b83371d96a575c15fe6fce6f9d50d3"
 		logic_hash = "05f735ba3f377f71ccf3a97b3597cee7b9f36213ee2ebba19db69667529d9fac"
 		score = 70
@@ -276069,8 +276633,8 @@ rule SIGNATURE_BASE_CN_Honker_Chinachopper : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L596-L612"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L596-L612"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fa347fdb23ab0b8d0560a0d20c434549d78e99b5"
 		logic_hash = "e5e6a8a17592e7c82af830153905a52f8202a65c8e2f4b09dbebb19d04e2f8d7"
 		score = 70
@@ -276095,8 +276659,8 @@ rule SIGNATURE_BASE_CN_Honker_Dedecms5_7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L614-L629"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L614-L629"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f9cbb25883828ca266e32ff4faf62f5a9f92c5fb"
 		logic_hash = "57ff887906d3c5e7eafc900581eea7432c7a18364b0061d0e4deba0229663c65"
 		score = 70
@@ -276120,8 +276684,8 @@ rule SIGNATURE_BASE_CN_Honker_Alien_Ee : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L631-L646"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L631-L646"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "15a7211154ee7aca29529bd5c2500e0d33d7f0b3"
 		logic_hash = "1f40f6c53e13aeb6b44c58f6e048a35cf3fd9fb956f26d70b3fe91bcac340ab5"
 		score = 70
@@ -276145,8 +276709,8 @@ rule SIGNATURE_BASE_CN_Honker_Smsniff_Smsniff : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L648-L663"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L648-L663"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8667a785a8ced76d0284d225be230b5f1546f140"
 		logic_hash = "6949f992d4734f18d9caffe83f2abccca0e0decef4169954518eed078d39e561"
 		score = 70
@@ -276170,8 +276734,8 @@ rule SIGNATURE_BASE_CN_Honker_Happy_Happy : FILE
 		date = "2015-06-23"
 		modified = "2023-01-27"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L665-L683"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L665-L683"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "92067d8dad33177b5d6c853d4d0e897f2ee846b0"
 		logic_hash = "667cd6629ca49f2200fdc0a5eb28c77c412ca25313fd9a8afb77dedfa66d2fa1"
 		score = 70
@@ -276197,8 +276761,8 @@ rule SIGNATURE_BASE_CN_Honker_T00Ls_Lpk_Sethc_V3_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L685-L701"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L685-L701"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fa47c4affbac01ba5606c4862fdb77233c1ef656"
 		logic_hash = "fa65de4a135072f4d9a5d5711a4e2833b9d4a268a2a37c33d17e4546d172b6f1"
 		score = 70
@@ -276223,8 +276787,8 @@ rule SIGNATURE_BASE_CN_Honker_Netfuke_Netfuke : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L703-L718"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L703-L718"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f89e223fd4f6f5a3c2a2ea225660ef0957fc07ba"
 		logic_hash = "86f6040b743b17fb300498b02a202d1a9090054a30d490f082b116d799c4bdb2"
 		score = 70
@@ -276248,8 +276812,8 @@ rule SIGNATURE_BASE_CN_Honker_Manualinjection : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L720-L735"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L720-L735"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e83d427f44783088a84e9c231c6816c214434526"
 		logic_hash = "fe8eba3b79f5bc4cf820ff51816c3f2a27d6ed8f6ab3963f88a3232c9a4b5c1e"
 		score = 70
@@ -276273,8 +276837,8 @@ rule SIGNATURE_BASE_CN_Honker_Cncert_Ccdoor_CMD : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L737-L754"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L737-L754"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1c6ed7d817fa8e6534a5fd36a94f4fc2f066c9cd"
 		logic_hash = "3c068c3d21de8c071b3eec354f03423d4902ef0156bb9dcad370cf688bc03426"
 		score = 70
@@ -276300,8 +276864,8 @@ rule SIGNATURE_BASE_CN_Honker_Termsrvhack : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L756-L771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L756-L771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1c456520a7b7faf71900c71167038185f5a7d312"
 		logic_hash = "ef0b9965e2d419230a7a8425674edb356347d1e41538d19fc67f8b0fbc69091f"
 		score = 70
@@ -276325,8 +276889,8 @@ rule SIGNATURE_BASE_CN_Honker_IIS6_Iis6 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L773-L790"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L773-L790"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f0c9106d6d2eea686fd96622986b641968d0b864"
 		logic_hash = "51b2fdae6437d64661f20342711d516201740eceb2273704a6e415be2cac54f6"
 		score = 70
@@ -276352,8 +276916,8 @@ rule SIGNATURE_BASE_CN_Honker_Struts2_Catbox : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L792-L807"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L792-L807"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ee8fbd91477e056aef34fce3ade474cafa1a4304"
 		logic_hash = "20bda5c918ea38810603528a20f3406ec4e79ce999681649e8e806bf549b5359"
 		score = 70
@@ -276377,8 +276941,8 @@ rule SIGNATURE_BASE_CN_Honker_Getlsasrvaddr : FILE
 		date = "2015-06-23"
 		modified = "2022-12-21"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L809-L826"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L809-L826"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a897d5da98dae8d80f3c0a0ef6a07c4b42fb89ce"
 		logic_hash = "e626724430d0b74aee52783dd5abdb8ccc7b951c56041e5c166b78b7370bc402"
 		score = 70
@@ -276403,8 +276967,8 @@ rule SIGNATURE_BASE_CN_Honker_Ms10048_X64 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L828-L843"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L828-L843"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "418bec3493c85e3490e400ecaff5a7760c17a0d0"
 		logic_hash = "49addce6bef7588bf7683836a54bec6a2a646ecc3f7547083174d2255454cdf0"
 		score = 70
@@ -276428,8 +276992,8 @@ rule SIGNATURE_BASE_CN_Honker_Logcleaner : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L845-L860"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L845-L860"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ab77ed5804b0394d58717c5f844d9c0da5a9f03e"
 		logic_hash = "3be059627c39e262e7621fce637df21ddcabef91753192cec356f2f8cd58c1a3"
 		score = 70
@@ -276453,8 +277017,8 @@ rule SIGNATURE_BASE_CN_Honker_Shell_Brute_Tool : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L862-L877"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L862-L877"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f6903a15453698c35dce841e4d09c542f9480f01"
 		logic_hash = "723fd18e59c0017b67a035ec7c685169c517d673c2bbc8fe93071b8dbd1e606a"
 		score = 70
@@ -276478,8 +277042,8 @@ rule SIGNATURE_BASE_CN_Honker_Hxdef100 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L879-L895"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L879-L895"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bf30ccc565ac40073b867d4c7f5c33c6bc1920d6"
 		logic_hash = "49f15482104297f0c57713712a7add49d58007afeefd11151dc5749b755860ba"
 		score = 70
@@ -276504,8 +277068,8 @@ rule SIGNATURE_BASE_CN_Honker_Arp_EMP_V1_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L897-L911"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L897-L911"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ae4954c142ad1552a2abaef5636c7ef68fdd99ee"
 		logic_hash = "457035b1685ac7f1bdccaab0b64bb1ad3ca1bf5e0747222347ced2a11b9b9504"
 		score = 70
@@ -276528,8 +277092,8 @@ rule SIGNATURE_BASE_CN_Honker_Getwebshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L913-L930"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L913-L930"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b63b53259260a7a316932c0a4b643862f65ee9f8"
 		logic_hash = "5d6638596607884950e702144416eb6fd3b009c88e4af5f81a50f346d7491c95"
 		score = 70
@@ -276555,8 +277119,8 @@ rule SIGNATURE_BASE_CN_Honker_Cracker_SHELL : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L932-L949"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L932-L949"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c1dc349ff44a45712937a8a9518170da8d4ee656"
 		logic_hash = "03da662e8d5dfbae524c4949d90e143714e6c4783e02600e059172e8b09ebc57"
 		score = 70
@@ -276582,8 +277146,8 @@ rule SIGNATURE_BASE_CN_Honker_MSTSC_Can_Direct_Copy : FILE
 		date = "2015-06-23"
 		modified = "2022-12-21"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L951-L968"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L951-L968"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2f3cbfd9f82f8abafdb1d33235fa6bfa1e1f71ae"
 		logic_hash = "5437abd979a8df5ee3f8508f7a5fff85714b5d8a22ab1760fe1e7a8168a8c255"
 		score = 70
@@ -276608,8 +277172,8 @@ rule SIGNATURE_BASE_CN_Honker_Lcx_Lcx : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L970-L988"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L970-L988"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0c8779849d53d0772bbaa1cedeca150c543ebf38"
 		logic_hash = "6e81cac14baa9f0ae35eb26f30291cba6f7ef1864f8970b97a3e6e7205d10eb9"
 		score = 70
@@ -276636,8 +277200,8 @@ rule SIGNATURE_BASE_CN_Honker_Postgresql : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L990-L1005"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L990-L1005"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1ecfaa91aae579cfccb8b7a8607176c82ec726f4"
 		logic_hash = "f6921e7a7c88d70c77fc30dc273aac3679a3c0ab44d4d4706d7a405f16cff6a1"
 		score = 70
@@ -276661,8 +277225,8 @@ rule SIGNATURE_BASE_CN_Honker_Webrobot : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1007-L1023"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1007-L1023"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "af054994c911b4301490344fca4bb19a9f394a8f"
 		logic_hash = "7d7fc9fb9156aa20993dcb809f4e1d3d357f6826dcac7e628dbe6e0f81e5a61a"
 		score = 70
@@ -276687,8 +277251,8 @@ rule SIGNATURE_BASE_CN_Honker_Baidu_Extractor_Ver1_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1025-L1042"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1025-L1042"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1899f979360e96245d31082e7e96ccedbdbe1413"
 		logic_hash = "cba7357ab3cb840b3b115abe00e1a3a712feb036cae816c8ded10d73029efe2b"
 		score = 70
@@ -276714,8 +277278,8 @@ rule SIGNATURE_BASE_CN_Honker_FTP_Scanning : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1044-L1061"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1044-L1061"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5a3543ee5aed110c87cbc3973686e785bcb5c44e"
 		logic_hash = "5f1c312dc9fa80c120699bacd17d5e4c147ab96f90c619a8c39ec27646a1307f"
 		score = 70
@@ -276741,8 +277305,8 @@ rule SIGNATURE_BASE_CN_Honker_Dirdown_Dirdown : FILE
 		date = "2015-06-23"
 		modified = "2022-12-21"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1063-L1080"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1063-L1080"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7b8d51c72841532dded5fec7e7b0005855b8a051"
 		logic_hash = "5e8349096b7d07757c3779e13fba87f770a5ef090bc7efe36fd151c7c180edad"
 		score = 70
@@ -276767,8 +277331,8 @@ rule SIGNATURE_BASE_CN_Honker_Xiaokui_Conversion_Tool : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1082-L1098"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1082-L1098"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dccd163e94a774b01f90c1e79f186894e2f27de3"
 		logic_hash = "66a77c1fbfecdc02f591c12f69b46e39b7077dfbb5ed2a26a7dcfb11c8b464dc"
 		score = 70
@@ -276793,8 +277357,8 @@ rule SIGNATURE_BASE_CN_Honker_Grouppolicyremover : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1100-L1116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1100-L1116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7475d694e189b35899a2baa462957ac3687513e5"
 		logic_hash = "936d5dea2d44f638abfb5e42f45c0678bcbf769b575b5056db1a1fc41d1643be"
 		score = 70
@@ -276819,8 +277383,8 @@ rule SIGNATURE_BASE_CN_Honker_Wordpressscanner : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1118-L1135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1118-L1135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0b3c5015ba3616cbc616fc9ba805fea73e98bc83"
 		logic_hash = "c6c36ad5ff0ddfbc41464008d293d453bf2d312a6db885217785adf816bd8b20"
 		score = 70
@@ -276846,8 +277410,8 @@ rule SIGNATURE_BASE_CN_Honker_Htran_V2_40_Htran20 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1137-L1156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1137-L1156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b992bf5b04d362ed3757e90e57bc5d6b2a04e65c"
 		logic_hash = "41a85430875df622e7940ef26c6eceaa4e0720b2995521fbb2d4b072207c8e15"
 		score = 70
@@ -276875,8 +277439,8 @@ rule SIGNATURE_BASE_CN_Honker_Dictionarygenerator : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1158-L1173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1158-L1173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b3071c64953e97eeb2ca6796fab302d8a77d27bc"
 		logic_hash = "228bdbca3eb206e22a130e91caa2486174efba9356dbee67e80333c0cf0bb643"
 		score = 70
@@ -276900,8 +277464,8 @@ rule SIGNATURE_BASE_CN_Honker_Ms11080_Withcmd : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1175-L1190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1175-L1190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "745e5058acff27b09cfd6169caf6e45097881a49"
 		logic_hash = "1f673f845ad40efae143ec244c7c70d1e26fb51f22be6bf445085c6a7379f193"
 		score = 70
@@ -276925,8 +277489,8 @@ rule SIGNATURE_BASE_CN_Honker_T00Ls_Lpk_Sethc_V2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1192-L1208"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1192-L1208"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a995451d9108687b8892ad630a79660a021d670a"
 		logic_hash = "979f3fe9795798743f2a57aa3b82a34e304774de58ffda5278991cf5a753a8ba"
 		score = 70
@@ -276951,8 +277515,8 @@ rule SIGNATURE_BASE_CN_Honker_HASH_32 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1210-L1226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1210-L1226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bf4a8b4b3e906e385feab5ea768f604f64ba84ea"
 		logic_hash = "819e70979ae1d5e237bbadaa52b504c566b4b7436747ceb0d72e206e4fc45708"
 		score = 70
@@ -276977,8 +277541,8 @@ rule SIGNATURE_BASE_CN_Honker_Windows_Mstsc_Enhanced_RMDSTC : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1228-L1243"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1228-L1243"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3ca2b1b6f31219baf172abcc8f00f07f560e465f"
 		logic_hash = "de676b033613beebfe9fc5a71cf5f5911f0af35d34e77d56d222c6f00114dfb6"
 		score = 70
@@ -277002,8 +277566,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_Mstsc_MSTSCAX : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1245-L1261"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1245-L1261"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2fa006158b2d87b08f1778f032ab1b8e139e02c6"
 		logic_hash = "2bfe10ec4af5d0f32fc03714c0cb01d9b0d446daa67cc0cce0b83f6a57e7c5a5"
 		score = 70
@@ -277028,8 +277592,8 @@ rule SIGNATURE_BASE_CN_Honker_T00Ls_Scanner : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1263-L1278"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1263-L1278"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "70b04b910d82b32b90cd7f355a0e3e17dd260cb3"
 		logic_hash = "558abb651ce410520811ca96aaad78710cb9bf597b59ed89d9a678377716d721"
 		score = 70
@@ -277053,8 +277617,8 @@ rule SIGNATURE_BASE_CN_Honker_Gethashes : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1280-L1296"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1280-L1296"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dc8bcebf565ffffda0df24a77e28af681227b7fe"
 		logic_hash = "fb5ab5e6d8b522caf27478b0589b39d06b96fb0f913673ede768a814836e11f8"
 		score = 70
@@ -277079,8 +277643,8 @@ rule SIGNATURE_BASE_CN_Honker_Hashq_Hashq : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1298-L1314"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1298-L1314"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7518b647db5275e8a9e0bf4deda3d853cc9d5661"
 		logic_hash = "a71ad182f7dd33790e59badfba6149c6dea627858414f0a8f3e64fd3bb2e2a64"
 		score = 70
@@ -277105,8 +277669,8 @@ rule SIGNATURE_BASE_CN_Honker_Shiftbackdoor_Server : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1316-L1333"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1316-L1333"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b24d761c6bbf216792c4833890460e8b37d86b37"
 		logic_hash = "17f1d7f2345ed1bc9b240c4851f41891244ec9d13b296a24ab6b42cca32ddf87"
 		score = 70
@@ -277132,8 +277696,8 @@ rule SIGNATURE_BASE_CN_Honker_Exp_Win2003 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1335-L1351"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1335-L1351"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "47164c8efe65d7d924753fadf6cdfb897a1c03db"
 		logic_hash = "d1616c53b26eefaa2578efb7defee182e8c88c869cfffb16c8767ddc1869ad46"
 		score = 70
@@ -277158,8 +277722,8 @@ rule SIGNATURE_BASE_CN_Honker_Interception3389_Setup : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1353-L1371"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1353-L1371"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f5b2f86f8e7cdc00aa1cb1b04bc3d278eb17bf5c"
 		logic_hash = "d3f543683810a985a190cc3ea8edb7bfcd316d56a13d45c6532c488a4536ad0a"
 		score = 70
@@ -277186,8 +277750,8 @@ rule SIGNATURE_BASE_CN_Honker_Cncert_Ccdoor_CMD_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1373-L1390"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1373-L1390"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7f3a6fb30845bf366e14fa21f7e05d71baa1215a"
 		logic_hash = "8f33f2999eae3f080e8e5ec51ced3e7d596a07b6e5c9830cc1ca552701ed6502"
 		score = 70
@@ -277213,8 +277777,8 @@ rule SIGNATURE_BASE_CN_Honker_Exp_Ms11046 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1392-L1409"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1392-L1409"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f8414a374011fd239a6c6d9c6ca5851cd8936409"
 		logic_hash = "0496e5c062c1a248b118c2f6009c95bfddf753e5491529d4ec43cfaf1ea0c0c5"
 		score = 70
@@ -277240,8 +277804,8 @@ rule SIGNATURE_BASE_CN_Honker_Master_Beta_1_7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1411-L1426"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1411-L1426"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3be7a370791f29be89acccf3f2608fd165e8059e"
 		logic_hash = "13c9cc0bf8aaed2ba86baeee6f0b32bf71108dc1350dcffd03e70393fa975c9f"
 		score = 70
@@ -277265,8 +277829,8 @@ rule SIGNATURE_BASE_CN_Honker_F4Ck_Team_F4Ck_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1428-L1446"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1428-L1446"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0783661077312753802bd64bf5d35c4666ad0a82"
 		logic_hash = "85c73d480019929eef5951b0395f49cea86dc83b334860e940cc6e36c2d96d3a"
 		score = 70
@@ -277293,8 +277857,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_80_Antifw : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1448-L1466"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1448-L1466"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5fbc75900e48f83d0e3592ea9fa4b70da72ccaa3"
 		logic_hash = "5e940406b713458ae7168d4e140f15a262b7f0834d29db9c88f1f04bedb41e43"
 		score = 70
@@ -277321,8 +277885,8 @@ rule SIGNATURE_BASE_CN_Honker_Wwwscan_Gui : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1468-L1483"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1468-L1483"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "897b66a34c58621190cb88e9b2a2a90bf9b71a53"
 		logic_hash = "9c25cf33fc2f675c8db7b24f2abe03d54c0ae17927e0ca9ccd3e5b97ffc56f73"
 		score = 70
@@ -277346,8 +277910,8 @@ rule SIGNATURE_BASE_CN_Honker_Swordcolledition : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1485-L1500"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1485-L1500"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6e14f21cac6e2aa7535e45d81e8d1f6913fd6e8b"
 		logic_hash = "bbc5c9bb91bdd60582e2d7f6fa9b1a1cc3799e0809b670d575d9b2c77bf5e884"
 		score = 70
@@ -277371,8 +277935,8 @@ rule SIGNATURE_BASE_CN_Honker_Hconstfportable : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1502-L1517"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1502-L1517"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "00253a00eadb3ec21a06911a3d92728bbbe80c09"
 		logic_hash = "d4368994d38b87a4c0a53321a468fa8a72411ccb17befa0bbc62bdd6de9e1a52"
 		score = 70
@@ -277396,8 +277960,8 @@ rule SIGNATURE_BASE_CN_Honker_T00Ls_Lpk_Sethc_V3_LPK : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1519-L1536"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1519-L1536"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cf2549bbbbdb7aaf232d9783873667e35c8d96c1"
 		logic_hash = "20e949bef1c1631ef2a48c78c2ccc4dcea2f842275ec5df3e31c5d915e8a2a04"
 		score = 70
@@ -277423,8 +277987,8 @@ rule SIGNATURE_BASE_CN_Honker_Without_A_Trace_Wywz : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1538-L1554"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1538-L1554"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f443c43fde643228ee95def5c8ed3171f16daad8"
 		logic_hash = "0f6ca7d44312afef49d3094af7b33af5e41f4531e7e7f9f37cf050700755bb3e"
 		score = 70
@@ -277449,8 +278013,8 @@ rule SIGNATURE_BASE_CN_Honker_LPK2_0_LPK : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1556-L1573"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1556-L1573"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5a1226e73daba516c889328f295e728f07fdf1c3"
 		logic_hash = "d693b880d5419277d9189d44ace60fe5f328b4662c1975a8bc97e63dc073d1e6"
 		score = 70
@@ -277476,8 +278040,8 @@ rule SIGNATURE_BASE_CN_Honker_Cleaniis : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1575-L1590"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1575-L1590"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "372bc64c842f6ff0d9a1aa2a2a44659d8b88cb40"
 		logic_hash = "6f3fe22c9ce8b576116a3fc185910488f37b687c1158d49a93feaa68a144a8db"
 		score = 70
@@ -277501,8 +278065,8 @@ rule SIGNATURE_BASE_CN_Honker_Arp3_7_Arp3_7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1592-L1607"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1592-L1607"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "db641a9dfec103b98548ac7f6ca474715040f25c"
 		logic_hash = "9930d5f13c4dc5cae25dece811911e71e858e3fef51a09c99883699e7feb4908"
 		score = 70
@@ -277526,8 +278090,8 @@ rule SIGNATURE_BASE_CN_Honker_Exp_Ms11080 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1609-L1624"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1609-L1624"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f0854c49eddf807f3a7381d3b20f9af4a3024e9f"
 		logic_hash = "57eb1cdd1108c82da399b0aa869edc9e377e0185896504716bec8925599c07f0"
 		score = 70
@@ -277551,8 +278115,8 @@ rule SIGNATURE_BASE_CN_Honker_Injection_Transit : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1626-L1642"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1626-L1642"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f4fef2e3d310494a3c3962a49c7c5a9ea072b2ea"
 		logic_hash = "3e6fe804b9b6e8555c847a165bb0a8b266004653531fe8f11e3937108757f2ff"
 		score = 70
@@ -277577,8 +278141,8 @@ rule SIGNATURE_BASE_CN_Honker_Safe3Wvs : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1644-L1662"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1644-L1662"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fee3acacc763dc55df1373709a666d94c9364a7f"
 		logic_hash = "803591fa9427c3001f78ae6274076f3a2f070770d568909d6cba8cee5124ee4c"
 		score = 70
@@ -277605,8 +278169,8 @@ rule SIGNATURE_BASE_CN_Honker_NBSI_3_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1664-L1681"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1664-L1681"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "93bf0f64bec926e9aa2caf4c28df9af27ec0e104"
 		logic_hash = "017b5f76a3168089f3186134e7a4c0352158bb866228776240f0d014834e6ee0"
 		score = 70
@@ -277632,8 +278196,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_Dubrute_V3_0_RC3_2_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1683-L1699"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1683-L1699"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e8ee982421ccff96121ffd24a3d84e3079f3750f"
 		logic_hash = "8c9be7e8cc04eba6b131acc3c85ac48d7663260a2e4064ad55ed8f40e0875cf4"
 		score = 70
@@ -277658,8 +278222,8 @@ rule SIGNATURE_BASE_CN_Honker_Hkmjjiis6 : FILE
 		date = "2015-06-23"
 		modified = "2023-01-27"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1701-L1718"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1701-L1718"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4cbc6344c6712fa819683a4bd7b53f78ea4047d7"
 		logic_hash = "a087b9731444152b717e0fbae557004d94f3fb69a4ec65aa38b7a3dab3e3cddf"
 		score = 70
@@ -277684,8 +278248,8 @@ rule SIGNATURE_BASE_CN_Honker_Clearlogs : FILE
 		date = "2015-06-23"
 		modified = "2023-01-27"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1720-L1736"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1720-L1736"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "490f3bc318f415685d7e32176088001679b0da1b"
 		logic_hash = "ed961d2850ba86743177976a4516e7d4a8b90b7e8f180c03f5dbbcc794ad1084"
 		score = 70
@@ -277709,8 +278273,8 @@ rule SIGNATURE_BASE_CN_Honker_No_Net_Priv_Esc_Adduser : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1738-L1754"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1738-L1754"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4c95046be6ae40aee69a433e9a47f824598db2d4"
 		logic_hash = "743e67e2aa95830034db1afda1f346c30467c7b59e030ed27415e5127013be74"
 		score = 70
@@ -277735,8 +278299,8 @@ rule SIGNATURE_BASE_CN_Honker_Injection : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1756-L1771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1756-L1771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3484ed16e6f9e0d603cbc5cb44e46b8b7e775d35"
 		logic_hash = "8de3e59bd118fbbf1a012c6bfb358dba7c8fb758e3ac17277f2ad3a92c0284ba"
 		score = 70
@@ -277760,8 +278324,8 @@ rule SIGNATURE_BASE_CN_Honker_Sqlserver_Inject_Creaked : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1773-L1788"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1773-L1788"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "af3c41756ec8768483a4cf59b2e639994426e2c2"
 		logic_hash = "2a7e913a4b7bb6c1270d862108eae7ed3998114b672ca7fa19bd0b199fc27dc2"
 		score = 70
@@ -277785,8 +278349,8 @@ rule SIGNATURE_BASE_CN_Honker_Webscan_Webscan : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1790-L1805"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1790-L1805"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a0b0e2422e0e9edb1aed6abb5d2e3d156b7c8204"
 		logic_hash = "a714fe90dce33180b8074e2c3a16fc1829ed2a7b387eb92aec8a147cff9e57a4"
 		score = 70
@@ -277810,8 +278374,8 @@ rule SIGNATURE_BASE_CN_Honker_Gethashes_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1807-L1823"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1807-L1823"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "35ae9ccba8d607d8c19a065cf553070c54b091d8"
 		logic_hash = "778fde2c59d4523142c0ac5b5c953c9eedbbf3c00b406541c00c1aa1f1a9cc58"
 		score = 70
@@ -277836,8 +278400,8 @@ rule SIGNATURE_BASE_SUSP_Patcher_Keygen_Indicators_Jun15 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1825-L1841"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1825-L1841"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e32f5de730e324fb386f97b6da9ba500cf3a4f8d"
 		logic_hash = "07735c380cf34aaabd5cc0e1b38e32b3d4ad86b7bb184188d446df537f66775e"
 		score = 70
@@ -277862,8 +278426,8 @@ rule SIGNATURE_BASE_CN_Honker_Tuoku_Script_Oracle_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1843-L1858"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1843-L1858"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "865dd591b552787eda18ee0ab604509bae18c197"
 		logic_hash = "627d81323266d67a2402367918b4f6e7277367c3eb027af57ac6966f2a49472c"
 		score = 70
@@ -277887,8 +278451,8 @@ rule SIGNATURE_BASE_CN_Honker_Net_Packet_Capt : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1860-L1878"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1860-L1878"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2d45a2bd9e74cf14c1d93fff90c2b0665f109c52"
 		logic_hash = "b158199a27f1260da5f5c1a8e99bb1cc3d19fe2a10577cc5932f097ff39d4ef8"
 		score = 70
@@ -277915,8 +278479,8 @@ rule SIGNATURE_BASE_CN_Honker_Cleaniislog : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1880-L1894"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1880-L1894"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "827cd898bfe8aa7e9aaefbe949d26298f9e24094"
 		logic_hash = "35b428d6178196b0dc6ac2ea3f0ee1dfbf6a98ead2356cb2a35d3d6b780538cc"
 		score = 70
@@ -277939,8 +278503,8 @@ rule SIGNATURE_BASE_CN_Honker_HASH_Pwhash : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1896-L1911"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1896-L1911"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "689056588f95749f0382d201fac8f58bac393e98"
 		logic_hash = "a77ae11c35dac3cfb1a2970460d4883feed7fbd3e8a860fa7facaad7ddcd1182"
 		score = 70
@@ -277964,8 +278528,8 @@ rule SIGNATURE_BASE_CN_Honker_Cleaner_Cl_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1913-L1928"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1913-L1928"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "523084e8975b16e255b56db9af0f9eecf174a2dd"
 		logic_hash = "865354152f8441009aaad9022f64c3a014c4df0549b648d66959df56893ab98a"
 		score = 70
@@ -277989,8 +278553,8 @@ rule SIGNATURE_BASE_CN_Honker_Sqlmap_Python_Run : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1930-L1946"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1930-L1946"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a51479a1c589f17c77d22f6cf90b97011c33145f"
 		logic_hash = "86d53a06e2f71b7ce7785c4c8ac017a4552b40c16d64474db4e22dbe1afd9e52"
 		score = 70
@@ -278015,8 +278579,8 @@ rule SIGNATURE_BASE_CN_Honker_Saminside : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1948-L1963"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1948-L1963"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "707ba507f9a74d591f4f2e2f165ff9192557d6dd"
 		logic_hash = "8f095a554121e16b63fdd8d47d957665aed7a2a5885813fa78bc4cee3b8923d3"
 		score = 70
@@ -278040,8 +278604,8 @@ rule SIGNATURE_BASE_CN_Honker_Webscan_Wwwscan : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1965-L1981"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1965-L1981"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6dbffa916d0f0be2d34c8415592b9aba690634c7"
 		logic_hash = "9d2eee1c1783a08a2eae86d4ea77bdb67db8cf0055a24d88ea09411e63018e8c"
 		score = 70
@@ -278066,8 +278630,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_2_3389 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L1983-L1999"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L1983-L1999"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "48d1974215e5cb07d1faa57e37afa91482b5a376"
 		logic_hash = "97e2a08dd391de44fc01c44ca6463aa009e93ad199a330eb99aaa809f14f2ef0"
 		score = 70
@@ -278092,8 +278656,8 @@ rule SIGNATURE_BASE_CN_Honker_PHP_Php11 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2001-L2017"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2001-L2017"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dcc8226e7eb20e4d4bef9e263c14460a7ee5e030"
 		logic_hash = "d32b0540521a6b1d65c224bdee463813d72846c26f27326a092bdf3b90c3ae7c"
 		score = 70
@@ -278118,8 +278682,8 @@ rule SIGNATURE_BASE_CN_Honker_Webcruiserwvs : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2019-L2034"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2019-L2034"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6c90a9ed4c8a141a343dab1b115cc840a7190304"
 		logic_hash = "dd37765488f07299048e9b8fc552120e76d628e0adcaf474fce9bfe60774a0c8"
 		score = 70
@@ -278143,8 +278707,8 @@ rule SIGNATURE_BASE_CN_Honker_Hookmsgina : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2036-L2053"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2036-L2053"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f4d9b329b45fbcf6a3b9f29f2633d5d3d76c9f9d"
 		logic_hash = "1e268624a5f8df200ef1a03ce167f38feda59836a864e17297473ba223c5895a"
 		score = 70
@@ -278170,8 +278734,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_Xp3389 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2055-L2071"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2055-L2071"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d776eb7596803b5b94098334657667d34b60d880"
 		logic_hash = "7fd7947a802a65dfd63ece3fc6eaf2da8207e99276a9f6b1ff2c937cf4327945"
 		score = 70
@@ -278196,8 +278760,8 @@ rule SIGNATURE_BASE_CN_Honker_Cookiesview : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2073-L2089"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2073-L2089"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c54e1f16d79066edfa0f84e920ed1f4873958755"
 		logic_hash = "9711bb15f08c18ba068325d1cca0ded8e252ded4ceddfb134d1317ad8a19fbe8"
 		score = 70
@@ -278222,8 +278786,8 @@ rule SIGNATURE_BASE_CN_Honker_T00Ls_Lpk_Sethc_V4_LPK : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2091-L2108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2091-L2108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2b2ab50753006f62965bba83460e3960ca7e1926"
 		logic_hash = "a7382d61b53706ad51b36bc686a1c3f0018ee111bdc8ae9b05af144230dfbba3"
 		score = 70
@@ -278249,8 +278813,8 @@ rule SIGNATURE_BASE_CN_Honker_Scanhistory : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2110-L2126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2110-L2126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "14c31e238924ba3abc007dc5a3168b64d7b7de8d"
 		logic_hash = "657a25b5103799446fa88abda39d36a05e080c18d41e9dd98199b506f2bfc419"
 		score = 70
@@ -278275,8 +278839,8 @@ rule SIGNATURE_BASE_CN_Honker_Invasionerasor : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2128-L2146"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2128-L2146"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b37ecd9ee6b137a29c9b9d2801473a521b168794"
 		logic_hash = "d2f742693682e9409284706a3eb63536a576cb162629bf76bfabf2e0210984a3"
 		score = 70
@@ -278303,8 +278867,8 @@ rule SIGNATURE_BASE_CN_Honker_Super_Injection1 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2148-L2164"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2148-L2164"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8ff2df40c461f6c42b92b86095296187f2b59b14"
 		logic_hash = "11a3628b7c34a34dc37604430195e24063d3f0dd0889d6d782ce0ee42cafbb02"
 		score = 70
@@ -278329,8 +278893,8 @@ rule SIGNATURE_BASE_CN_Honker_Pk_Pker : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2166-L2186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2166-L2186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "631787f27f27c46f79e58e1accfcc9ecfb4d3a2f"
 		logic_hash = "ea29bc82131751f0aaa4f10cc7576a27d243fb7dade03db7ae3dcb029b306505"
 		score = 70
@@ -278359,8 +278923,8 @@ rule SIGNATURE_BASE_CN_Honker_Getpass_Getpass : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2188-L2204"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2188-L2204"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d18d952b24110b83abd17e042f9deee679de6a1a"
 		logic_hash = "90d802da512f5d460eda6d644660711601d361e2402522d085d3225931a3fca3"
 		score = 70
@@ -278386,8 +278950,8 @@ rule SIGNATURE_BASE_CN_Honker_F4Ck_Team_Blackmoon_Jun15 : FILE
 		modified = "2023-12-05"
 		old_rule_name = "CN_Honker_F4ck_Team_f4ck_3"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2206-L2227"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2206-L2227"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7e3bf9b26df08cfa10f10e2283c6f21f5a3a0014"
 		logic_hash = "85db31c6bca6e5ddd45168a3adbc382d5a9e8128e0b2a6ed5efe1a2fcd42ff3d"
 		score = 70
@@ -278416,8 +278980,8 @@ rule SIGNATURE_BASE_CN_Honker_F4Ck_Team_F4Ck_3 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2229-L2248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2229-L2248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0b3e9381930f02e170e484f12233bbeb556f3731"
 		logic_hash = "870d22be85da127b3ebfd3f8ec547b6ad1cdc8048b56aea494e8d2643bd61d77"
 		score = 70
@@ -278445,8 +279009,8 @@ rule SIGNATURE_BASE_CN_Honker_ACCESS_Brute : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2250-L2268"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2250-L2268"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f552e05facbeb21cb12f23c34bb1881c43e24c34"
 		logic_hash = "5bd0cbb1c2f5863ef1365dc115c736ade05c290cd6fa09a24c2d344314b522cb"
 		score = 70
@@ -278473,8 +279037,8 @@ rule SIGNATURE_BASE_CN_Honker_Fpipe_Fpipe : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2270-L2286"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2270-L2286"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a2c51c6fa93a3dfa14aaf31fb1c48a3a66a32d11"
 		logic_hash = "bde46f2508dc82f91e39cc7bd88960e836522b068546ce65ebc07db69b3d4493"
 		score = 50
@@ -278499,8 +279063,8 @@ rule SIGNATURE_BASE_CN_Honker_Layer_Layer : FILE
 		date = "2015-06-23"
 		modified = "2022-12-21"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2288-L2305"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2288-L2305"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0f4f27e842787cb854bd61f9aca86a63f653eb41"
 		logic_hash = "03e2d875de6dc45a0cede55071c071944c4cdf4610f52fe4a21f6dd5dedac41d"
 		score = 70
@@ -278525,8 +279089,8 @@ rule SIGNATURE_BASE_CN_Honker_Ms10048_X86 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2307-L2321"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2307-L2321"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e57b453966e4827e2effa4e153f2923e7d058702"
 		logic_hash = "2f67b3be31b1d1eb420b40ec291db7271acd692af9f061d5db17415685cf7546"
 		score = 70
@@ -278549,8 +279113,8 @@ rule SIGNATURE_BASE_CN_Honker_Htran2_4 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2323-L2338"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2323-L2338"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "524f986692f55620013ab5a06bf942382e64d38a"
 		logic_hash = "dd1332d3dca12513b1f8a1d10148f6fa2eb7cc809ac7cf6f4dcc9090746718b5"
 		score = 70
@@ -278574,8 +279138,8 @@ rule SIGNATURE_BASE_CN_Honker_Skinhrootkit_Skinh : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2340-L2356"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2340-L2356"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d593f03ae06e54b653c7850c872c0eed459b301f"
 		logic_hash = "97314a8c908c714c39ea8962c87709fdc422c3e2998a2b1694950fa127204335"
 		score = 70
@@ -278600,8 +279164,8 @@ rule SIGNATURE_BASE_CN_Honker__Postgresql_Mysql_Injectv1_1_Creak_Oracle_Sqlserve
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2358-L2378"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2358-L2378"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ed809a5fb35d36b2a8758e470657bda1a04d80577d5129962cd7d0ab9a80cf8a"
 		score = 70
 		quality = 85
@@ -278630,8 +279194,8 @@ rule SIGNATURE_BASE_CN_Honker__Wwwscan_Wwwscan_Wwwscan_Gui : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2380-L2398"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2380-L2398"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0fd6ab38dca839605c1b7cd51a4a8d3268551f0725ccee7c7521f13d6f9e7076"
 		score = 70
 		quality = 85
@@ -278658,8 +279222,8 @@ rule SIGNATURE_BASE_CN_Honker__LPK_LPK_LPK : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2400-L2421"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2400-L2421"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0309241ed0e899519cf3edd1544a14d09fff4a8162514ae49b3a6b70eda1ed4f"
 		score = 70
 		quality = 85
@@ -278689,8 +279253,8 @@ rule SIGNATURE_BASE_CN_Honker__Builder_Shift_Skinh : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2423-L2444"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2423-L2444"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d15802df98d72b4ef3bac2dfb8ba3338c540ef7290d7ddf9738cf0f7b86e17ea"
 		score = 70
 		quality = 85
@@ -278720,8 +279284,8 @@ rule SIGNATURE_BASE_CN_Honker__Lcx_Htran2_4_Htran20 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2446-L2465"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2446-L2465"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "30184394ad3ec7bf209bb0a22da889699bac6167ecc09e693c88f8643c754394"
 		score = 70
 		quality = 85
@@ -278749,8 +279313,8 @@ rule SIGNATURE_BASE_CN_Honker__D_Injection_V2_32_D_Injection_V2_32_D_Injection_V
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/cn_pentestset_tools.yar#L2467-L2488"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/cn_pentestset_tools.yar#L2467-L2488"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5c318c670b3aedf66da1c6444df7d630d2263e88527facfcf75d76dd974e7d31"
 		score = 70
 		quality = 85
@@ -278781,8 +279345,8 @@ rule SIGNATURE_BASE_APT_APT10_Malware_Imphash_Dec18_1 : FILE
 		date = "2018-12-28"
 		modified = "2023-12-05"
 		reference = "AlienVault OTX IOCs - statistical sample analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt10.yar#L1390-L1406"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt10.yar#L1390-L1406"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d6e2f23f3809e7a7064bfe4859db3480454a9c8b21ffac2e1e8b7b8a8906de93"
 		score = 75
 		quality = 85
@@ -278800,8 +279364,8 @@ rule SIGNATURE_BASE_Tools_Cmd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L10-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L10-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "02e37b95ef670336dc95331ec73dbb5a86f3ba2b"
 		logic_hash = "fe1a157d53bd9a48848f2711844c5e12356652ca01c84c19429c55bbb12ea488"
 		score = 75
@@ -278833,8 +279397,8 @@ rule SIGNATURE_BASE_Trigger_Drop : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L35-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L35-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "165dd2d82bf87285c8a53ad1ede6d61a90837ba4"
 		logic_hash = "fc998ea5c2a446278823e4336ddc6a22741f82c43fbdcd95b3d12ee6a27b1dd7"
 		score = 75
@@ -278860,8 +279424,8 @@ rule SIGNATURE_BASE_Injectionparameters : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L53-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L53-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4f11aa5b3660c45e527606ee33de001f4994e1ea"
 		logic_hash = "6bb786256f7154013408323eeb597f91c609a2a26f5ae9e6d61e16bd9c16a577"
 		score = 75
@@ -278885,8 +279449,8 @@ rule SIGNATURE_BASE_Users_List : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L69-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L69-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6fba1a1a607198ed232405ccbebf9543037a63ef"
 		logic_hash = "debd8e1d882cbbe6e720b86bec3ff3c78393cb225b3f0f9c7725cfced6582e71"
 		score = 75
@@ -278911,8 +279475,8 @@ rule SIGNATURE_BASE_Trigger_Modify : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L86-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L86-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c93cd7a6c3f962381e9bf2b511db9b1639a22de0"
 		logic_hash = "6ea0221af9e9a29d3280a01eec69e31e79c358e664d286f8c80259f5e826876c"
 		score = 75
@@ -278939,8 +279503,8 @@ rule SIGNATURE_BASE_Customize : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L105-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L105-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "db556879dff9a0101a7a26260a5d0dc471242af2"
 		logic_hash = "f4e0a7342a01411ae060c9d995072518f2e3299af1b0d396bb319eeec42c1519"
 		score = 75
@@ -278966,8 +279530,8 @@ rule SIGNATURE_BASE_Oracle_Data
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L123-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L123-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6cf070017be117eace4752650ba6cf96d67d2106"
 		logic_hash = "1ab9b6c4349dd891103a24a77c93c2abb784d3ed616523f3aaec68b05082983e"
 		score = 75
@@ -278992,8 +279556,8 @@ rule SIGNATURE_BASE_Reduhservers_Reduh : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L140-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L140-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "377886490a86290de53d696864e41d6a547223b0"
 		logic_hash = "dcb1515da696566d01ec64029a34438a56d2df480b9cd2ea586f71ffe3324c1a"
 		score = 75
@@ -279019,8 +279583,8 @@ rule SIGNATURE_BASE_Item_Old : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L157-L172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L157-L172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "daae358bde97e534bc7f2b0134775b47ef57e1da"
 		logic_hash = "181e46408050490dccc4f321bd1072da0436d920e16cc4711b16425eb5bd73ed"
 		score = 75
@@ -279045,8 +279609,8 @@ rule SIGNATURE_BASE_Tools_2014 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L174-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L174-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "74518faf08637c53095697071db09d34dbe8d676"
 		logic_hash = "caa365cc1a641b7dcd5d2082240d981e66caf6da1379ee109a0bb1f651d1f00f"
 		score = 75
@@ -279071,8 +279635,8 @@ rule SIGNATURE_BASE_Reduhservers_Reduh_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L191-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L191-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "512d0a3e7bb7056338ad0167f485a8a6fa1532a3"
 		logic_hash = "954115da374b6d72c35244673799be6e8bae5288f53509dea04e3ae3c489af12"
 		score = 75
@@ -279097,8 +279661,8 @@ rule SIGNATURE_BASE_Customize_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L208-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L208-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "37cd17543e14109d3785093e150652032a85d734"
 		logic_hash = "aa0940a21eea6ba50a93dd36a8f914f636fdba0685048fc67e16dd68c1c2794e"
 		score = 75
@@ -279122,8 +279686,8 @@ rule SIGNATURE_BASE_Chinachopper_One : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L224-L237"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L224-L237"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6cd28163be831a58223820e7abe43d5eacb14109"
 		logic_hash = "f9a6e4b8556eb3f1e1cbe0bc4eb225b9564ac59aae4a97f184806c6bec95578d"
 		score = 75
@@ -279146,8 +279710,8 @@ rule SIGNATURE_BASE_CN_Tools_Old : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L239-L255"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L239-L255"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f8a007758fda8aa1c0af3c43f3d7e3186a9ff307"
 		logic_hash = "3f0ac357e9a9fb4ee937b53145b33ba1041310d979cbc3feb0a4caf026b9b730"
 		score = 75
@@ -279173,8 +279737,8 @@ rule SIGNATURE_BASE_Item_301 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L257-L273"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L257-L273"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "15636f0e7dc062437608c1f22b1d39fa15ab2136"
 		logic_hash = "623e235ff3eb0922fe8aee732144a15bcc0c580229654ae988353176f488b085"
 		score = 75
@@ -279200,8 +279764,8 @@ rule SIGNATURE_BASE_CN_Tools_Item : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L275-L291"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L275-L291"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a584db17ad93f88e56fd14090fae388558be08e4"
 		logic_hash = "1e927fd093aa11ad525f3f64d657f314520669b4237eac8f87d0be53cd848044"
 		score = 75
@@ -279227,8 +279791,8 @@ rule SIGNATURE_BASE_F3_Diy : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L293-L307"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L293-L307"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f39c2f64abe5e86d8d36dbb7b1921c7eab63bec9"
 		logic_hash = "37d6bc61d790ff30c98ded08ff875431fda525cd3ac10b4b1ba3f8f42167ed8c"
 		score = 75
@@ -279252,8 +279816,8 @@ rule SIGNATURE_BASE_Chinachopper_Temp : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L309-L325"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L309-L325"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b0561ea52331c794977d69704345717b4eb0a2a7"
 		logic_hash = "3669dfa10867970456f6638035a87d448e2b728387fbd07b59ffd981a1ab6200"
 		score = 75
@@ -279279,8 +279843,8 @@ rule SIGNATURE_BASE_Tools_2015 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L327-L344"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L327-L344"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8fc67359567b78cadf5d5c91a623de1c1d2ab689"
 		logic_hash = "2b93ef42c277fd8415cf89bf1bef3e841c56a2b4aa1507d99b84cd8adc9a0644"
 		score = 75
@@ -279307,8 +279871,8 @@ rule SIGNATURE_BASE_Chinachopper_Temp_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L346-L359"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L346-L359"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "604a4c07161ce1cd54aed5566e5720161b59deee"
 		logic_hash = "1b6d840797afcdbf7c72836557dbd486780c760471e79133810346c301cca80b"
 		score = 75
@@ -279331,8 +279895,8 @@ rule SIGNATURE_BASE_Templatr : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L361-L374"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L361-L374"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "759df470103d36a12c7d8cf4883b0c58fe98156b"
 		logic_hash = "80d207ee47c0c602ddd281e0e187b83cdb4f1385f4b46ad2a4f5630b8f9e96a1"
 		score = 75
@@ -279355,8 +279919,8 @@ rule SIGNATURE_BASE_Reduhservers_Reduh_3 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L376-L392"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L376-L392"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0744f64c24bf4c0bef54651f7c88a63e452b3b2d"
 		logic_hash = "5a3bc023e0e8a5ccc8ee8e1b5e7ee0fca64e3f92b72d0aad15b25c82a23da487"
 		score = 75
@@ -279382,8 +279946,8 @@ rule SIGNATURE_BASE_Chinachopper_Temp_3 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L394-L408"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L394-L408"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c5ecb8bc1d7f0e716b06107b5bd275008acaf7b7"
 		logic_hash = "6a0d7817607362f325957e30cace24d32635b7e0411e161588ee573118f91b6a"
 		score = 75
@@ -279407,8 +279971,8 @@ rule SIGNATURE_BASE_Shell_Asp : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L410-L425"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L410-L425"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5e0bc914ac287aa1418f6554ddbe0ce25f2b5f20"
 		logic_hash = "47c5c242713446471d5da4d9245b99561c26ad7fa016059076a6f0acab542c3c"
 		score = 75
@@ -279433,8 +279997,8 @@ rule SIGNATURE_BASE_Txt_Aspxtag : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L428-L443"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L428-L443"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "42cb272c02dbd49856816d903833d423d3759948"
 		logic_hash = "6ffeee18945cab96673e4b9efc143017d168be12b794fa26aa4a304f15ae8e13"
 		score = 75
@@ -279459,8 +280023,8 @@ rule SIGNATURE_BASE_Txt_Php : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L445-L461"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L445-L461"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "eaa1af4b898f44fc954b485d33ce1d92790858d0"
 		logic_hash = "ace26e7c0dca285febf6b9192cbe59cc7e55e80f2f4e1a99aba25afcbeadeec1"
 		score = 75
@@ -279486,8 +280050,8 @@ rule SIGNATURE_BASE_Txt_Aspx1 : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L463-L477"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L463-L477"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c5ecb8bc1d7f0e716b06107b5bd275008acaf7b7"
 		logic_hash = "20bdadd6c8b61ab14f6280f55a90f541bf65c33675f979ebe489cc3967438e15"
 		score = 75
@@ -279511,8 +280075,8 @@ rule SIGNATURE_BASE_Txt_Shell : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L479-L496"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L479-L496"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8342b634636ef8b3235db0600a63cc0ce1c06b62"
 		logic_hash = "020e9e6ef776a9d69939fa3dec771dc516b0184086738bab439063acca89bd76"
 		score = 75
@@ -279539,8 +280103,8 @@ rule SIGNATURE_BASE_Txt_Asp : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L498-L512"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L498-L512"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a63549f749f4d9d0861825764e042e299e06a705"
 		logic_hash = "9eab239310fbebe8c88cbf8d0ee4123b8f3e2ebe601949e1e984e9cfde9869e7"
 		score = 75
@@ -279564,8 +280128,8 @@ rule SIGNATURE_BASE_Txt_Asp1 : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L514-L530"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L514-L530"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "95934d05f0884e09911ea9905c74690ace1ef653"
 		logic_hash = "77a4409b852d24228b0e1701f1ccc2abe3930c2c7240a43796b23042e706d9bf"
 		score = 75
@@ -279591,8 +280155,8 @@ rule SIGNATURE_BASE_Txt_Php_2 : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L532-L552"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L532-L552"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a7d5fcbd39071e0915c4ad914d31e00c7127bcfc"
 		logic_hash = "c08f62c3d468c2ebacd10fff6aa0c63bd303d627d487c070a9d22419bf6906cd"
 		score = 75
@@ -279622,8 +280186,8 @@ rule SIGNATURE_BASE_Txt_Ftp : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L554-L573"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L554-L573"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3495e6bcb5484e678ce4bae0bd1a420b7eb6ad1d"
 		logic_hash = "02eae9b19274ab7b816d7c336017af8f0fdd5273664eb37be92be12661f3ef1f"
 		score = 75
@@ -279652,8 +280216,8 @@ rule SIGNATURE_BASE_Txt_Lcx : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L575-L592"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L575-L592"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ddb3b6a5c5c22692de539ccb796ede214862befe"
 		logic_hash = "48121824d3173b77b54b52dc60d3422a904ada46a6ebb20bb585086911cd8360"
 		score = 75
@@ -279680,8 +280244,8 @@ rule SIGNATURE_BASE_Txt_Jspcmd : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L594-L608"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L594-L608"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1d4e789031b15adde89a4628afc759859e53e353"
 		logic_hash = "d2cbf753fbd9e261234e6beb6f79aecb407a368704ae09d907d128d04c242053"
 		score = 75
@@ -279705,8 +280269,8 @@ rule SIGNATURE_BASE_Txt_Jsp : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L610-L626"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L610-L626"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "74518faf08637c53095697071db09d34dbe8d676"
 		logic_hash = "039b145031cf1127cb1b2aeda063d578d9eb151559232d7e6049965111df1e28"
 		score = 75
@@ -279732,8 +280296,8 @@ rule SIGNATURE_BASE_Txt_Aspxlcx : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L628-L644"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L628-L644"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "453dd3160db17d0d762e032818a5a10baf234e03"
 		logic_hash = "a6e41e6882e74b0dd55ec4afbf6f8708e28267657e304c97d1304266fe1fbc93"
 		score = 75
@@ -279759,8 +280323,8 @@ rule SIGNATURE_BASE_Txt_Xiao : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L646-L663"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L646-L663"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b3b98fb57f5f5ccdc42e746e32950834807903b7"
 		logic_hash = "e99c307482148e4d0eb660281fa70f2dcece200ac8aed032bbef41e421d2a155"
 		score = 75
@@ -279787,8 +280351,8 @@ rule SIGNATURE_BASE_Txt_Aspx : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L665-L681"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L665-L681"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ce24e277746c317d887139a0d71dd250bfb0ed58"
 		logic_hash = "43c386bfa88db77801b0494d6a5e4406688f957ffedeb4d2ecdd244549dec708"
 		score = 75
@@ -279814,8 +280378,8 @@ rule SIGNATURE_BASE_Txt_Sql : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L683-L699"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L683-L699"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f7813f1dfa4eec9a90886c80b88aa38e2adc25d5"
 		logic_hash = "0712b6736d8bdc1f19b3494dc3aab9e9a04dde167b5f843e319755cd311e29bd"
 		score = 75
@@ -279841,8 +280405,8 @@ rule SIGNATURE_BASE_Txt_Hello : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_webshells.yar#L701-L717"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_webshells.yar#L701-L717"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "697a9ebcea6a22a16ce1a51437fcb4e1a1d7f079"
 		logic_hash = "823a0a74b07c8f4821247b3cf0450069a9888d44ccd87144330da88594f260c0"
 		score = 75
@@ -279868,8 +280432,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Turla_Apr202004_1 : FILE
 		date = "2020-04-24"
 		modified = "2023-12-05"
 		reference = "https://www.leonardocompany.com/en/news-and-stories-detail/-/detail/knowledge-the-basis-of-protection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_penquin.yar#L2-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_penquin.yar#L2-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1e07963c492f1e6264f01ee292e40b188ca325b76005d9d48e6dc198cb9bdcf4"
 		score = 75
 		quality = 85
@@ -279908,8 +280472,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Turla_Apr202004_1_Opcode : FILE
 		date = "2020-04-24"
 		modified = "2023-12-05"
 		reference = "https://www.leonardocompany.com/en/news-and-stories-detail/-/detail/knowledge-the-basis-of-protection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_penquin.yar#L35-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_penquin.yar#L35-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "19524e6ec3b0d49ff9c85ce361ef1922b92e4f7876ddb7d6c9b209b5357080e3"
 		score = 75
 		quality = 85
@@ -279946,8 +280510,8 @@ rule SIGNATURE_BASE_Blackenergy3_Installer
 		date = "2015-05-29"
 		modified = "2023-12-05"
 		reference = "https://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_blackenergy_installer.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_blackenergy_installer.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "78387651dd9608fcdf6bfb9df8b84db4"
 		hash = "78636f7bbd52ea80d79b4e2a7882403092bbb02d"
 		logic_hash = "c4c562124427fd394b56e48f16f2d262c8a717fc750b955b2b2a35acb478d5e7"
@@ -279970,8 +280534,8 @@ rule SIGNATURE_BASE_Fourelementsword_Config_File
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_four_element_sword.yar#L11-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_four_element_sword.yar#L11-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f05cd0353817bf6c2cab396181464c31c352d6dea07e2d688def261dd6542b27"
 		logic_hash = "680e50998093e63a4e3c7d5338ac149efef83cdb41ceb4ce0245e8bd2ab99b84"
 		score = 75
@@ -279998,8 +280562,8 @@ rule SIGNATURE_BASE_Fourelementsword_T9000 : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_four_element_sword.yar#L30-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_four_element_sword.yar#L30-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5f3d0a319ecc875cc64a40a34d2283cb329abcf79ad02f487fbfd6bef153943c"
 		logic_hash = "1c7b063cbe9d44a9d194a180570f8313460f61560ac2cda5d66e048934170faa"
 		score = 75
@@ -280027,8 +280591,8 @@ rule SIGNATURE_BASE_Fourelementsword_32DLL : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_four_element_sword.yar#L51-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_four_element_sword.yar#L51-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7a200c4df99887991c638fe625d07a4a3fc2bdc887112437752b3df5c8da79b6"
 		logic_hash = "b44870975f126b8603db04b97b748f7a5a75675ffe57037f613c11d6048200b1"
 		score = 75
@@ -280054,8 +280618,8 @@ rule SIGNATURE_BASE_Fourelementsword_Keyainst_EXE : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_four_element_sword.yar#L70-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_four_element_sword.yar#L70-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cf717a646a015ee72f965488f8df2dd3c36c4714ccc755c295645fe8d150d082"
 		logic_hash = "1491de3241a81cce4d80d6dc23886f1d8bf316112c48652a8138aa4cbadbb174"
 		score = 75
@@ -280081,8 +280645,8 @@ rule SIGNATURE_BASE_Fourelementsword_Elevatedll_2 : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_four_element_sword.yar#L89-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_four_element_sword.yar#L89-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9c23febc49c7b17387767844356d38d5578727ee1150956164883cf555fe7f95"
 		logic_hash = "d5fcb2bacfa0a1f78bfbd3fa7ba3084da9a60f1b8b7880c83d8f225312c179b4"
 		score = 75
@@ -280107,8 +280671,8 @@ rule SIGNATURE_BASE_Fourelementsword_Fslapi_Dll_Gui : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_four_element_sword.yar#L106-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_four_element_sword.yar#L106-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2a6ef9dde178c4afe32fe676ff864162f104d85fac2439986de32366625dc083"
 		logic_hash = "909b187f864a240268d0ffcef904b85cd1eaad97dd3a3a808aad58968fbb76c2"
 		score = 75
@@ -280133,8 +280697,8 @@ rule SIGNATURE_BASE_Fourelementsword_Powershell_Start
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_four_element_sword.yar#L123-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_four_element_sword.yar#L123-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9b6053e784c5762fdb9931f9064ba6e52c26c2d4b09efd6ff13ca87bbb33c692"
 		logic_hash = "7b1986845d97dcd11c8baddb0b49350ad30c6fff98840275befef4ad0b906b54"
 		score = 75
@@ -280158,8 +280722,8 @@ rule SIGNATURE_BASE_Fourelementsword_Resn32Dll
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_four_element_sword.yar#L139-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_four_element_sword.yar#L139-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bf1b00b7430899d33795ef3405142e880ef8dcbda8aab0b19d80875a14ed852f"
 		logic_hash = "9658ae3d1267993551cfb939f75f3d78de18cbeb2f524c2576b849103f3cacdc"
 		score = 75
@@ -280184,8 +280748,8 @@ rule SIGNATURE_BASE_Fourelementsword_Elevatedll : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_four_element_sword.yar#L158-L179"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_four_element_sword.yar#L158-L179"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d110bae02f00d14c5a71ecf5991e9fc38b29d8056d1e551dc36376875d2e1333"
 		score = 75
 		quality = 85
@@ -280214,8 +280778,8 @@ rule SIGNATURE_BASE_Trojan_Win32_Adupib_1 : PLATINUM
 		date = "2016-04-12"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ms_platinum.yara#L101-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ms_platinum.yara#L101-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d3ad0933e1b114b14c2b3a2c59d7f8a95ea0bcbd"
 		logic_hash = "4d93b6a041468b51763d9497acf3d01ee59ac05f1807a6b140c557ef96d26df9"
 		score = 75
@@ -280244,8 +280808,8 @@ rule SIGNATURE_BASE_MAL_Sophos_XG_Pygmy_Goat_AES_Key : FILE
 		date = "2024-10-22"
 		modified = "2024-12-12"
 		reference = "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_sophos_pygmy_nov24.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_sophos_pygmy_nov24.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "da6c5d7a03eab01ddbb460cbdd16622839b3a52cfa4e91f169d3d477c60cfed4"
 		score = 75
 		quality = 69
@@ -280274,8 +280838,8 @@ rule SIGNATURE_BASE_MAL_Sophos_XG_Pygmy_Goat_Magic_Strings : FILE
 		date = "2024-10-22"
 		modified = "2024-12-12"
 		reference = "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_sophos_pygmy_nov24.yar#L26-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_sophos_pygmy_nov24.yar#L26-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "df40e818002a72ee649dd2bb79cb59938dc108690cce03c99a72fc036406c4b2"
 		score = 75
 		quality = 85
@@ -280302,8 +280866,8 @@ rule SIGNATURE_BASE_MAL_Earthworm_Socks_Proxy_ID_Generation : FILE
 		date = "2024-10-22"
 		modified = "2024-12-12"
 		reference = "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_sophos_pygmy_nov24.yar#L46-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_sophos_pygmy_nov24.yar#L46-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6837cba2637ed02d1d620c037b200d528c09a39498c1e320873a3a244e67932c"
 		score = 75
 		quality = 85
@@ -280337,8 +280901,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Sharepoint_CVE_2023_29357_Sep23_1 : CVE_2023_29357
 		date = "2023-09-28"
 		modified = "2023-10-01"
 		reference = "https://twitter.com/Gi7w0rm/status/1706764212704591953?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_sharepoint_cve_2023_29357.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_sharepoint_cve_2023_29357.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "03e3a4715c8683dc8d03ad6720c1c9b40482bd0bfa3020aa1152565ec9ec929f"
 		score = 70
 		quality = 60
@@ -280359,8 +280923,8 @@ rule SIGNATURE_BASE_HKTL_EXPL_POC_PY_Sharepoint_CVE_2023_29357_Sep23_1 : CVE_202
 		date = "2023-10-01"
 		modified = "2023-10-01"
 		reference = "https://github.com/Chocapikk/CVE-2023-29357"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_sharepoint_cve_2023_29357.yar#L22-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_sharepoint_cve_2023_29357.yar#L22-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fec7762ab23ba5ee9e793000d080b1d64b93157c6ead9e6939ccfb3c168dd360"
 		score = 80
 		quality = 85
@@ -280381,8 +280945,8 @@ rule SIGNATURE_BASE_HKTL_EXPL_POC_NET_Sharepoint_CVE_2023_29357_Sep23_1 : CVE_20
 		date = "2023-10-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/LuemmelSec/CVE-2023-29357"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_sharepoint_cve_2023_29357.yar#L37-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_sharepoint_cve_2023_29357.yar#L37-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cf621cc9c5074f531df61623b09db68478e94ae6a9a7acc26aa8d9dde79bd30c"
 		score = 80
 		quality = 85
@@ -280410,8 +280974,8 @@ rule SIGNATURE_BASE_APT_Equation_Group_Op_Triangulation_Triangledb_Implant_Jun23
 		date = "2023-06-21"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/triangledb-triangulation-implant/110050/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_triangulation_jun23.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_triangulation_jun23.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "486b19ddb8b182dbba882359f7eb416735e76f9cda5aea1b290fb5c6b44960c5"
 		score = 80
 		quality = 85
@@ -280435,8 +280999,8 @@ rule SIGNATURE_BASE_Malware_Floxif_Mpsvc_Dll : HIGHVOL FILE
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_floxif.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_floxif.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e51258558dfd9a2c65589100a224492f4582067484c99d405b2d432a48cc6ed8"
 		score = 75
 		quality = 85
@@ -280461,8 +281025,8 @@ rule SIGNATURE_BASE_Gen_Unicorn_Obfuscated_Powershell : FILE
 		date = "2018-04-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/trustedsec/unicorn/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_unicorn_obfuscated_powershell.yar#L1-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_unicorn_obfuscated_powershell.yar#L1-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b93d2fe6a671a6a967f31d5b3a0a16d4f93abcaf25188a2bbdc0894087adb10d"
 		logic_hash = "cb0044d5ee146213c96161d52880ce6c20d5884d57620c73f359673d4ae4b76b"
 		score = 75
@@ -280489,8 +281053,8 @@ rule SIGNATURE_BASE_VULN_PUA_GIGABYTE_Driver_Jul22_1 : FILE
 		date = "2022-07-25"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/malmoeb/status/1551449425842786306"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_gigabyte_driver.yar#L2-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_gigabyte_driver.yar#L2-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8aeae559b52b8e01ceab8caba24653b949b3bec694a14b36c819b0a7c9f8b7c6"
 		score = 65
 		quality = 85
@@ -280523,8 +281087,8 @@ rule SIGNATURE_BASE_Minidionis_Readerview : FILE
 		date = "2015-07-20"
 		modified = "2023-12-05"
 		reference = "http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_minidionis.yar#L10-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_minidionis.yar#L10-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "45ae1be675f2b7b3d89aea2bde66f9f96b55b6fbf81e3783c209c7d6d4355026"
 		score = 75
 		quality = 85
@@ -280556,8 +281120,8 @@ rule SIGNATURE_BASE_Malicious_SFX1 : FILE
 		date = "2015-07-20"
 		modified = "2023-12-05"
 		reference = "http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_minidionis.yar#L39-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_minidionis.yar#L39-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c0675b84f5960e95962d299d4c41511bbf6f8f5f5585bdacd1ae567e904cb92f"
 		logic_hash = "fd7b4c504a52e68fe87eeb9f7066c61ddc47257ac9324a60d219c022d3affbbf"
 		score = 75
@@ -280581,8 +281145,8 @@ rule SIGNATURE_BASE_Malicious_SFX2 : FILE
 		date = "2015-07-20"
 		modified = "2023-12-05"
 		reference = "http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_minidionis.yar#L55-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_minidionis.yar#L55-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "502e42dc99873c52c3ca11dd3df25aad40d2b083069e8c22dd45da887f81d14d"
 		logic_hash = "a2ed7660604ff3c9f2d0dbb454f5d168cd61d1d5e647b5c74fe24f25ebb3dbfd"
 		score = 75
@@ -280607,8 +281171,8 @@ rule SIGNATURE_BASE_Minidionis_VBS_Dropped : FILE
 		date = "2015-07-21"
 		modified = "2023-12-05"
 		reference = "https://malwr.com/analysis/ZDc4ZmIyZDI4MTVjNGY5NWI0YzE3YjIzNGFjZTcyYTY/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_minidionis.yar#L72-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_minidionis.yar#L72-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "97dd1ee3aca815eb655a5de9e9e8945e7ba57f458019be6e1b9acb5731fa6646"
 		logic_hash = "a24fe4cdff6dd7951af10710eb63ab1fd90ab0e43bbce4388d6687abac206da5"
 		score = 75
@@ -280635,8 +281199,8 @@ rule SIGNATURE_BASE_MAL_WIN_Akira_Apr25 : FILE
 		date = "2025-04-11"
 		modified = "2025-04-16"
 		reference = "https://ish.com.br/wp-content/uploads/2025/04/A-Anatomia-do-Ransomware-Akira-e-sua-expansao-multiplataforma.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_win_akira_apr25.yar#L1-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_win_akira_apr25.yar#L1-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "205589629ead5d3c1d9e914b49c08589"
 		logic_hash = "112f844dff4c48d861f86736503da51e8fbc58805f463df1f9358781034f2e24"
 		score = 90
@@ -280667,8 +281231,8 @@ rule SIGNATURE_BASE_Mimikatz_Kirbi_Ticket : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_kirbi_mimkatz.yar#L10-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_kirbi_mimkatz.yar#L10-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2a62c24954d64346e419985ef5bf2b357b2aee41ac6b33d379dbd65cf5c9f92b"
 		score = 75
 		quality = 85
@@ -280690,8 +281254,8 @@ rule SIGNATURE_BASE_APT_MAL_Fujinama : FILE
 		date = "2021-01-07"
 		modified = "2023-12-05"
 		reference = "https://reaqta.com/2021/01/fujinama-analysis-leonardo-spa"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fujinama_rat.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fujinama_rat.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9bff8ee5424a939b5278b2d1b349d898d138b9efb3cf783221826abb4d8015ef"
 		score = 75
 		quality = 51
@@ -280722,8 +281286,8 @@ rule SIGNATURE_BASE_Exp_EPS_CVE20152545 : CVE_2015_2545 FILE
 		date = "2017-07-19"
 		modified = "2023-12-05"
 		reference = "Internal Research - ME"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2015_2545.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2015_2545.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e1aac80a06dd71352d2776b4dfccce901d47363459853a37669af69be6e962c7"
 		score = 70
 		quality = 85
@@ -280746,8 +281310,8 @@ rule SIGNATURE_BASE_TA17_318A_Rc4_Stack_Key_Fallchill : FILE
 		date = "2017-11-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-318B"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_318A.yar#L10-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_318A.yar#L10-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f284cb492ff5242d7bf577580fd95723ef7d3f109c7217a26bbefbbff7150255"
 		score = 75
 		quality = 85
@@ -280768,8 +281332,8 @@ rule SIGNATURE_BASE_TA17_318A_Success_Fail_Codes_Fallchill : FILE
 		date = "2017-11-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-318B"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_318A.yar#L23-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_318A.yar#L23-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "73f6b36554d83f7708e9468602e529c4865269d362ebeebf6b355ccf7c2a8686"
 		score = 75
 		quality = 85
@@ -280794,8 +281358,8 @@ rule SIGNATURE_BASE_Hiddencobra_Fallchill_1 : FILE
 		date = "2017-11-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-318A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_318A.yar#L51-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_318A.yar#L51-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8e6215a81272ea457318dd83eff9e1902c5e1d1a124ff674b145f2dc5e4a3711"
 		score = 75
 		quality = 85
@@ -280827,8 +281391,8 @@ rule SIGNATURE_BASE_Hiddencobra_Fallchill_2 : FILE
 		date = "2017-11-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-318A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_318A.yar#L79-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_318A.yar#L79-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ab421bea251ed3fda4304cd180e5c31f7ae55d3d8b26d6cf5f1cf11bacee9b8d"
 		score = 75
 		quality = 85
@@ -280853,8 +281417,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Backdoorlogger
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L3-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L3-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c7716b21e85d7e9fb1e1503071c6cd7dc2f4713051e0b03013e3d123a0d800a6"
 		score = 70
 		quality = 85
@@ -280876,8 +281440,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Jasus
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L19-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L19-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7d6cd7f0f264a0bfdc6af422baa1a0e257cb8f4c39a2cb27a1edaf70201e8564"
 		score = 70
 		quality = 85
@@ -280900,8 +281464,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Loggermodule
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L36-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L36-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dd937bc3fc7054874a3c61bbef859dd8a8ec37872a30be6d3e1776957f98db80"
 		score = 70
 		quality = 85
@@ -280923,8 +281487,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Netc
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L52-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L52-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7da739c33da91f07e9e35ceab88a37477372998b4cf4b692b8d26cd1a4d936de"
 		score = 70
 		quality = 85
@@ -280946,8 +281510,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Shellcreator2
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L68-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L68-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5422cf4e4809c1183c3c9870d9a5ddcf806082d8cae81a014255f5f18576101d"
 		score = 70
 		quality = 85
@@ -280969,8 +281533,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Smartcopy2
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L84-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L84-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5b83588fa80558cd387511d38e9d1c51c488216b9cd27e848d8bdc59cd8ce348"
 		score = 70
 		quality = 85
@@ -280992,8 +281556,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Synflooder
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L100-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L100-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b5349931c4eb5733f9bf05e7cfac6a434063a01d802665f70384cb29d9ae2a3d"
 		score = 70
 		quality = 85
@@ -281016,8 +281580,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Tinyzbot
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L117-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L117-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fdc41fbec71602e13105a03a4f44319a139018bda00e87e8f4d9b5e2f6269c14"
 		score = 70
 		quality = 85
@@ -281046,8 +281610,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Zhoupinexploitcrew
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L140-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L140-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1541f1ebc026d3eaf9b62150085415d12523ee1395fb8cf7ade8608a1b0a11b6"
 		score = 70
 		quality = 85
@@ -281069,8 +281633,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Antivirusdetector
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L156-L171"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L156-L171"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9a8c2bbd27efab4c5579ea143abbd2f71c477dfd0ddbfb1741359e4d34140d9b"
 		score = 70
 		quality = 85
@@ -281093,8 +281657,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Csext
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L173-L188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L173-L188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b4d070b71b685608ab84e757d01293749f2c017a6cd5b6ade6591264adc9836b"
 		score = 70
 		quality = 85
@@ -281117,8 +281681,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Kagent
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L190-L204"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L190-L204"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bd72ade7d40db830dc980def5107261f9cb41b713f9a0a1b2f41f7658b31653e"
 		score = 70
 		quality = 85
@@ -281140,8 +281704,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Mimikatzwrapper
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L206-L220"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L206-L220"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c643e248a9d8dd653ec99f8b59cdc7af945857a6a0321f93cc6983e85f84baba"
 		score = 70
 		quality = 85
@@ -281163,8 +281727,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Pvz_In
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L222-L236"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L222-L236"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eae778162be5dcfa0005bb237c5209e7103db3549e06706744f9ebdf04e192df"
 		score = 70
 		quality = 85
@@ -281186,8 +281750,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Pvz_Out
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L238-L252"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L238-L252"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "849300c32d2df42a011386903495d271810fd8a40c76d1a0c6295c059deb3a05"
 		score = 70
 		quality = 85
@@ -281209,8 +281773,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Wndtest
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L254-L269"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L254-L269"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3b29c2b92b816bd0559695cb6b0b6e050ca8c5e256ec92448535fe9edf20757f"
 		score = 70
 		quality = 85
@@ -281233,8 +281797,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Zhcat
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L271-L285"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L271-L285"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ef5112532ba62cb2cf6a1c62b344d9146c5b8e2da50990c8cfd60d91b99bcb5e"
 		score = 70
 		quality = 85
@@ -281256,8 +281820,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Zhlookup
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L287-L300"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L287-L300"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9cc476e016708fd1604a63e2391057dc9dd0865448b62742ec596d6de54bf8f6"
 		score = 70
 		quality = 85
@@ -281278,8 +281842,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Zhmimikatz
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L302-L316"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L302-L316"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1d6ce5b3351d4b01abe0c2f614d002d4e96599b4bfa01138704a3fdf345d0786"
 		score = 70
 		quality = 85
@@ -281301,8 +281865,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Parviz_Developer
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L318-L332"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L318-L332"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6ae043ee5baa7361def79811350317baf54eb76cf15001a7785808dc7947fddc"
 		score = 70
 		quality = 85
@@ -281324,8 +281888,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Ccproxy_Config
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_cleaver.yar#L334-L352"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_cleaver.yar#L334-L352"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6e5c1c75a499434ad6ddd2439d28ac91d500b18418e693761d0b236bf6d6ce42"
 		score = 70
 		quality = 85
@@ -281351,8 +281915,8 @@ rule SIGNATURE_BASE_Apt_Equation_Exploitlib_Mutexes : FILE
 		date = "2016-02-15"
 		modified = "2023-01-27"
 		reference = "http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L3-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L3-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4414dd4ca16d08b8edad26842640960ace434cdde769766fb1c38a1a249565fd"
 		score = 75
 		quality = 85
@@ -281378,8 +281942,8 @@ rule SIGNATURE_BASE_Apt_Equation_Equationlaser_Runtimeclasses
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L40-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L40-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "663ea56f869f7099a92658df5bddd76d4e5ba8ac5dfc693733579682b9eee860"
 		score = 75
 		quality = 85
@@ -281406,8 +281970,8 @@ rule SIGNATURE_BASE_Apt_Equation_Cryptotable
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L59-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L59-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e660fe423330334a1e3167d6a45e5ce2469fec276838618a7cb0340ec8172275"
 		score = 75
 		quality = 85
@@ -281429,8 +281993,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Triplefantasy_1 : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L75-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L75-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b2b2cd9ca6f5864ef2ac6382b7b6374a9fb2cbe9"
 		logic_hash = "cfa3c1756c8dfb04e0a1590f76cad6d5b3878000d220c263d199322cf6a4f58a"
 		score = 75
@@ -281466,8 +282030,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Doublefantasy_1 : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L109-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L109-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d09b4b6d3244ac382049736ca98d7de0c6787fa2"
 		logic_hash = "4471601300616b5442de95a3eb23c28563206f3423b57fe81007d005203a439f"
 		score = 75
@@ -281500,8 +282064,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_GROK_Keylogger : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L140-L172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L140-L172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "50b8f125ed33233a545a1aac3c9d4bb6aa34b48f"
 		logic_hash = "502afd23b92e948a8fba33ccc4da2f4b1ec91bce5a24d153ffc545129fd8c9fa"
 		score = 75
@@ -281536,8 +282100,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Greyfishinstaller
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L174-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L174-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "58d15d1581f32f36542f3e9fb4b1fc84d2a6ba35"
 		logic_hash = "dae6963f3210503c6c86c818a9cd6f309ba7876f14ca42966097023d474a2366"
 		score = 75
@@ -281562,8 +282126,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Equationdruginstaller : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L191-L213"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L191-L213"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "61fab1b8451275c7fd580895d9c68e152ff46417"
 		logic_hash = "815ed47a53bbc5f6c3fec3464336863028e804bde4681526ecac5de0cfff21b4"
 		score = 75
@@ -281594,8 +282158,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Equationlaserinstaller : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L215-L236"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L215-L236"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5e1f56c1e57fbff96d4999db1fd6dd0f7d8221df"
 		logic_hash = "6f8ba26f5efaa7ec422171862e1b645472387395f0be3a4625d58de5f0584c0b"
 		score = 80
@@ -281624,8 +282188,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Fannyworm : FILE
 		date = "2015-02-16"
 		modified = "2023-01-06"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L238-L277"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L238-L277"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1f0ae54ac3f10d533013f74f48849de4e65817a7"
 		logic_hash = "57e938ba1e53eeb99491547f53086eae3fc4d50bc5612e1b5ae6da6b029ac49e"
 		score = 80
@@ -281665,8 +282229,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_HDD_Reprogramming_Module : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L279-L297"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L279-L297"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ff2b50f371eb26f22eb8a2118e9ab0e015081500"
 		logic_hash = "65800e5f122dce1dd4473bc8cebce0f9258b38d570118b154dbaf6939b68f925"
 		score = 75
@@ -281693,8 +282257,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_EOP_Package : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L299-L318"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L299-L318"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2bd1b1f5b4384ce802d5d32d8c8fd3d1dc04b962"
 		logic_hash = "abbc562b8e822422ae1852a5675a680e797a6af0be5581a8482785bd0c1ad1bf"
 		score = 75
@@ -281723,8 +282287,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Triplefantasy_Loader : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L320-L342"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L320-L342"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4ce6e77a11b443cc7cbe439b71bf39a39d3d7fa3"
 		logic_hash = "f49735a587085e95f1a8e405e42e5ff3eb4beda1f26c7b4c3c0a33bec21f48c7"
 		score = 75
@@ -281755,8 +282319,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Suspiciousstring : FILE
 		date = "2015-02-17"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L346-L364"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L346-L364"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dd7f72c2263a3af9b8c9072b415a3b066e821e000b52ddd684ecb6b80a99067a"
 		score = 60
 		quality = 85
@@ -281783,8 +282347,8 @@ rule SIGNATURE_BASE_Equationdrug_Networksniffer1
 		date = "2015-03-11"
 		modified = "2023-01-06"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L368-L388"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L368-L388"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "26e787997a338d8111d96c9a4c103cf8ff0201ce"
 		logic_hash = "ec90cba3b790c52f475a08b586f5af5a88ec46cfcf8abd74435981a34dfdb3f7"
 		score = 75
@@ -281813,8 +282377,8 @@ rule SIGNATURE_BASE_Equationdrug_Compatlayer_Unilaydll : FILE
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L390-L402"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L390-L402"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a3a31937956f161beba8acac35b96cb74241cd0f"
 		logic_hash = "86434bd0456ea0c9ac9ed74dc3cf63520eb6b880dd4ea7920d0e82873dfec21e"
 		score = 75
@@ -281836,8 +282400,8 @@ rule SIGNATURE_BASE_Equationdrug_Networksniffer2
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L419-L438"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L419-L438"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7e3cd36875c0e5ccb076eb74855d627ae8d4627f"
 		logic_hash = "d29744a801194e5488795a8167965b94290be477efe478ee3e71c4bc98733967"
 		score = 75
@@ -281866,8 +282430,8 @@ rule SIGNATURE_BASE_Equationdrug_Networksniffer3
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L440-L455"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L440-L455"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "14599516381a9646cd978cf962c4f92386371040"
 		logic_hash = "18c516fe0cd74e7a02ee15260abf3d27bba992492e6042a148abdee3086a9a00"
 		score = 75
@@ -281892,8 +282456,8 @@ rule SIGNATURE_BASE_Equationdrug_Volrec_Driver
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L457-L471"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L457-L471"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ee2b504ad502dc3fed62d6483d93d9b1221cdd6c"
 		logic_hash = "24b8202a8590ddb1dd76e01499d02282ad40a6fd6f6b9020040381a370e91f40"
 		score = 75
@@ -281917,8 +282481,8 @@ rule SIGNATURE_BASE_Equationdrug_Kernelrootkit
 		date = "2015-03-11"
 		modified = "2023-01-06"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L473-L493"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L473-L493"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "597715224249e9fb77dc733b2e4d507f0cc41af6"
 		logic_hash = "4b41af8656ada1b4db7ec11f65aeb2d335f424d8557cfa74a064b40c65627012"
 		score = 75
@@ -281947,8 +282511,8 @@ rule SIGNATURE_BASE_Equationdrug_Keylogger
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L495-L510"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L495-L510"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b93aa17b19575a6e4962d224c5801fb78e9a7bb5"
 		logic_hash = "b5db0e6e24979b07cd180fed11545daef281e7b0858a7de001a83c2cbc186557"
 		score = 75
@@ -281973,8 +282537,8 @@ rule SIGNATURE_BASE_Equationdrug_Platformorchestrator
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L538-L555"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L538-L555"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "febc4f30786db7804008dc9bc1cebdc26993e240"
 		logic_hash = "26c3b84a00702f155daa50c8f17e5f37e1aac46adde8a06a711e732a4cd806e9"
 		score = 75
@@ -282001,8 +282565,8 @@ rule SIGNATURE_BASE_Equationdrug_Networksniffer5
 		date = "2015-03-11"
 		modified = "2023-01-06"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L557-L575"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L557-L575"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "09399b9bd600d4516db37307a457bc55eedcbd17"
 		logic_hash = "84f009e2ef639e5270273a7d9dd2542fdf1386c4c8363071d711e2333a112cd1"
 		score = 75
@@ -282029,8 +282593,8 @@ rule SIGNATURE_BASE_Equationdrug_Filesystem_Filter
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L577-L591"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L577-L591"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "57fa4a1abbf39f4899ea76543ebd3688dcc11e13"
 		logic_hash = "5da0c279da1b84a41e7d15df3c19cd50af1872156f133de0a367b9140425aa11"
 		score = 75
@@ -282054,8 +282618,8 @@ rule SIGNATURE_BASE_Apt_Equation_Keyword : FILE
 		date = "2015-09-26"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_equation_fiveeyes.yar#L593-L604"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_equation_fiveeyes.yar#L593-L604"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d9a2b31d078eabbc930e9ec06e5ead5a6cda4eebf1c0ebe8164caf75a9d3cba6"
 		score = 75
 		quality = 85
@@ -282077,8 +282641,8 @@ rule SIGNATURE_BASE_Derusbi_Kernel : FILE
 		date = "2015-12-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_derusbi.yar#L9-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_derusbi.yar#L9-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d5a0ce0b0116c3a84d52c22369dbf3cb9cf3ad8f8a05cea5565ba9bb99255fab"
 		score = 75
 		quality = 85
@@ -282101,8 +282665,8 @@ rule SIGNATURE_BASE_Derusbi_Linux : FILE
 		date = "2015-12-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_derusbi.yar#L24-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_derusbi.yar#L24-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "68d5af17b33d1aa0388516e5d2a1ad29c22dc04451e232dfbdf1ef0714baeb10"
 		score = 75
 		quality = 85
@@ -282127,8 +282691,8 @@ rule SIGNATURE_BASE_Derusbi_Kernel_Driver_WD_UDFS : FILE
 		date = "2015-12-15"
 		modified = "2023-12-05"
 		reference = "http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_derusbi.yar#L48-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_derusbi.yar#L48-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bea8dafbef01ca8cf747a1f24804c0fb7868db09ce8091ff93c9c5d67d95ca3e"
 		score = 80
 		quality = 85
@@ -282164,8 +282728,8 @@ rule SIGNATURE_BASE_Derusbi_Code_Signing_Cert : FILE
 		date = "2015-12-15"
 		modified = "2023-12-05"
 		reference = "http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_derusbi.yar#L81-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_derusbi.yar#L81-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dae976a4896a4f6b6a1b415582db84f3da5aac03bf4079f75e11c790dcf23900"
 		score = 60
 		quality = 85
@@ -282189,8 +282753,8 @@ rule SIGNATURE_BASE_XOR_4Byte_Key : FILE
 		date = "2015-12-15"
 		modified = "2023-12-05"
 		reference = "http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_derusbi.yar#L98-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_derusbi.yar#L98-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "61cbdac3fd9a486d85261234698f33aa04d505b32dfec731de6fc61d103bf609"
 		score = 60
 		quality = 85
@@ -282212,8 +282776,8 @@ rule SIGNATURE_BASE_Derusbi_Backdoor_Mar17_1 : FILE
 		date = "2017-03-03"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_derusbi.yar#L123-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_derusbi.yar#L123-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "068a8d5c7378c6cf9d0369374550cd34b54e9f913aa7512a6beb46395fc15b19"
 		score = 75
 		quality = 85
@@ -282243,8 +282807,8 @@ rule SIGNATURE_BASE_Generic_Dropper : FILE
 		date = "2018-03-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JAHZVL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_dropper_pdb.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_dropper_pdb.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e4ef83796d232edf34a6339e00db486612a88ff2d054f1afcd524def2e53b3b7"
 		score = 75
 		quality = 85
@@ -282269,8 +282833,8 @@ rule SIGNATURE_BASE_EQGRP_Noclient_3_0_5 : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L12-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L12-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "51a6bf03c8d034942bf02fae2bea52436f53b4d437006b1dbe9c0c67387fe17a"
 		score = 75
 		quality = 85
@@ -282296,8 +282860,8 @@ rule SIGNATURE_BASE_EQGRP_Installdate : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L31-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L31-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "363a9c92c4d2560ba6dd0ec41acf136dff4346f20d54f971d319ed2aa531fe31"
 		score = 75
 		quality = 85
@@ -282324,8 +282888,8 @@ rule SIGNATURE_BASE_EQGRP_Teflondoor : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L52-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L52-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "38be3cfa638509d539bf4ada3b5c7e44e01ee4cfb74a53a76cd2f4287c5a56f5"
 		score = 75
 		quality = 85
@@ -282354,8 +282918,8 @@ rule SIGNATURE_BASE_EQGRP_Durablenapkin_Solaris_2_0_1 : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L75-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L75-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "113f9451d6792511baa168957c643de02f37826b32944ef882f49b68496ec596"
 		score = 75
 		quality = 85
@@ -282381,8 +282945,8 @@ rule SIGNATURE_BASE_EQGRP_Teflonhandle : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L94-L111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L94-L111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7dfa713b763c983219f008405e1ebf3dfe386672f2d4e5fb54b2b362023ae08a"
 		score = 75
 		quality = 85
@@ -282408,8 +282972,8 @@ rule SIGNATURE_BASE_EQGRP_False : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L113-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L113-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a1938bc7a5a7a1bb382c2bab976013a1adedc045e0312daabe1bdcdd65d0c606"
 		score = 75
 		quality = 85
@@ -282439,8 +283003,8 @@ rule SIGNATURE_BASE_EQGRP_Dn_1_0_2_1 : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L136-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L136-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9b6420401419b280f01f7fc73412386a19e94a57e589a043b231b6a721585c99"
 		score = 75
 		quality = 85
@@ -282465,8 +283029,8 @@ rule SIGNATURE_BASE_EQGRP_Morel : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L154-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L154-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "463d628bb19e27e94dcccc4c7d435d86111d51aa9f77c5ca1a199d9aaa9017ba"
 		score = 75
 		quality = 85
@@ -282491,8 +283055,8 @@ rule SIGNATURE_BASE_EQGRP_Bc_Parser : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L172-L187"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L172-L187"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e8911acc1173e1149fd11dd795b72ba26bc654cbc7f9d95053ce420663fcafe9"
 		score = 75
 		quality = 85
@@ -282516,8 +283080,8 @@ rule SIGNATURE_BASE_EQGRP_1212 : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L189-L207"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L189-L207"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1be7ed8fdfaecc6e55c4d1e75cf841f4620df3d2abe6aed2761aed20c42f70bd"
 		score = 75
 		quality = 85
@@ -282544,8 +283108,8 @@ rule SIGNATURE_BASE_EQGRP_1212_Dehex : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L209-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L209-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "74d1b0e820696cd5507996996bead50d283e83095bc7288a6e8e484738b6348b"
 		score = 75
 		quality = 85
@@ -282571,8 +283135,8 @@ rule SIGNATURE_BASE_Install_Get_Persistent_Filenames : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L237-L250"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L237-L250"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "be07e3e3e96dd4676a76b32eb8fc47b2ab1f66ebbd6c2a3f1c88fc224f9f39ef"
 		score = 75
 		quality = 85
@@ -282595,8 +283159,8 @@ rule SIGNATURE_BASE_EQGRP_Create_Dns_Injection
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L252-L266"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L252-L266"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a07cb33c459208410b326fc260e96e617385ee4eac905a92d9542cb5ec73713e"
 		score = 75
 		quality = 85
@@ -282620,8 +283184,8 @@ rule SIGNATURE_BASE_EQGRP_Screamingplow
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L268-L282"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L268-L282"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "429ff81b6079785cc45d81b5ebf8bccd49f30484ca692017b0b66484463606d4"
 		score = 75
 		quality = 85
@@ -282645,8 +283209,8 @@ rule SIGNATURE_BASE_EQGRP_Mixtext
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L284-L297"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L284-L297"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cae2437124ad6e69b04a1338b651e33c7358b7fedd0613f3fa1025cf980e14ab"
 		score = 75
 		quality = 85
@@ -282669,8 +283233,8 @@ rule SIGNATURE_BASE_EQGRP_Tunnel_State_Reader
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L299-L313"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L299-L313"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d0653650aad10e7ff69b7ef1e61fac64310c63cc68c6d924655f082925e4fd04"
 		score = 75
 		quality = 85
@@ -282694,8 +283258,8 @@ rule SIGNATURE_BASE_EQGRP_Payload
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L315-L329"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L315-L329"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "22e2a4809f6646437ab0824238fec791f3760ac305f9c818089797b011425b3d"
 		score = 75
 		quality = 85
@@ -282719,8 +283283,8 @@ rule SIGNATURE_BASE_EQGRP_Eligiblecandidate
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L331-L348"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L331-L348"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e7e1b206f9c51ffe0ab016a93d551a9ede8f87adfc38fe70278be8c2f0fe0696"
 		score = 75
 		quality = 85
@@ -282746,8 +283310,8 @@ rule SIGNATURE_BASE_EQGRP_BUSURPER_2211_724
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L350-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L350-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "834180ef512882cc3b22e79a6bda349678eb5042a3356a50c47eeb36ae453427"
 		score = 75
 		quality = 83
@@ -282774,8 +283338,8 @@ rule SIGNATURE_BASE_EQGRP_Networkprofiler_Orderscans
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L369-L383"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L369-L383"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0cdf4f3d8f668ce5d5aab652c83cb4d2a9acc3471ff720448d021707b34402ef"
 		score = 75
 		quality = 85
@@ -282799,8 +283363,8 @@ rule SIGNATURE_BASE_EQGRP_Epicbanana_2_1_0_1
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L385-L399"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L385-L399"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "be0b180e0dfdda35725ac6d9c35752a0b56bdbdaf985b6932c7d2ff342d4cde3"
 		score = 75
 		quality = 85
@@ -282824,8 +283388,8 @@ rule SIGNATURE_BASE_EQGRP_Sniffer_Xml2Pcap
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L401-L415"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L401-L415"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c3aa9f42edbca32725f8c02023e3b9644162a001ded099513d12f94d70dd4c8"
 		score = 75
 		quality = 85
@@ -282849,8 +283413,8 @@ rule SIGNATURE_BASE_EQGRP_Bananaaid
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L417-L433"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L417-L433"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2ae52529547866dcfe66fffb3f5b37eba89844b7675129c66636ebef01b0f49a"
 		score = 75
 		quality = 85
@@ -282876,8 +283440,8 @@ rule SIGNATURE_BASE_EQGRP_Bo : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L435-L452"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L435-L452"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "48c2d3f13283d2a1b7e1010c724f1e68e6002dd9a9779025dfc3a4952bec95bc"
 		score = 75
 		quality = 85
@@ -282904,8 +283468,8 @@ rule SIGNATURE_BASE_EQGRP_Seconddate_2211 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L454-L470"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L454-L470"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f51f4cfb3b1c77f03a3627cccfee72e57731b26b01907cc837f246a8f7677580"
 		score = 75
 		quality = 83
@@ -282931,8 +283495,8 @@ rule SIGNATURE_BASE_EQGRP_Config_Jp1_UA
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L472-L488"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L472-L488"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8dd504bd00f72b1500375fbe451f5abb055cb2ff440f6ae4314b1e3d64097b83"
 		score = 75
 		quality = 85
@@ -282958,8 +283522,8 @@ rule SIGNATURE_BASE_EQGRP_Userscript
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L490-L503"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L490-L503"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "718ee434c8ae61e2709df6dd431dbb0a2230085f0132ae82c7ceda4de75248cf"
 		score = 75
 		quality = 85
@@ -282982,8 +283546,8 @@ rule SIGNATURE_BASE_EQGRP_BBALL_M50FW08_2201 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L505-L523"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L505-L523"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dd180203ec4c4ddfa2c46cba672eb94179553637a9f7548b25dee7b88c3d3294"
 		score = 75
 		quality = 83
@@ -283011,8 +283575,8 @@ rule SIGNATURE_BASE_EQGRP_BUSURPER_3001_724 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L525-L540"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L525-L540"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "531f7039290b386f070378cb4ba49a57b5031fb16b3972b61f4fb904770fc4ac"
 		score = 75
 		quality = 85
@@ -283037,8 +283601,8 @@ rule SIGNATURE_BASE_EQGRP_Workit
 		date = "2016-08-16"
 		modified = "2023-01-27"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L542-L566"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L542-L566"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1fa61e8c2012e664fee97ff608bcd8845bbd9701fa02d39d49379f7f83a5636d"
 		score = 75
 		quality = 35
@@ -283071,8 +283635,8 @@ rule SIGNATURE_BASE_EQGRP_Tinyhttp_Setup : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L568-L584"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L568-L584"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0d560206e634f3bfeffe5b7de3edf02f6c76443ffb5c0de37180e63276a19457"
 		score = 75
 		quality = 85
@@ -283098,8 +283662,8 @@ rule SIGNATURE_BASE_EQGRP_Shellcode
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L586-L605"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L586-L605"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "69a04db721a0d17720f9db9386d47309f01d1fc31bd5e833cedb9e1c2eb573ae"
 		score = 75
 		quality = 85
@@ -283126,8 +283690,8 @@ rule SIGNATURE_BASE_EQGRP_EPBA : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L607-L626"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L607-L626"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c483efdcfbb0dd8602a552b519d3aa52fca12549c0ec1660d813a2a1da66c3a6"
 		score = 75
 		quality = 85
@@ -283156,8 +283720,8 @@ rule SIGNATURE_BASE_EQGRP_BPIE : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L628-L648"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L628-L648"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ab13dde40015fba80f55bc9d1b82c94ec2421e9ea263b70ad8ec0a7a74c43c9a"
 		score = 75
 		quality = 83
@@ -283187,8 +283751,8 @@ rule SIGNATURE_BASE_EQGRP_Jetplow_SH
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L650-L666"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L650-L666"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8ae203527c4e41ae169c63521bb08d5199c43dfd1028574a1791ab1f8f198105"
 		score = 75
 		quality = 85
@@ -283214,8 +283778,8 @@ rule SIGNATURE_BASE_EQGRP_BBANJO : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L668-L687"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L668-L687"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8ee2e817732674bf7ff5f396271a2a90da8f401d7ea0f0a3f51c21712adb3ea4"
 		score = 75
 		quality = 83
@@ -283244,8 +283808,8 @@ rule SIGNATURE_BASE_EQGRP_BPATROL_2201 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L689-L706"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L689-L706"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a2e9aa4627924c99dd3a342174855df3f0d545a67fd2293ca5601eeae70ae010"
 		score = 75
 		quality = 83
@@ -283272,8 +283836,8 @@ rule SIGNATURE_BASE_EQGRP_Extrabacon
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L708-L725"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L708-L725"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1a010d5e6324715f8e1bf29e957c365fabd2986fece53aaea23bba8ee59bd808"
 		score = 75
 		quality = 85
@@ -283300,8 +283864,8 @@ rule SIGNATURE_BASE_EQGRP_Sploit_Py
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L727-L742"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L727-L742"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "874eaffcbc191951db39ba6c85e8c80b83b0df8d33136b6cdcdefcb28e596474"
 		score = 75
 		quality = 85
@@ -283326,8 +283890,8 @@ rule SIGNATURE_BASE_EQGRP_Uninstallpbd
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L744-L759"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L744-L759"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "51be8a491a1e228dfc6156a86e9f2ffc923c39d0649bbc031ea1bafe1af22a45"
 		score = 75
 		quality = 85
@@ -283352,8 +283916,8 @@ rule SIGNATURE_BASE_EQGRP_BICECREAM : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L761-L782"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L761-L782"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "adaa6b7d4bf9e6f95fbae781382e72afc07993582473cbee7139a93df0fe3283"
 		score = 75
 		quality = 85
@@ -283384,8 +283948,8 @@ rule SIGNATURE_BASE_EQGRP_Create_Http_Injection : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L784-L802"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L784-L802"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3a2ee46c6fec1b7a501e8c0e2963d4873ede89d192d0f4701d051f782e8ece99"
 		score = 75
 		quality = 85
@@ -283412,8 +283976,8 @@ rule SIGNATURE_BASE_EQGRP_BFLEA_2201 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L804-L823"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L804-L823"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d0fd4d0ffe98856abed685c4b9ff770daba22aa16bd860440874fd94df2d54ea"
 		score = 75
 		quality = 83
@@ -283442,8 +284006,8 @@ rule SIGNATURE_BASE_EQGRP_Bpfcreator_RHEL4 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L825-L842"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L825-L842"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8586425b13355170137d66fe8d52ed98982d7c5699b26a8c0132f107b4af43d8"
 		score = 75
 		quality = 85
@@ -283470,8 +284034,8 @@ rule SIGNATURE_BASE_EQGRP_Storefc
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L844-L859"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L844-L859"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f07c3ef83808852f70fb5cbc4436d531675344ab74f83888cd70d987c3544cce"
 		score = 75
 		quality = 85
@@ -283496,8 +284060,8 @@ rule SIGNATURE_BASE_EQGRP_Hexdump : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L861-L877"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L861-L877"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ed36aa5a69296088bdd1db42e6561377294b7bd99c30104b9d4a618d899d7e9a"
 		score = 75
 		quality = 85
@@ -283523,8 +284087,8 @@ rule SIGNATURE_BASE_EQGRP_BBALL : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L879-L898"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L879-L898"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b02d17a13725b5215c89590abf77f960e79f9fd155c9ea4e9eb903710a7a375e"
 		score = 75
 		quality = 83
@@ -283553,8 +284117,8 @@ rule SIGNATURE_BASE_EQGRP_BARPUNCH_BPICKER : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L902-L921"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L902-L921"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f5d0cc881bedad736a90109933da8dbd32c4435aa255676c68ae3541bbb61e74"
 		score = 75
 		quality = 85
@@ -283583,8 +284147,8 @@ rule SIGNATURE_BASE_EQGRP_Implants_Gen6 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L923-L951"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L923-L951"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9f0aa1994199c8cef543b7602b574726171dd96df159a0c496db0c60c339c4d0"
 		score = 75
 		quality = 85
@@ -283622,8 +284186,8 @@ rule SIGNATURE_BASE_EQGRP_Implants_Gen5 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L953-L978"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L953-L978"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d4bbd9dbde4ca1da80d49157363ade3ec47d55828529ec7e1a46b64d07c991f0"
 		score = 75
 		quality = 85
@@ -283657,8 +284221,8 @@ rule SIGNATURE_BASE_EQGRP_Pandarock : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L980-L1007"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L980-L1007"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d0a61410d7c5f309489ef4553f41a3a6fb7d0f24bcdb1f0d88e896265513add2"
 		score = 75
 		quality = 85
@@ -283693,8 +284257,8 @@ rule SIGNATURE_BASE_EQGRP_Bananausurper_Writejetplow : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1009-L1028"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1009-L1028"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "101e75800291a7603e03145bff298d7587c9b5f19102e7ba9ed3bf2b544fa5cf"
 		score = 75
 		quality = 85
@@ -283722,8 +284286,8 @@ rule SIGNATURE_BASE_EQGRP_Implants_Gen4 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1030-L1051"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1030-L1051"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3bfcef33e9a0a1753fd21458ee3173284f98942d30a496c5183c79a7df960208"
 		score = 75
 		quality = 85
@@ -283754,8 +284318,8 @@ rule SIGNATURE_BASE_EQGRP_Implants_Gen3 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1053-L1076"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1053-L1076"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "32d4dd0e35ea480199f5b2032145326c3eef73243783c580605a4de6877df982"
 		score = 75
 		quality = 85
@@ -283787,8 +284351,8 @@ rule SIGNATURE_BASE_EQGRP_BLIAR_BLIQUER : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1078-L1111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1078-L1111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "59b7303dba0a79919d79627697a8724337145cd6d7b5c53cda970bf437162865"
 		score = 75
 		quality = 85
@@ -283829,8 +284393,8 @@ rule SIGNATURE_BASE_EQGRP_Sploit : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1113-L1135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1113-L1135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "083f103dee6b209626c4d790dff0e53af757945ded63409b26bbe143c78e30eb"
 		score = 75
 		quality = 85
@@ -283862,8 +284426,8 @@ rule SIGNATURE_BASE_EQGRP_Implants_Gen2 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1137-L1168"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1137-L1168"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c3cbe11ae38f5affffab247cdc618d0afb5a0feda6ea4b2f43dd8edb2fbf2b11"
 		score = 75
 		quality = 85
@@ -283903,8 +284467,8 @@ rule SIGNATURE_BASE_EQGRP_Implants_Gen1 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1170-L1199"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1170-L1199"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1493f78e74503c367e3c5d8eac32167a7ad34d2435eba00e1f7bf864682e10a5"
 		score = 75
 		quality = 85
@@ -283943,8 +284507,8 @@ rule SIGNATURE_BASE_EQGRP_Eligiblebombshell_Generic : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1201-L1218"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1201-L1218"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a2e13300736f99aff30c7b4f7f0b148d62ecb1e72435a3e15e4f85b30d904ffd"
 		score = 75
 		quality = 85
@@ -283971,8 +284535,8 @@ rule SIGNATURE_BASE_EQGRP_Ssh_Telnet_29 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1220-L1241"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1220-L1241"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e93a54f4de089d460bfb966feacc377c0467863f481a210c81970f4909fb3bd8"
 		score = 75
 		quality = 85
@@ -284003,8 +284567,8 @@ rule SIGNATURE_BASE_EQGRP_Tinyexec : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1245-L1258"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1245-L1258"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "19b8d7e946d72424f81cd48ad4bf8791bf50a4cc146866e55ad501443a8d1e45"
 		score = 75
 		quality = 85
@@ -284027,8 +284591,8 @@ rule SIGNATURE_BASE_EQGRP_Callbacks
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1260-L1272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1260-L1272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "34881cf8f9f29482a1e129f0f61470d4cc3fa6b78b9f6dda25862371896deca7"
 		score = 75
 		quality = 85
@@ -284050,8 +284614,8 @@ rule SIGNATURE_BASE_EQGRP_Extrabacon_Output
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1274-L1290"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1274-L1290"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5e71a4380dd30e68d89add1718976d3207a161d2d61fd4c3250fc4b10a0f53a0"
 		score = 75
 		quality = 85
@@ -284077,8 +284641,8 @@ rule SIGNATURE_BASE_EQGRP_Unique_Strings
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1292-L1305"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1292-L1305"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "070358ec9cccb5d9daa4e5a016d4f9a988b600d675484f06dc9a897cadf7af0c"
 		score = 75
 		quality = 85
@@ -284101,8 +284665,8 @@ rule SIGNATURE_BASE_EQGRP_RC5_RC6_Opcode
 		date = "2016-08-17"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/incidents/75812/the-equation-giveaway/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1307-L1326"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1307-L1326"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a79208c5924e1d5cc9db922f80403514e516eadb725393c1ebc9a6236ca90b98"
 		score = 75
 		quality = 85
@@ -284124,8 +284688,8 @@ rule SIGNATURE_BASE_Equationgroup_Modifyaudit_Implant : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1337-L1353"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1337-L1353"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ec8b54f3489b1eeef491b03641805e0e4db0b5cbbb67a3ae3d37dad184f54b01"
 		score = 75
 		quality = 85
@@ -284151,8 +284715,8 @@ rule SIGNATURE_BASE_Equationgroup_Modifyaudit_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1355-L1372"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1355-L1372"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a908d44b831a27bb584c5da936346f77f0e205658ec2ebe0e600004645894593"
 		score = 75
 		quality = 85
@@ -284179,8 +284743,8 @@ rule SIGNATURE_BASE_Equationgroup_Processhide_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1374-L1393"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1374-L1393"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "407045f5ac8eeec4403560de406e5d382d38ae2f34d0e4c7d3cc9b94debdfad8"
 		score = 75
 		quality = 85
@@ -284209,8 +284773,8 @@ rule SIGNATURE_BASE_Equationgroup_Pwdump_Implant : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1395-L1410"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1395-L1410"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "20df7ef04154e317ee844545e541d62b3b8db4ac4800ba45a26b1092499c6e69"
 		score = 75
 		quality = 85
@@ -284235,8 +284799,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Gen_5 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1412-L1428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1412-L1428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "834a7175a23c30301fce01482a2768d453368c7ca5c72ae52b2d266b31005991"
 		score = 75
 		quality = 85
@@ -284262,8 +284826,8 @@ rule SIGNATURE_BASE_Equationgroup_PC_Level3_Http_Flav_Dll : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1430-L1447"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1430-L1447"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "579539961e29c4da60dc632b1afd348e0d799e266f175a3bae7206b615d90f5b"
 		score = 75
 		quality = 85
@@ -284290,8 +284854,8 @@ rule SIGNATURE_BASE_Equationgroup_LSADUMP_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1449-L1462"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1449-L1462"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f67a64ae7fece949d37367d85a28a879e90844e5cc56e88a85a1cce890990f55"
 		score = 75
 		quality = 85
@@ -284314,8 +284878,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Mstcp32 : FILE
 		date = "2017-01-13"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1464-L1485"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1464-L1485"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aff97f8360a0c24bfde6a1b2616749d6cad3b19993716231d32b8bb59579c638"
 		score = 75
 		quality = 85
@@ -284345,8 +284909,8 @@ rule SIGNATURE_BASE_Equationgroup_Nethide_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1487-L1504"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1487-L1504"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "70e96a8ef5f75e05b3f6d32b9b8392316c3a70cb479549a3700134435b690473"
 		score = 75
 		quality = 85
@@ -284373,8 +284937,8 @@ rule SIGNATURE_BASE_Equationgroup_PC_Level4_Flav_Dll_X64 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1506-L1521"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1506-L1521"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9c874581567909055deeae4f992bd99c1e08d5f62655d1cc9a7316beb8513d8f"
 		score = 75
 		quality = 85
@@ -284399,8 +284963,8 @@ rule SIGNATURE_BASE_Equationgroup_PC_Level4_Flav_Exe : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1523-L1541"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1523-L1541"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "975d327d5922e4b179a677501c2613186ea85299958a996dcdeb503b02495ff7"
 		score = 75
 		quality = 85
@@ -284428,8 +284992,8 @@ rule SIGNATURE_BASE_Equationgroup_Processinfo_Implant : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1543-L1558"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1543-L1558"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b0aace3c6fa20c5bb238264b2aa484d548945a4c2ccb65482cce71427f061604"
 		score = 75
 		quality = 85
@@ -284454,8 +285018,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Gen_2 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1560-L1574"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1560-L1574"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fcbc518d23dc21d482abcac29505c5404fc9e309554ca7dc9f1014adbff83e1a"
 		score = 75
 		quality = 85
@@ -284479,8 +285043,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Ntevt : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1577-L1591"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1577-L1591"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c5259c89dfedc34ca032775bda4ead04985da6b3d042b8a6635f5f848570d8c6"
 		score = 75
 		quality = 85
@@ -284504,8 +285068,8 @@ rule SIGNATURE_BASE_Equationgroup_Nethide_Implant : FILE
 		date = "2017-01-13"
 		modified = "2023-01-27"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1593-L1608"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1593-L1608"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bd25d05b001ac7d41e60270b62aeecd520a570e76557c68d78d9680c7beb90ab"
 		score = 75
 		quality = 85
@@ -284529,8 +285093,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Gen_4 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1610-L1624"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1610-L1624"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3046cbfa4b4f5eb5d0efc1b2b658567391b0c219650437088a0d6c179e9235fb"
 		score = 75
 		quality = 85
@@ -284554,8 +285118,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Tdi6 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1626-L1642"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1626-L1642"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ba7e14a3bf158795ecee498976847fbbcc80635799be4574f05aa80d1a85a4ef"
 		score = 75
 		quality = 85
@@ -284581,8 +285145,8 @@ rule SIGNATURE_BASE_Equationgroup_Modifyauthentication_Implant : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1644-L1661"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1644-L1661"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8bdc4c9e9a3e327bb55781670d8f373d5a8904ccd47cc4b67673c47a76c54927"
 		score = 75
 		quality = 85
@@ -284609,8 +285173,8 @@ rule SIGNATURE_BASE_Equationgroup_Ntfltmgr : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1663-L1679"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1663-L1679"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3e931088f363c7dfb6057019faf9e5c674c90f6bdae6211dcc871464b410efd3"
 		score = 75
 		quality = 85
@@ -284636,8 +285200,8 @@ rule SIGNATURE_BASE_Equationgroup_DXGHLP16 : FILE
 		date = "2017-01-13"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1681-L1702"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1681-L1702"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5244cef876af4c0c02109599e6250254c854ed5c9bd2d0ccc44676dca21a1650"
 		score = 75
 		quality = 85
@@ -284667,8 +285231,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Msgkd : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1704-L1718"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1704-L1718"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "60336294ef5fa0221fc6a0e8b05bb279ac0e167024568cd9efa78e678e763704"
 		score = 75
 		quality = 85
@@ -284692,8 +285256,8 @@ rule SIGNATURE_BASE_Equationgroup_Runaschild_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1720-L1735"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1720-L1735"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "77bea554ead64f85f4efdc49f91ea3b24d1759ae9d91718d443938ab862b0191"
 		score = 75
 		quality = 85
@@ -284718,8 +285282,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Gen_6 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1737-L1752"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1737-L1752"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5a14bd8efe2cf68beec207e5deec28fd5b9d89c506593214eccbceae3cb862a7"
 		score = 75
 		quality = 85
@@ -284744,8 +285308,8 @@ rule SIGNATURE_BASE_Equationgroup_PC_Level3_Http_Flav_Dll_X64 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1754-L1771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1754-L1771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b304cb747e609ad5de46624e2d0d005d5f8521e16f0b36cab31535709d7ab72f"
 		score = 75
 		quality = 85
@@ -284772,8 +285336,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Gen_3 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1773-L1787"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1773-L1787"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6b43280a94f1f5c62185f6b879126bcd258e9875beeb0f7ec1e3569494a60669"
 		score = 75
 		quality = 85
@@ -284797,8 +285361,8 @@ rule SIGNATURE_BASE_Equationgroup_Getadmin_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1789-L1802"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1789-L1802"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5bff3858c59b1bb44c5e24ca5f77d8e1e582224cc1caad3955d1adb0efea318a"
 		score = 75
 		quality = 85
@@ -284821,8 +285385,8 @@ rule SIGNATURE_BASE_Equationgroup_Modifygroup_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1805-L1819"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1805-L1819"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8fe5102cacd9149a0ed60440c563953d487aa2b28a3b947d821d0cc3f3396a4a"
 		score = 75
 		quality = 85
@@ -284846,8 +285410,8 @@ rule SIGNATURE_BASE_Equationgroup_Pwdump_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1821-L1834"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1821-L1834"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7381ffd9b2b720fa99d52bc5805fea942e5a966bf3fd611f1a80a875edd06dad"
 		score = 75
 		quality = 85
@@ -284870,8 +285434,8 @@ rule SIGNATURE_BASE_Equationgroup_Eventlogedit_Implant : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1836-L1851"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1836-L1851"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1d391eaed77150ab2a26dfed60ebd82aa2c6802b6b604791fb78d08db7fe5ec9"
 		score = 75
 		quality = 85
@@ -284896,8 +285460,8 @@ rule SIGNATURE_BASE_Equationgroup_Portmap_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1853-L1868"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1853-L1868"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9666e64b40dc01c5b3756b1334519730765f7075ba9a124a79f5b7ea4bc91e03"
 		score = 75
 		quality = 85
@@ -284922,8 +285486,8 @@ rule SIGNATURE_BASE_Equationgroup_Processoptions_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1870-L1883"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1870-L1883"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cc9cd566f57d28ccea6d53d2eba71187f01cdf6e140771cace33349f6439461d"
 		score = 75
 		quality = 85
@@ -284946,8 +285510,8 @@ rule SIGNATURE_BASE_Equationgroup_Passfreely_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1885-L1900"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1885-L1900"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c3ceb04b42b6e741b1578ec9ecb83b72c599d9af457d6d4e8de572e481d3aa5c"
 		score = 75
 		quality = 85
@@ -284972,8 +285536,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Gen_1 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1904-L1933"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1904-L1933"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "97fe69f0c8f2fc44fdcd796c9390c3912f31c56540af1ca8f2baab16d1e91add"
 		score = 75
 		quality = 85
@@ -285013,8 +285577,8 @@ rule SIGNATURE_BASE_Equationdrug_MS_Identifier
 		date = "2015-03-11"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp.yar#L1937-L1948"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp.yar#L1937-L1948"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7b919c82b6e765be5adb927bf79d13f9b37a214a6f8a1f7b237a88ba46ae958c"
 		score = 75
 		quality = 85
@@ -285035,8 +285599,8 @@ rule SIGNATURE_BASE_BTC_Miner_Lsass1_Chrome_2 : FILE
 		date = "2017-06-22"
 		modified = "2023-12-05"
 		reference = "Internal Research - CN Actor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cn_group_btc.yar#L10-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cn_group_btc.yar#L10-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ef80dba71c901d6e821b2e08a701a82f8147e41a8f14c5fd324d5e043b0ff322"
 		score = 60
 		quality = 85
@@ -285062,8 +285626,8 @@ rule SIGNATURE_BASE_CN_Actor_RA_Tool_Ammyy_Mscorsvw : FILE
 		date = "2017-06-22"
 		modified = "2023-12-05"
 		reference = "Internal Research - CN Actor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cn_group_btc.yar#L29-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cn_group_btc.yar#L29-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c4b64b3aa63d80fa1a73b021bf49539af5888f53090555555c1f3fd7fbb90230"
 		score = 75
 		quality = 85
@@ -285089,8 +285653,8 @@ rule SIGNATURE_BASE_CN_Actor_Ammyyadmin : FILE
 		date = "2017-06-22"
 		modified = "2023-12-05"
 		reference = "Internal Research - CN Actor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cn_group_btc.yar#L47-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cn_group_btc.yar#L47-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b628c7e6debdd2b21a321dc2ec5838fd56107f4cac21bda8b9faa1c1d5b23b71"
 		score = 60
 		quality = 85
@@ -285113,8 +285677,8 @@ rule SIGNATURE_BASE_MAL_Gopuram_Apr23 : FILE
 		date = "2023-04-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_gopuram.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_gopuram.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "beb775af5196f30e0ee021790a4978ca7a7ac2a7cf970a5a620ffeb89cc60b2c"
 		hash = "97b95b4a5461f950e712b82783930cb2a152ec0288c00a977983ca7788342df7"
 		logic_hash = "58d978bd09a656f2a10a4d5d2585e51efe5cfb6b6648a4b3c2ce8c4f5d2256d4"
@@ -285138,8 +285702,8 @@ rule SIGNATURE_BASE_Redsails_EXE : FILE
 		date = "2017-10-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/BeetleChunks/redsails"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_redsails.yar#L11-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_redsails.yar#L11-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fe9232989fb29686f11ee8cd59090fb6602301b00ff12d4a0dff8279a1718086"
 		score = 75
 		quality = 85
@@ -285163,8 +285727,8 @@ rule SIGNATURE_BASE_Redsails_PY
 		date = "2017-10-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/BeetleChunks/redsails"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_redsails.yar#L27-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_redsails.yar#L27-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4c5426a427e2c25cf9e44ae5f9ec477c9ab11f611d9a0db444c36e7cae176562"
 		score = 75
 		quality = 85
@@ -285192,8 +285756,8 @@ rule SIGNATURE_BASE_Ysoserial_Payload_Mozillarhino1 : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/frohoff/ysoserial"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_ysoserial_payloads.yar#L10-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_ysoserial_payloads.yar#L10-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ca8cdd2781812ed373ca558b3a5a2fac5d236e16e6dbb8d66caa45081aef968b"
 		score = 75
 		quality = 85
@@ -285216,8 +285780,8 @@ rule SIGNATURE_BASE_Ysoserial_Payload_C3P0 : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/frohoff/ysoserial"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_ysoserial_payloads.yar#L25-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_ysoserial_payloads.yar#L25-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "53188caff69e1dbf655f4df7cda1406dd357af14a92ca4e686f514299b0adafc"
 		score = 75
 		quality = 85
@@ -285240,8 +285804,8 @@ rule SIGNATURE_BASE_Ysoserial_Payload_Spring1
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/frohoff/ysoserial"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_ysoserial_payloads.yar#L40-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_ysoserial_payloads.yar#L40-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "852390d242c5cac243b54c31234c0ef3e25cede376eea23c73f03d79c548be8a"
 		score = 75
 		quality = 85
@@ -285270,8 +285834,8 @@ rule SIGNATURE_BASE_Ysoserial_Payload : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/frohoff/ysoserial"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_ysoserial_payloads.yar#L61-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_ysoserial_payloads.yar#L61-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eec48af8bd3b377c8dd5af71027f67b36e1bd4d4ccfbd8134a26783517b5585a"
 		score = 75
 		quality = 85
@@ -285309,8 +285873,8 @@ rule SIGNATURE_BASE_Ysoserial_Payload_3 : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/frohoff/ysoserial"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_ysoserial_payloads.yar#L92-L113"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_ysoserial_payloads.yar#L92-L113"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "49491d1c15af8c271fbbb7dedc678a91df74dcb093abe3f056b1ffc2fced99fe"
 		score = 75
 		quality = 85
@@ -285340,8 +285904,8 @@ rule SIGNATURE_BASE_APT_APT28_Cannon_Trojan_Nov18_1 : FILE
 		date = "2018-11-20"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/11/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_cannon.yar#L2-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_cannon.yar#L2-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "de8c7bf80fe6209d00955c375b769a3aca138759335abb11f5086f85a4a9c367"
 		score = 75
 		quality = 85
@@ -285380,8 +285944,8 @@ rule SIGNATURE_BASE_SUSP_RDP_File_Indicators_Oct24_1 : FILE
 		date = "2024-10-25"
 		modified = "2024-12-12"
 		reference = "https://thecyberexpress.com/rogue-rdp-files-used-in-ukraine-cyberattacks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nobellium_rdp_phish.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nobellium_rdp_phish.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "55bd63738c38719ce7aeb874956488b0d3f7167a31d880ee61994b5921bd1458"
 		score = 75
 		quality = 85
@@ -285411,8 +285975,8 @@ rule SIGNATURE_BASE_Armitage_Msfconsole : FILE
 		date = "2017-12-24"
 		modified = "2022-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_armitage.yar#L14-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_armitage.yar#L14-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cf9df9858ca584288288fd0b55fdcf65aeea410f25531ee3d8cf48c30d23824a"
 		score = 75
 		quality = 85
@@ -285436,8 +286000,8 @@ rule SIGNATURE_BASE_Armitage_Meterpretersession_Strings : FILE
 		date = "2017-12-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_armitage.yar#L33-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_armitage.yar#L33-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3a21a42df8f15e3e81c797feb284edfe2de7d1c182547e8606f0e48dc08f6939"
 		score = 75
 		quality = 85
@@ -285464,8 +286028,8 @@ rule SIGNATURE_BASE_Armitage_OSX : FILE
 		date = "2017-12-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_armitage.yar#L52-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_armitage.yar#L52-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "25c94b9715fdc10d0e04eea7d5b9974e60f3e248f51b80de80542b169996fc7a"
 		score = 75
 		quality = 85
@@ -285491,8 +286055,8 @@ rule SIGNATURE_BASE_Mirai_Botnet_Malware : FILE
 		date = "2016-10-04"
 		modified = "2023-01-27"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_mirai.yar#L10-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_mirai.yar#L10-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "384f8377ca05296da1177a8939f526069fbad0bb73769bd282d81ea4d876003c"
 		score = 75
 		quality = 83
@@ -285536,8 +286100,8 @@ rule SIGNATURE_BASE_Mirai_1_May17 : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_mirai.yar#L62-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_mirai.yar#L62-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6816ab3b455bbde6c4bb43bff162615d7fc24b9d5828faa190600387c38978e1"
 		score = 75
 		quality = 85
@@ -285563,8 +286127,8 @@ rule SIGNATURE_BASE_Miari_2_May17 : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_mirai.yar#L80-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_mirai.yar#L80-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "138a7d0c5508f0168f09329e97f00d0aacef17297558338cd88a9dc3ddddfee3"
 		score = 75
 		quality = 85
@@ -285593,8 +286157,8 @@ rule SIGNATURE_BASE_MAL_ELF_LNX_Mirai_Oct10_1 : FILE
 		date = "2018-10-27"
 		modified = "2023-01-27"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_mirai.yar#L101-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_mirai.yar#L101-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d16ed12522b310fccab027355281a206f5087d555f0d1fef4e7746d01d085613"
 		score = 75
 		quality = 85
@@ -285620,8 +286184,8 @@ rule SIGNATURE_BASE_MAL_ELF_LNX_Mirai_Oct10_2 : FILE
 		date = "2018-10-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_mirai.yar#L124-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_mirai.yar#L124-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "47d20bdf64c18c925dc1391b022278f913b7fbce13988a7b5de2e9d135c5a265"
 		score = 75
 		quality = 85
@@ -285645,8 +286209,8 @@ rule SIGNATURE_BASE_MAL_Mirai_Nov19_1 : FILE
 		date = "2019-11-13"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/bad_packets/status/1194049104533282816"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_mirai.yar#L140-L157"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_mirai.yar#L140-L157"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e1202a9cd445c590c359a9c93e635292f8cf7f09291f4d8504ad9ce6679f6a47"
 		score = 75
 		quality = 85
@@ -285673,8 +286237,8 @@ rule SIGNATURE_BASE_MAL_ARM_LNX_Mirai_Mar13_2022 : FILE
 		date = "2022-03-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_mirai.yar#L159-L181"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_mirai.yar#L159-L181"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a44a6174a198a658c8a5e2da50192da20bae7f8ed4e4f212c9eebb29fa4b0dd0"
 		score = 75
 		quality = 85
@@ -285707,8 +286271,8 @@ rule SIGNATURE_BASE_APT_FIN7_Strings_Aug18_1
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L13-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L13-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "89d2f8f28a7ab0e78c53d8c41b45efa60cfa9ff72306c49197f52342d9a3c546"
 		score = 75
 		quality = 85
@@ -285735,8 +286299,8 @@ rule SIGNATURE_BASE_APT_FIN7_Sample_Aug18_2 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L32-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L32-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a46492383db5af8f60984b42c53a792632f836f1668fca2d564e0f1f1ed313f2"
 		score = 75
 		quality = 85
@@ -285763,8 +286327,8 @@ rule SIGNATURE_BASE_APT_FIN7_Maldoc_Aug18_1 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L51-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L51-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f3ecf77a5f909361f4a6af5ca0f25ec85721570587500a8ce2ef203158472e47"
 		score = 75
 		quality = 85
@@ -285787,8 +286351,8 @@ rule SIGNATURE_BASE_APT_FIN7_Sample_Aug18_1 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L66-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L66-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5ff078f8cb93a841b68521cfbc120b18952c7ff5b56ab2f3b0eebf63a10aa572"
 		score = 75
 		quality = 85
@@ -285824,8 +286388,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_1 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L95-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L95-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7144d4c7651e3fb288ef608fdff07af6cb223c90c34fb780d65184760386d5c7"
 		score = 75
 		quality = 85
@@ -285848,8 +286412,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_2 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L110-L124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L110-L124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8e62c9488f211635ae30633a0d894b00e0ba2a7e7d4cb628117a166d4f0f9697"
 		score = 75
 		quality = 85
@@ -285873,8 +286437,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_3 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L126-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L126-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3f757bc4a6d46be85732fe33dd0a323c5774cbc1f0da2b984c5db14c1362745a"
 		score = 75
 		quality = 85
@@ -285898,8 +286462,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_4 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L142-L157"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L142-L157"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cd8a33c4e4f626d744e03f48e093f6a45223c74088b03185833ece8034614ca4"
 		score = 75
 		quality = 85
@@ -285924,8 +286488,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_5 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L159-L173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L159-L173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "893e144d86025db750b32ae69964578ec92862face706339a5bafb393e3c7091"
 		score = 75
 		quality = 85
@@ -285950,8 +286514,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_6 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L175-L198"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L175-L198"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "33db8e61b6220d9e16191228573d3d375cce9528241dcf1ad74d641f0959f03b"
 		score = 75
 		quality = 85
@@ -285981,8 +286545,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_7 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L200-L214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L200-L214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "212bc13d22d7bc6b0ef10ae034ea09c7ea0d0e66afd212fb55c09cf43344c2ec"
 		score = 75
 		quality = 85
@@ -286006,8 +286570,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_8 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L216-L229"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L216-L229"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f15a8dfd3efb094ab73caebe9bffb5735762960445ca421cd49eaa091ecea300"
 		score = 75
 		quality = 85
@@ -286030,8 +286594,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_10 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L231-L248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L231-L248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1d6dba0c858eacea5bd67682a588105a2ff09d10bb60d9888ace07609c9b33de"
 		score = 75
 		quality = 85
@@ -286057,8 +286621,8 @@ rule SIGNATURE_BASE_APT_FIN7_Sample_EXE_Aug18_1 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L250-L275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L250-L275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "780e2cb9a704e0df0383737928c2cfc8aa5de5a8f3c9dc67de866d5ac73b8402"
 		score = 75
 		quality = 85
@@ -286090,8 +286654,8 @@ rule SIGNATURE_BASE_APT_FIN7_Msdoc_Sep21_1 : FILE
 		date = "2021-09-07"
 		modified = "2023-12-05"
 		reference = "https://www.anomali.com/blog/cybercrime-group-fin7-using-windows-11-alpha-themed-docs-to-drop-javascript-backdoor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L277-L301"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L277-L301"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ffc91cdad91b8ab24840c6ef1a6c39aad081d986c21a88b3f2ea3ec1bcd3b52b"
 		score = 85
 		quality = 85
@@ -286118,8 +286682,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_JS_Sept21_2 : FILE
 		date = "2021-09-07"
 		modified = "2023-12-05"
 		reference = "https://www.anomali.com/blog/cybercrime-group-fin7-using-windows-11-alpha-themed-docs-to-drop-javascript-backdoor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7.yar#L303-L323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7.yar#L303-L323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "235ff8fe5c033fd90d77ecf9ce80b59be7bf6ae5a2863a1c9365d8b125a7ff3f"
 		score = 65
 		quality = 85
@@ -286145,8 +286709,8 @@ rule SIGNATURE_BASE_HKTL_Natbypass_Dec22_1 : T1090 FILE
 		date = "2022-12-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/cw1997/NATBypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/hktl_natbypass.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/hktl_natbypass.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8af76d7d9d4500dc219090fbd8ca8cd9fd17bfc224f14a411febfd6f75b92206"
 		score = 80
 		quality = 85
@@ -286172,8 +286736,8 @@ rule SIGNATURE_BASE_Office_Autoopen_Macro : FILE
 		date = "2015-05-28"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/general_officemacros.yar#L2-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/general_officemacros.yar#L2-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "23c834828e7a9ea966e5d7247881bbbf9180b8f08297e36cd36d2ba5f621c70d"
 		score = 40
 		quality = 85
@@ -286203,8 +286767,8 @@ rule SIGNATURE_BASE_Office_As_MHTML : CVE_2012_0158 FILE
 		date = "2015-05-28"
 		modified = "2023-12-05"
 		reference = "https://www.trustwave.com/Resources/SpiderLabs-Blog/Malicious-Macros-Evades-Detection-by-Using-Unusual-File-Format/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/general_officemacros.yar#L28-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/general_officemacros.yar#L28-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d5836a9c627e2e6833ea9e27526c76c00fc1fcf1fca8ea10777aa6f4bcc25053"
 		score = 40
 		quality = 85
@@ -286233,11 +286797,11 @@ rule SIGNATURE_BASE_Docm_In_PDF : FILE
 		date = "2017-05-15"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/general_officemacros.yar#L52-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/general_officemacros.yar#L52-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "045cde0e8f9e0881c2caece7d5660e165aa67b43bed2ba6d4929951497d76494"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 
@@ -286258,8 +286822,8 @@ rule SIGNATURE_BASE_Crime_Win_Rat_Alienspy : FILE
 		date = "2015-04-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_alienspy_rat.yar#L2-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_alienspy_rat.yar#L2-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2b6fec104a89badb057619f648119dcf6debd294ee2b80a1fde6ffa30a7a45f7"
 		score = 75
 		quality = 85
@@ -286309,8 +286873,8 @@ rule SIGNATURE_BASE_Asp_File : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L8-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L8-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ff5b1a9598735440bdbaa768b524c639e22f53c5"
 		logic_hash = "9ec19a994571f4d1b40b6d6af3fb6eb4c5004a6439b99863b50dae0262677263"
 		score = 75
@@ -286338,8 +286902,8 @@ rule SIGNATURE_BASE_Php_Killnc : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c0dee56ee68719d5ec39e773621ffe40b144fda5"
 		logic_hash = "431a9a66f5d0e42856ca5716c2994c018f77cc338300abd71d94ffe7e75da3bf"
 		score = 75
@@ -286366,8 +286930,8 @@ rule SIGNATURE_BASE_Asp_Shell : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L47-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L47-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8bf1ff6f8edd45e3102be5f8a1fe030752f45613"
 		logic_hash = "af9c5cf7125e1210761e720c5f30527ac6345b5029b087807309000a29b67f6e"
 		score = 75
@@ -286396,8 +286960,8 @@ rule SIGNATURE_BASE_Settings : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L68-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L68-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "588739b9e4ef2dbb0b4cf630b73295d8134cc801"
 		logic_hash = "b02e293e659fa77257d0642c57e51d6ae712d9221ae295cf69bb845f68c650ee"
 		score = 75
@@ -286422,8 +286986,8 @@ rule SIGNATURE_BASE_Asp_Proxy : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L85-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L85-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "51e97040d1737618b1775578a772fa6c5a31afd8"
 		logic_hash = "f53c97a2bf31f411b3220dc741b85d0edf96e9b92474f1abd5ac443be6b92897"
 		score = 75
@@ -286451,8 +287015,8 @@ rule SIGNATURE_BASE_Cfm_Shell : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L105-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L105-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "885e1783b07c73e7d47d3283be303c9719419b92"
 		logic_hash = "961eb398422e3c528b886c150f11dcb8a6832f0ea48e20ddc381e1f2740bd0c6"
 		score = 75
@@ -286477,8 +287041,8 @@ rule SIGNATURE_BASE_Aspx_Shell : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L122-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L122-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "076aa781a004ecb2bf545357fd36dcbafdd68b1a"
 		logic_hash = "b31c36f53d46e17b6d97e582e46c540928a386e2075b841f5c11b959a0c68462"
 		score = 75
@@ -286504,8 +287068,8 @@ rule SIGNATURE_BASE_Php_Shell : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L140-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L140-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dc5c03a21267d024ef0f5ab96a34e3f6423dfcd6"
 		logic_hash = "dc798508434686bbcb4fa0bb47381252bfa0491b0987956fd4c5aa13b7f57810"
 		score = 75
@@ -286531,8 +287095,8 @@ rule SIGNATURE_BASE_Php_Reverse_Shell : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L158-L173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L158-L173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3ef03bbe3649535a03315dcfc1a1208a09cea49d"
 		logic_hash = "ea8e320abb57e0467db92271f7d36f144f85e04ce15cd9fa8d3f53dfa8d43929"
 		score = 75
@@ -286557,8 +287121,8 @@ rule SIGNATURE_BASE_Php_Dns : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L175-L191"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L175-L191"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "01d5d16d876c55d77e094ce2b9c237de43b21a16"
 		logic_hash = "650eecc06f215ae6a15078c87d8a8c1597ca9e3d735eacd17b046a9d9deb6aa8"
 		score = 75
@@ -286584,8 +287148,8 @@ rule SIGNATURE_BASE_WEB_INF_Web : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L193-L207"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L193-L207"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0251baed0a16c451f9d67dddce04a45dc26cb4a3"
 		logic_hash = "b58bb63a5268812ed6a5d18c8da96b0fdae33e4802a2fba4964ab69e92517a16"
 		score = 75
@@ -286609,8 +287173,8 @@ rule SIGNATURE_BASE_Jsp_Cmd : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L209-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L209-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "55e4c3dc00cfab7ac16e7cfb53c11b0c01c16d3d"
 		logic_hash = "ab5b013a385549322bcb2811fa1a2d14b5633e2c41b9486b1e1c50c02437b8e6"
 		score = 75
@@ -286637,8 +287201,8 @@ rule SIGNATURE_BASE_Laudanum : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L228-L242"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L228-L242"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fd498c8b195967db01f68776ff5e36a06c9dfbfe"
 		logic_hash = "53caad87d22b5f13e5b7be8720baa1d436cc57d8062ec5d557df8524a2ccfb68"
 		score = 75
@@ -286662,8 +287226,8 @@ rule SIGNATURE_BASE_Php_File : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L244-L260"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L244-L260"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7421d33e8007c92c8642a36cba7351c7f95a4335"
 		logic_hash = "85c14a9c8a6aece231b1cb6dcdd7ed39fdc6aced868c34557ee2e2204ce7007b"
 		score = 75
@@ -286689,8 +287253,8 @@ rule SIGNATURE_BASE_Warfiles_Cmd : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L262-L278"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L262-L278"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3ae3d837e7b362de738cf7fad78eded0dccf601f"
 		logic_hash = "64724b24d9f5b5d78e231ea8196abb609237cc430c49f6ceeb99c9684a904568"
 		score = 75
@@ -286716,8 +287280,8 @@ rule SIGNATURE_BASE_Asp_Dns : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L280-L296"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L280-L296"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5532154dd67800d33dace01103e9b2c4f3d01d51"
 		logic_hash = "808e879238a0c24e975c260fc95c05c91bdc0f73553a241bd00f5bf7e6622639"
 		score = 75
@@ -286743,8 +287307,8 @@ rule SIGNATURE_BASE_Php_Reverse_Shell_2 : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L298-L312"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L298-L312"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "025db3c3473413064f0606d93d155c7eb5049c42"
 		logic_hash = "695dc565c273ed358f7d56526fa4956ba13b216d8897d0707e1660a82b745081"
 		score = 75
@@ -286768,8 +287332,8 @@ rule SIGNATURE_BASE_Laudanum_Tools_Generic : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_laudanum_webshells.yar#L314-L345"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_laudanum_webshells.yar#L314-L345"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "52c6d3be4fc91e8a61645886fa89bf78eddad51960702ff2ac83ec01d5d529ef"
 		score = 75
 		quality = 85
@@ -286810,8 +287374,8 @@ rule SIGNATURE_BASE_CACTUSTORCH : FILE
 		date = "2017-07-31"
 		modified = "2023-12-05"
 		reference = "https://github.com/mdsecactivebreach/CACTUSTORCH"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_gen_cactustorch.yar#L11-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_gen_cactustorch.yar#L11-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "265287b27aa13840366dbb51ea58b2fdd10e0a57ff27d8deb52ff77dd71c26ad"
 		score = 75
 		quality = 85
@@ -286848,8 +287412,8 @@ rule SIGNATURE_BASE_Fireball_De_Svr : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_fireball.yar#L12-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_fireball.yar#L12-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9ac858b3ce50daac811ded4664f2a602a32d8811825733d235125fc81a488e58"
 		score = 75
 		quality = 85
@@ -286876,8 +287440,8 @@ rule SIGNATURE_BASE_Fireball_Lancer : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_fireball.yar#L31-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_fireball.yar#L31-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "74df144556121609da0820c319a86a9de0f49eeb2d4b1ed59c3a4d0c1d7788cb"
 		score = 75
 		quality = 85
@@ -286906,8 +287470,8 @@ rule SIGNATURE_BASE_Qqbrowser : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_fireball.yar#L53-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_fireball.yar#L53-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "525d134f57aaa314bcf0676678264e518edb785970478cb31a8fb6f1c8c92263"
 		score = 50
 		quality = 83
@@ -286933,8 +287497,8 @@ rule SIGNATURE_BASE_Chrome_Elf : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_fireball.yar#L72-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_fireball.yar#L72-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "89f0ab16f164222ecf2a4b14bee02d0c24517d03d1c12b25f5158eebc31b3e3d"
 		score = 75
 		quality = 85
@@ -286962,8 +287526,8 @@ rule SIGNATURE_BASE_Fireball_Regkey : FILE
 		date = "2017-06-02"
 		modified = "2022-12-21"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_fireball.yar#L92-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_fireball.yar#L92-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f8fe8b1edb009ac84acf6159feada91d364507c53a9f92abd6b245b38fa058f5"
 		score = 75
 		quality = 85
@@ -286988,8 +287552,8 @@ rule SIGNATURE_BASE_Fireball_Winsap : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_fireball.yar#L110-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_fireball.yar#L110-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "de722d90d82f82faa5dfe5991c846e5c16deb919ae653b8f9fe4d1ad0384c41d"
 		score = 75
 		quality = 85
@@ -287017,8 +287581,8 @@ rule SIGNATURE_BASE_Fireball_Archer : FILE
 		date = "2017-06-02"
 		modified = "2022-12-21"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_fireball.yar#L130-L149"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_fireball.yar#L130-L149"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f566ba477ccf1325914b6c9785e2b85f732b211e9321eea24d6c5a0339ccc4d1"
 		score = 75
 		quality = 85
@@ -287045,8 +287609,8 @@ rule SIGNATURE_BASE_Clearlog : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_fireball.yar#L151-L171"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_fireball.yar#L151-L171"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6b6fd74ad184cafa7885385f808034e9211ff37e04ed5e8ea4af2c7fb7d697bd"
 		score = 75
 		quality = 85
@@ -287075,8 +287639,8 @@ rule SIGNATURE_BASE_Fireball_Gubed : FILE
 		date = "2017-06-02"
 		modified = "2022-12-21"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_fireball.yar#L173-L191"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_fireball.yar#L173-L191"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e8053d8a95d41d81940bbaf7945323849613dbcfe727559a07bc294bd834b65f"
 		score = 75
 		quality = 85
@@ -287103,8 +287667,8 @@ rule SIGNATURE_BASE_APT17_Malware_Oct17_1 : FILE
 		date = "2017-10-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/puVc9q"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt17_mal_sep17.yar#L13-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt17_mal_sep17.yar#L13-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0c4391b47df0c40dbd605515992e5eaa758d0e509e9ad24b517d104b8e7d504c"
 		score = 75
 		quality = 85
@@ -287131,8 +287695,8 @@ rule SIGNATURE_BASE_APT17_Malware_Oct17_2 : FILE
 		date = "2017-10-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/puVc9q"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt17_mal_sep17.yar#L31-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt17_mal_sep17.yar#L31-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "378a21edeaf36267986bd5158fe736b0970b0b9f0ad824f09dc6434a9ba1d7e2"
 		score = 75
 		quality = 85
@@ -287166,8 +287730,8 @@ rule SIGNATURE_BASE_APT17_Unsigned_Symantec_Binary_EFA : FILE
 		date = "2017-10-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/puVc9q"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt17_mal_sep17.yar#L61-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt17_mal_sep17.yar#L61-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7306c8ae2be4dbf56957e11d78ba85bcfa1c8570ba41f749ea5b0e2a05e9df7b"
 		score = 75
 		quality = 85
@@ -287192,8 +287756,8 @@ rule SIGNATURE_BASE_APT17_Malware_Oct17_Gen : FILE
 		date = "2017-10-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/puVc9q"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt17_mal_sep17.yar#L77-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt17_mal_sep17.yar#L77-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3e0e4a989a907f5f1aaac4ba43611dd0d2e4b4fd340234f04b3fce25843f9dc6"
 		score = 75
 		quality = 85
@@ -287227,8 +287791,8 @@ rule SIGNATURE_BASE_Suspicious_Autoit_By_Microsoft : FILE
 		date = "2017-12-14"
 		modified = "2025-08-13"
 		reference = "Internal Research - VT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/generic_anomalies.yar#L381-L396"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/generic_anomalies.yar#L381-L396"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7dfbaf7d136bd9e151c533b49394a9a596450d9cc2643dc144cb693290004591"
 		score = 60
 		quality = 85
@@ -287252,8 +287816,8 @@ rule SIGNATURE_BASE_SUSP_Size_Of_ASUS_Tuningtool : FILE
 		date = "2018-10-17"
 		modified = "2022-12-21"
 		reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/generic_anomalies.yar#L398-L413"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/generic_anomalies.yar#L398-L413"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5aadb48f61947ff0362bde5f80830b835ca9e3cb7e1c632d153d0ea5f8bbad6c"
 		score = 60
 		quality = 85
@@ -287276,8 +287840,8 @@ rule SIGNATURE_BASE_SUSP_Piratedoffice_2007 : FILE
 		date = "2018-12-04"
 		modified = "2025-08-13"
 		reference = "https://twitter.com/pwnallthethings/status/743230570440826886?lang=en"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/generic_anomalies.yar#L415-L428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/generic_anomalies.yar#L415-L428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ff94483944a4a4e4bc3cba26fc08fc2a5239f27b301b2ca7cca5edc092c2fc73"
 		score = 40
 		quality = 85
@@ -287299,8 +287863,8 @@ rule SIGNATURE_BASE_SUSP_Scheduled_Task_Bigsize : FILE
 		date = "2018-12-06"
 		modified = "2025-08-13"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/generic_anomalies.yar#L430-L446"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/generic_anomalies.yar#L430-L446"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dcc06261b1ea39c587d8bcefbb8e85e6b9016da01bf66c2eefe5bd7bbdfc6968"
 		score = 65
 		quality = 85
@@ -287325,8 +287889,8 @@ rule SIGNATURE_BASE_SUSP_Putty_Unnormal_Size : FILE
 		date = "2019-01-07"
 		modified = "2022-06-30"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/generic_anomalies.yar#L448-L498"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/generic_anomalies.yar#L448-L498"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2f2c21cc25eaba8c1812db617203427a59e9a55f8620676e4bbe4cb3cd4071fd"
 		score = 50
 		quality = 85
@@ -287354,8 +287918,8 @@ rule SIGNATURE_BASE_SUSP_RTF_Header_Anomaly : FILE
 		date = "2019-01-20"
 		modified = "2022-09-15"
 		reference = "https://twitter.com/ItsReallyNick/status/975705759618158593"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/generic_anomalies.yar#L500-L512"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/generic_anomalies.yar#L500-L512"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c0be95894edc861cf322309f2c86a8ab986bb111dfdeea1990b4a074d5ab9ea3"
 		score = 50
 		quality = 85
@@ -287373,8 +287937,8 @@ rule SIGNATURE_BASE_APT_RANCOR_JS_Malware : FILE
 		date = "2018-06-26"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rancor.yar#L13-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rancor.yar#L13-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0d1e86d4395d4f84518750b5d58d15ed79b79570fbe50010d5d790b4c2511bb2"
 		score = 75
 		quality = 85
@@ -287399,8 +287963,8 @@ rule SIGNATURE_BASE_APT_RANCOR_PLAINTEE_Variant : FILE
 		date = "2018-06-26"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rancor.yar#L30-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rancor.yar#L30-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d22aa91d0f66dbb85b79c0f121f0508135bf817929d81f3ff0b3fdf223ba53ec"
 		score = 75
 		quality = 85
@@ -287430,8 +287994,8 @@ rule SIGNATURE_BASE_APT_RANCOR_PLAINTEE_Malware_Exports : FILE
 		date = "2018-06-26"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rancor.yar#L51-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rancor.yar#L51-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aa55452d4639dbaec760277908906c4ff9e8b66a60b1bcdc157ce23bd5d596db"
 		score = 75
 		quality = 85
@@ -287452,8 +288016,8 @@ rule SIGNATURE_BASE_APT_RANCOR_DDKONG_Malware_Exports : FILE
 		date = "2018-06-26"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rancor.yar#L64-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rancor.yar#L64-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2d11d46530c22b323c504344448d91fd43c0eecd29cf29aa4da7b2c797d27ff9"
 		score = 75
 		quality = 85
@@ -287473,8 +288037,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Big_Link_File : FILE
 		date = "2018-05-15"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_lnk.yar#L2-L12"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_lnk.yar#L2-L12"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6e44483583249939494e76f14b022e698ba59dfe8b58133a69135144ef60c743"
 		score = 65
 		quality = 85
@@ -287492,8 +288056,8 @@ rule SIGNATURE_BASE_MAL_Backdoor_SPAREPART_Sleepgenerator
 		date = "2022-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_ru_sparepart_dec22.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_ru_sparepart_dec22.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f9cd5b145e372553dded92628db038d8"
 		logic_hash = "41a9fdb2ba7aefcaf6ef2477b598e98b9045ef17ce9bfe46f3169d0b2e0dd289"
 		score = 50
@@ -287521,8 +288085,8 @@ rule SIGNATURE_BASE_MAL_Backdoor_SPAREPART_Struct : FILE
 		date = "2022-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_ru_sparepart_dec22.yar#L22-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_ru_sparepart_dec22.yar#L22-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f9cd5b145e372553dded92628db038d8"
 		logic_hash = "807c7404146c08995440987aef78ecde11224f7d6cad1a0d22269b2bf46a44e5"
 		score = 50
@@ -287546,8 +288110,8 @@ rule SIGNATURE_BASE_Powershdll
 		date = "2017-08-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/p3nt4/PowerShdll"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershdll.yar#L9-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershdll.yar#L9-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6c93eca642cc29e6ce661e6ea975bc1a88fff4e6a4825c1da3f82b3a6701392a"
 		score = 75
 		quality = 85
@@ -287574,8 +288138,8 @@ rule SIGNATURE_BASE_Cmstar_Malware_Sep17 : FILE
 		date = "2017-10-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/pTffPA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cmstar.yar#L13-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cmstar.yar#L13-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "498b6a3e02cf4979babe6379c2d6b3529d2a28210d44a8ce05aef1acdd325953"
 		score = 75
 		quality = 85
@@ -287599,8 +288163,8 @@ rule SIGNATURE_BASE_Cobaltstrike_CN_Group_Beacondropper_Aug17 : FILE
 		date = "2017-08-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cobaltgang.yar#L15-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cobaltgang.yar#L15-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "89db9c5f09afc9cb54fb7a9cd1490373c568ac4dc04bdb9ef71136f91e16ad2c"
 		score = 75
 		quality = 85
@@ -287634,8 +288198,8 @@ rule SIGNATURE_BASE_Cobaltgang_Malware_Aug17_1 : FILE
 		date = "2017-08-09"
 		modified = "2023-12-05"
 		reference = "https://sslbl.abuse.ch/intel/6ece5ece4192683d2d84e25b0ba7e04f9cb7eb7c"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cobaltgang.yar#L41-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cobaltgang.yar#L41-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "46077106bd19dd38a714a220b887742f5a29424ac8eb89f469975f863b3782ec"
 		score = 75
 		quality = 85
@@ -287661,8 +288225,8 @@ rule SIGNATURE_BASE_Cobaltgang_Malware_Aug17_2 : FILE
 		date = "2017-08-09"
 		modified = "2023-12-05"
 		reference = "https://sslbl.abuse.ch/intel/6ece5ece4192683d2d84e25b0ba7e04f9cb7eb7c"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cobaltgang.yar#L59-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cobaltgang.yar#L59-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "54095d2f447b6478aefe956133fb9b97171c1e07d7d9186a70bf242a094e4156"
 		score = 75
 		quality = 85
@@ -287686,8 +288250,8 @@ rule SIGNATURE_BASE_MAL_CRIME_Cobaltgang_Malware_Oct19_1 : FILE
 		date = "2019-10-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/vxsh4d0w/status/1187353649015611392"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cobaltgang.yar#L74-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cobaltgang.yar#L74-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4bd57aa6929b3eced7dee8063d89c542f2c80f802ef40efc23bbea6cc8ffd98c"
 		score = 75
 		quality = 85
@@ -287713,8 +288277,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Sharepoint_Drop_CVE_2025_53770_Jul25 : CVE_202
 		date = "2025-07-20"
 		modified = "2025-07-25"
 		reference = "https://research.eye.security/sharepoint-under-siege/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_sharepoint_jul25.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_sharepoint_jul25.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "27c45b8ed7b8a7e5fff473b50c24028bd028a9fe8e25e5cea2bf5e676e531014"
 		hash = "92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514"
 		hash = "b336f936be13b3d01a8544ea3906193608022b40c28dd8f1f281e361c9b64e93"
@@ -287740,14 +288304,14 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Compiled_Sharepoint_Drop_CVE_2025_53770_Jul25_
 		date = "2025-07-20"
 		modified = "2025-07-25"
 		reference = "https://research.eye.security/sharepoint-under-siege/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_sharepoint_jul25.yar#L22-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_sharepoint_jul25.yar#L22-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8d3d3f3a17d233bc8562765e61f7314ca7a08130ac0fb153ffd091612920b0f2"
 		hash = "d8ca5e5d6400ac34ac4cc138efa89d2ec4d5c0e968a78fa3ba5dbc04c7550649"
 		hash = "7e9b77da1f51d03ee2f96bc976f6aeb781f801cf633862a4b8c356cbb555927d"
 		logic_hash = "df11e5bd293cf094f3a147b54ecaafbe0804d7d575fcc22f38e77ab155c7ebdc"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = "CVE-2025-53770, FILE"
 
 	strings:
@@ -287771,11 +288335,11 @@ rule SIGNATURE_BASE_APT_EXPL_Sharepoint_CVE_2025_53770_Forensicartefact_Jul25_1
 		date = "2025-07-20"
 		modified = "2025-07-23"
 		reference = "https://research.eye.security/sharepoint-under-siege/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_sharepoint_jul25.yar#L53-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_sharepoint_jul25.yar#L53-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cca885bad087d1ed12f00ccad558bb474027f7cce058be76360df31c9499e771"
 		score = 75
-		quality = 81
+		quality = 56
 		tags = "CVE-2025-53770"
 
 	strings:
@@ -287796,8 +288360,8 @@ rule SIGNATURE_BASE_APT_EXPL_Sharepoint_CVE_2025_53770_Forensicartefact_Jul25_2
 		date = "2025-07-20"
 		modified = "2025-07-24"
 		reference = "https://research.eye.security/sharepoint-under-siege/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_sharepoint_jul25.yar#L73-L102"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_sharepoint_jul25.yar#L73-L102"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "30955794792a7ce045660bb1e1917eef36f1d5865891b8110bf982382b305b27"
 		hash = "b336f936be13b3d01a8544ea3906193608022b40c28dd8f1f281e361c9b64e93"
 		logic_hash = "5ae0620e7e1c1908ad54ac4e41c53240f738631c20577fd65fb29008945347a8"
@@ -287830,8 +288394,8 @@ rule SIGNATURE_BASE_PROMETHIUM_NEODYMIUM_Malware_1 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8abDE6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_promethium_neodymium.yar#L10-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_promethium_neodymium.yar#L10-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "143e52eedc5c3be9bbf0f916b232de26e4ed5c7e81e3f77cae70e6af84d31de1"
 		score = 75
 		quality = 85
@@ -287858,8 +288422,8 @@ rule SIGNATURE_BASE_PROMETHIUM_NEODYMIUM_Malware_2 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8abDE6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_promethium_neodymium.yar#L29-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_promethium_neodymium.yar#L29-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2d97ee2698b6a09da7f8c6850583ec7493cc288368b98b20790dd8305521f894"
 		score = 75
 		quality = 85
@@ -287885,8 +288449,8 @@ rule SIGNATURE_BASE_PROMETHIUM_NEODYMIUM_Malware_3 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8abDE6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_promethium_neodymium.yar#L47-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_promethium_neodymium.yar#L47-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "47595e07b59744f520cd9025bcec267384329b7687fd25842f5f7a8f4b360674"
 		score = 75
 		quality = 85
@@ -287912,8 +288476,8 @@ rule SIGNATURE_BASE_PROMETHIUM_NEODYMIUM_Malware_4 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8abDE6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_promethium_neodymium.yar#L65-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_promethium_neodymium.yar#L65-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0e8bb00133a94b29c482b9785048025a62e2706f3653c1915be7b702fbfe48d6"
 		score = 75
 		quality = 85
@@ -287943,8 +288507,8 @@ rule SIGNATURE_BASE_PROMETHIUM_NEODYMIUM_Malware_5 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8abDE6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_promethium_neodymium.yar#L87-L105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_promethium_neodymium.yar#L87-L105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "69433fae4d51f7fd7b6f5b683f9c751d0f0352b8ed805a8177085e635eb26260"
 		score = 75
 		quality = 85
@@ -287972,8 +288536,8 @@ rule SIGNATURE_BASE_PROMETHIUM_NEODYMIUM_Malware_6 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8abDE6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_promethium_neodymium.yar#L107-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_promethium_neodymium.yar#L107-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6cfccb863c3ea8f3f60520b0df03eee8e3b754699aa339fea21489d34e29f47b"
 		score = 75
 		quality = 85
@@ -288001,8 +288565,8 @@ rule SIGNATURE_BASE_APT_MAL_Win_Bluelight_B : INKYSQUID
 		date = "2021-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt37_bluelight.yar#L12-L112"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt37_bluelight.yar#L12-L112"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a6e83ca2ae15f1a7819f065449f84166da401739d091565605d62ebba3d47a50"
 		score = 75
 		quality = 60
@@ -288099,8 +288663,8 @@ rule SIGNATURE_BASE_APT_MAL_Win_Bluelight : INKYSQUID
 		date = "2021-04-23"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt37_bluelight.yar#L114-L144"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt37_bluelight.yar#L114-L144"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "52589348f42aadbe453ad8a40ac36b58fcc9e07cd298486f09b6f793823d8cc7"
 		score = 75
 		quality = 85
@@ -288137,8 +288701,8 @@ rule SIGNATURE_BASE_Malware_Sakula_Xorloop : FILE
 		date = "2016-06-13"
 		modified = "2023-01-27"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sakula.yar#L1-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sakula.yar#L1-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fc6497fe708dbda9355139721b6181e7"
 		logic_hash = "b3c3131693e18ce2cf26786a93b61d39d90703d8c827de1340f85377fe7b59de"
 		score = 75
@@ -288161,8 +288725,8 @@ rule SIGNATURE_BASE_Malware_Sakula_Memory
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sakula.yar#L20-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sakula.yar#L20-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b3852b9e7f2b8954be447121bb6b65c3"
 		logic_hash = "ba6d93a1fc5fd81748eb462fc55b681987126ba853ddb677a5f1f9b74ba5cde8"
 		score = 75
@@ -288193,8 +288757,8 @@ rule SIGNATURE_BASE_Malware_Sakula_Shellcode
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sakula.yar#L47-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sakula.yar#L47-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0e84d91cd1bb0455ac7d2ca78583510388f39cebd95523c5f6f173a50e0c1951"
 		score = 75
 		quality = 85
@@ -288216,8 +288780,8 @@ rule SIGNATURE_BASE_LOG_Proxynotshell_POC_CVE_2022_41040_Nov22 : CVE_2022_41040
 		date = "2022-11-17"
 		modified = "2023-12-05"
 		reference = "https://github.com/testanull/ProxyNotShell-PoC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_proxynotshell_cve_2022_41040.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_proxynotshell_cve_2022_41040.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7f91502fd9c59180970fc4253134582b44ba318db03ef4eb575257b2f3818d94"
 		score = 70
 		quality = 85
@@ -288243,8 +288807,8 @@ rule SIGNATURE_BASE_Sofacy_Campaign_Mal_Feb18_Cdnver : FILE
 		date = "2018-02-07"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ClearskySec/status/960924755355369472"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy.yar#L4-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy.yar#L4-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cd3fa21710054a96cc85da13d98e0882deaa574708c833349638b57b6088131c"
 		score = 75
 		quality = 85
@@ -288274,8 +288838,8 @@ rule SIGNATURE_BASE_Sofacy_Trojan_Loader_Feb18_1 : FILE
 		date = "2018-03-01"
 		modified = "2023-12-05"
 		reference = "https://www.reverse.it/sample/e3399d4802f9e6d6d539e3ae57e7ea9a54610a7c4155a6541df8e94d67af086e?environmentId=100"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy.yar#L29-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy.yar#L29-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b1946af23fa0de69f5631a66fa211dab5d8731b5afdb23898428842232752e77"
 		score = 75
 		quality = 85
@@ -288302,8 +288866,8 @@ rule SIGNATURE_BASE_APT_ATP28_Sofacy_Indicators_May19_1 : FILE
 		date = "2019-05-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1129647994603790338"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy.yar#L53-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy.yar#L53-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4e3530f540cc66e99b82bd88887943c8e524d4d750734058d9a7b27f76bc6871"
 		score = 60
 		quality = 85
@@ -288331,8 +288895,8 @@ rule SIGNATURE_BASE_Greenbug_Malware_1 : FILE
 		date = "2017-01-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/urp4CD"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_greenbug.yar#L12-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_greenbug.yar#L12-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e060a197dec0ce5da385abd282f0c4397bace8945b36198955925d02444b37a3"
 		score = 75
 		quality = 85
@@ -288356,8 +288920,8 @@ rule SIGNATURE_BASE_Greenbug_Malware_2 : FILE
 		date = "2017-01-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/urp4CD"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_greenbug.yar#L28-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_greenbug.yar#L28-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "25a9e1f08187f3d3cd0ec1384a5f4647c3368b99062f2e0d7d45c6c2ffeb66e0"
 		score = 75
 		quality = 85
@@ -288392,8 +288956,8 @@ rule SIGNATURE_BASE_Greenbug_Malware_3
 		date = "2017-01-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/urp4CD"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_greenbug.yar#L56-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_greenbug.yar#L56-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f4e8672da2ed9d90d4ebfccca977c4aeb93656d9e467cf479699cefd03611f32"
 		score = 75
 		quality = 85
@@ -288420,8 +288984,8 @@ rule SIGNATURE_BASE_Greenbug_Malware_4 : FILE
 		date = "2017-01-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/urp4CD"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_greenbug.yar#L75-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_greenbug.yar#L75-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "869832536d838e062227ccd3b84f8559d2215360c0e09ec791db623d7d3d7a3b"
 		score = 75
 		quality = 85
@@ -288457,8 +289021,8 @@ rule SIGNATURE_BASE_Greenbug_Malware_5 : FILE
 		date = "2017-01-25"
 		modified = "2023-01-27"
 		reference = "https://goo.gl/urp4CD"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_greenbug.yar#L103-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_greenbug.yar#L103-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cdb4b2447e7eb3546b33a804abf5fbc20817823e5c9440109db7b44adf90899d"
 		score = 75
 		quality = 85
@@ -288489,8 +289053,8 @@ rule SIGNATURE_BASE_Greenbug_Malware_Nov17_1 : FILE
 		date = "2017-11-26"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/greenbug/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_greenbug.yar#L141-L169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_greenbug.yar#L141-L169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "afd006d7e53cdedbed5938e5dea71273dd21a1382239bac03194662e95d053c8"
 		score = 75
 		quality = 83
@@ -288522,8 +289086,8 @@ rule SIGNATURE_BASE_Apolmy_Privesc_Trojan : FILE
 		date = "2015-08-04"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_terracotta.yar#L11-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_terracotta.yar#L11-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d7bd289e6cee228eb46a1be1fcdc3a2bd5251bc1eafb59f8111756777d8f373d"
 		logic_hash = "8cce828806d5829735d6ac8d28a48c9b016b96b4370b2f3ac139799a9fe13c4a"
 		score = 80
@@ -288548,8 +289112,8 @@ rule SIGNATURE_BASE_Mithozhan_Trojan : FILE
 		date = "2015-08-04"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_terracotta.yar#L29-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_terracotta.yar#L29-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8553b945e2d4b9f45c438797d6b5e73cfe2899af1f9fd87593af4fd7fb51794a"
 		logic_hash = "a7beb030368cc6e1119617991b68e6fa1bf2d1f6eee28e83fef7862313f19d30"
 		score = 70
@@ -288574,8 +289138,8 @@ rule SIGNATURE_BASE_Remoteexec_Tool : FILE
 		date = "2015-08-04"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_terracotta.yar#L47-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_terracotta.yar#L47-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a550131e106ff3c703666f15d55d9bc8c816d1cb9ac1b73c2e29f8aa01e53b78"
 		logic_hash = "951cc65e14c2ff035ccc06d080730b1c25208caa1d30129074a6150557a5cebe"
 		score = 75
@@ -288603,8 +289167,8 @@ rule SIGNATURE_BASE_Liudoor_Malware_1 : FILE
 		date = "2015-08-04"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_terracotta.yar#L69-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_terracotta.yar#L69-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9ef9fcc5df910e796d8b015396cf37614982ebbf9be6f6a4a8d271d4263a36a9"
 		score = 70
 		quality = 85
@@ -288633,8 +289197,8 @@ rule SIGNATURE_BASE_Liudoor_Malware_2 : FILE
 		date = "2015-08-04"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_terracotta.yar#L91-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_terracotta.yar#L91-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "12cc72fb147f2d580f9f9e2a9bdfbec3f7b0e977871a27ccc941cd0b1aaa634c"
 		score = 70
 		quality = 85
@@ -288660,8 +289224,8 @@ rule SIGNATURE_BASE_Explosive_EXE : APT FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_volatile_cedar.yar#L1-L12"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_volatile_cedar.yar#L1-L12"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "77eb74586f5ef2878c0d283b925e6e066f704d00525303990cf5ea7988a6637d"
 		score = 75
 		quality = 85
@@ -288683,8 +289247,8 @@ rule SIGNATURE_BASE_Explosion_Sample_1 : FILE
 		date = "2015-04-03"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/5vYaNb"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_volatile_cedar.yar#L14-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_volatile_cedar.yar#L14-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c97693ecb36247bdb44ab3f12dfeae8be4d299bb"
 		logic_hash = "f559880c182cf8061d640f60f18fe607d88a1f22216d93ff1d0ece720bcc94a7"
 		score = 70
@@ -288716,8 +289280,8 @@ rule SIGNATURE_BASE_Explosion_Sample_2 : FILE
 		date = "2015-04-03"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/5vYaNb"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_volatile_cedar.yar#L40-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_volatile_cedar.yar#L40-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "62fe6e9e395f70dd632c70d5d154a16ff38dcd29"
 		logic_hash = "db7ead96e0a9b4cf5c5cc885eac421cc11988f60d03f94de5fe828899d115bf0"
 		score = 70
@@ -288742,8 +289306,8 @@ rule SIGNATURE_BASE_Explosion_Generic_1 : FILE
 		date = "2015-04-03"
 		modified = "2023-12-05"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_volatile_cedar.yar#L59-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_volatile_cedar.yar#L59-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8b6e1e6aa838036989040dfbf4f6f3e347a717967deef740b35d1752b5c91da5"
 		score = 70
 		quality = 85
@@ -288780,8 +289344,8 @@ rule SIGNATURE_BASE_Explosive_UA : FILE
 		date = "2015-04-03"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/HQRCdw"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_volatile_cedar.yar#L90-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_volatile_cedar.yar#L90-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9ed7fedcf9cda868803c8ace393e08709a747b909178e19cdbb1b116edbb82f9"
 		score = 60
 		quality = 85
@@ -288803,8 +289367,8 @@ rule SIGNATURE_BASE_Webshell_Caterpillar_ASPX
 		date = "2015-04-03"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/emons5"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_volatile_cedar.yar#L106-L126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_volatile_cedar.yar#L106-L126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9df2e4a25052136d6e622273f917bd15df410869a8cf3075c773a14ea62a2a55"
 		score = 75
 		quality = 85
@@ -288835,8 +289399,8 @@ rule SIGNATURE_BASE_Reaver3_Malware_Nov17_1 : FILE
 		date = "2017-11-11"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_reaver_sunorcal.yar#L14-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_reaver_sunorcal.yar#L14-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa141a1d3868bd4a004794bf51dc20086eb2e1446e1fa374834a6f2d84940c0d"
 		score = 75
 		quality = 85
@@ -288860,8 +289424,8 @@ rule SIGNATURE_BASE_Reaver3_Malware_Nov17_2 : FILE
 		date = "2017-11-11"
 		modified = "2023-01-06"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_reaver_sunorcal.yar#L29-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_reaver_sunorcal.yar#L29-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f987876dae35d17fb3ac0d4d3cfe1e00f8977aa696194cc48e53ac1db9d55fca"
 		score = 75
 		quality = 85
@@ -288890,8 +289454,8 @@ rule SIGNATURE_BASE_Reaver3_Malware_Nov17_3 : FILE
 		date = "2017-11-11"
 		modified = "2023-01-06"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_reaver_sunorcal.yar#L55-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_reaver_sunorcal.yar#L55-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "32654255102aee872402b0910422701f3cd4d0b2b8fc6e83440f325923ab9e2f"
 		score = 75
 		quality = 85
@@ -288922,8 +289486,8 @@ rule SIGNATURE_BASE_Sunorcal_Malware_Nov17_1 : FILE
 		date = "2017-11-11"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_reaver_sunorcal.yar#L82-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_reaver_sunorcal.yar#L82-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "88e6280c04b12b1d8530bafb44afc180685550f1f6bcefb731b3247f6a9529a2"
 		score = 75
 		quality = 85
@@ -288954,8 +289518,8 @@ rule SIGNATURE_BASE_Sharpcat : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/SharpCat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_sharpcat.yar#L8-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_sharpcat.yar#L8-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4a38812b07b40bdde03049dbff1f9de38cadaf9941ab8b40b84016b1d5cbfd51"
 		score = 75
 		quality = 85
@@ -288980,8 +289544,8 @@ rule SIGNATURE_BASE_SUSP_Base64_Encoded_Hex_Encoded_Code
 		date = "2019-04-29"
 		modified = "2025-03-21"
 		reference = "https://www.nextron-systems.com/2019/04/29/spotlight-threat-hunting-yara-rule-example/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_obfuscation.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_obfuscation.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f1451e2dd0e4e70a0f39f609331762cce369642e9fadbef83d932da2a0a6c60b"
 		score = 65
 		quality = 85
@@ -289004,8 +289568,8 @@ rule SIGNATURE_BASE_SUSP_Reversed_Base64_Encoded_EXE : FILE
 		date = "2020-04-06"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_obfuscation.yar#L62-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_obfuscation.yar#L62-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0a2f1caf2235ee24f531c9f9a5ebdc0c97a90890218669749a4c83bede80a336"
 		score = 80
 		quality = 85
@@ -289034,8 +289598,8 @@ rule SIGNATURE_BASE_SUSP_Script_Base64_Blocks_Jun20_1
 		date = "2020-06-05"
 		modified = "2025-03-21"
 		reference = "https://posts.specterops.io/covenant-v0-5-eee0507b85ba"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_obfuscation.yar#L85-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_obfuscation.yar#L85-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7d456cbbbd76f543afe144a2876a02db834aa6b09ecd4d6aa2f25ce8eeac5de8"
 		score = 70
 		quality = 85
@@ -289057,8 +289621,8 @@ rule SIGNATURE_BASE_SUSP_Reversed_Hacktool_Author : FILE
 		date = "2020-06-10"
 		modified = "2025-03-21"
 		reference = "https://hackingiscool.pl/cmdhijack-command-argument-confusion-with-path-traversal-in-cmd-exe/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_obfuscation.yar#L100-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_obfuscation.yar#L100-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3681fb11dabf9905915d23f4198145b503a260d628415fd79ad71d7703ba9f6f"
 		score = 65
 		quality = 85
@@ -289080,8 +289644,8 @@ rule SIGNATURE_BASE_SUSP_Base64_Encoded_Hacktool_Dev : FILE
 		date = "2020-06-10"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/cyb3rops/status/1270626274826911744"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_obfuscation.yar#L116-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_obfuscation.yar#L116-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7345a528a12f87e5cbcabccf649566a038dd2115e8aec4f39599e357c8c6d57f"
 		score = 65
 		quality = 85
@@ -289110,8 +289674,8 @@ rule SIGNATURE_BASE_SUSP_LNX_SH_Cryptominer_Indicators_Dec20_1 : FILE
 		date = "2020-12-31"
 		modified = "2023-12-05"
 		reference = "https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_crypto_miner.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_crypto_miner.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4acd1b77307dbf23f95f7a2024209bee714c6931182aff16455ea6b7e4a6f287"
 		score = 65
 		quality = 85
@@ -289136,8 +289700,8 @@ rule SIGNATURE_BASE_PUA_WIN_XMRIG_Cryptocoin_Miner_Dec20 : FILE
 		date = "2020-12-31"
 		modified = "2023-12-05"
 		reference = "https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_crypto_miner.yar#L19-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_crypto_miner.yar#L19-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c39aee669a98bcc9d07821aef248096e45a6c54ab22b8b98c0a393b445f3934e"
 		score = 75
 		quality = 85
@@ -289161,8 +289725,8 @@ rule SIGNATURE_BASE_MAL_APT_Operation_Shadowhammer_Malsetup : FILE
 		date = "2019-03-25"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/operation-shadowhammer/89992/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_shadowhammer.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_shadowhammer.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dea31e401997b0aed1753754fd572a94df308229fccdf15ae6a907dcfd59b50a"
 		score = 80
 		quality = 85
@@ -289191,8 +289755,8 @@ rule SIGNATURE_BASE_Connectwise_Screenconnect_Authentication_Bypass_Feb_2024_Exp
 		date = "2024-02-20"
 		modified = "2024-02-21"
 		reference = "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L3-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L3-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f6c7a3aa2ed98e754f9523c55eb035c7bc5f8aea96a6f86c729e9658d78710fb"
 		score = 75
 		quality = 85
@@ -289216,8 +289780,8 @@ rule SIGNATURE_BASE_SUSP_Screenconnect_User_Poc_Com_Unused_Feb24 : FILE
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc/blob/45e5b2f699a4d8f2d59ec3fc79a2e3c99db71882/watchtowr-vs-ConnectWise_2024-02-21.py#L53"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L20-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L20-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2433ad11ca1d9f970eb3c536a13f07e808c2a0b8b0dd625dffbe4947268ab8f5"
 		score = 65
 		quality = 85
@@ -289241,8 +289805,8 @@ rule SIGNATURE_BASE_SUSP_Screenconnect_User_Poc_Com_Used_Feb24 : FILE
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc/blob/45e5b2f699a4d8f2d59ec3fc79a2e3c99db71882/watchtowr-vs-ConnectWise_2024-02-21.py#L53"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L40-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L40-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "50967a07a9789f20ccbc882c3b9e3142f0c28068c0a58b9d8927d725d02bf289"
 		score = 75
 		quality = 85
@@ -289266,8 +289830,8 @@ rule SIGNATURE_BASE_SUSP_Screenconnect_Exploitation_Artefacts_Feb24 : SCRIPT
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L62-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L62-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6f0d5f878847da1afb0d7b83e84bd337cfa67c36da2cbb33af712ed4ffad490a"
 		score = 75
 		quality = 83
@@ -289315,8 +289879,8 @@ rule SIGNATURE_BASE_SUSP_Command_Line_Combos_Feb24_2 : SCRIPT FILE
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L105-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L105-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0cd7b4771aa8fd622e873c5cdc6689d24394e5faf026b36d5f228ac09f4e0441"
 		score = 75
 		quality = 85
@@ -289338,8 +289902,8 @@ rule SIGNATURE_BASE_SUSP_PS1_Combo_Transfersh_Feb24 : SCRIPT
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L120-L135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L120-L135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "64d4343ecdcbc4a28571557bec2f31c1ff73c2ecf63d0feaa0a71001bb9bf499"
 		score = 70
 		quality = 85
@@ -289363,8 +289927,8 @@ rule SIGNATURE_BASE_MAL_SUSP_RANSOM_Lockbit_Ransomnote_Feb24
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L137-L149"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L137-L149"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1fe07c33de1971b1f9430851dec4b8cd9f3ac7f087f0de18a2da4a390891b674"
 		score = 75
 		quality = 85
@@ -289385,8 +289949,8 @@ rule SIGNATURE_BASE_MAL_SUSP_RANSOM_Lazy_Ransomnote_Feb24
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L151-L163"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L151-L163"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c9416d05f0bd9aab9d6108380c1b5364f4c4e112b6e0726202f083eaacfdcf56"
 		score = 75
 		quality = 85
@@ -289407,8 +289971,8 @@ rule SIGNATURE_BASE_SUSP_MAL_Signingcert_Feb24_1 : CVE_2024_1708 CVE_2024_1709 F
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L166-L184"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L166-L184"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "824efe1fa441322d891805df9a1637ebb44d18889572604acc125bf79a2d1083"
 		score = 75
 		quality = 85
@@ -289434,8 +289998,8 @@ rule SIGNATURE_BASE_MAL_CS_Loader_Feb24_1 : CVE_2024_1708 CVE_2024_1709 FILE
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L186-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L186-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ae0e25c2dda1b727978977c674e834cd659661c597d88395a6f46ad5a179e9f0"
 		score = 75
 		quality = 85
@@ -289458,8 +290022,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lockbit_Indicators_Feb24 : CVE_2024_1708 CVE_2024
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L208-L228"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L208-L228"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e4cd6b1a1bc57bf25c71f6bc228f45e4a996f9d9d391aeb3dda9c7d7857610bc"
 		score = 75
 		quality = 85
@@ -289483,8 +290047,8 @@ rule SIGNATURE_BASE_MAL_MSI_Mpyutils_Feb24_1 : CVE_2024_1708 CVE_2024_1709 FILE
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L230-L247"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L230-L247"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ba20db486e5d3c29c9702e10628fb3c0e55e52bbec74e3a86ed6511a6475b82f"
 		score = 70
 		quality = 85
@@ -289508,8 +290072,8 @@ rule SIGNATURE_BASE_MAL_Beacon_Unknown_Feb24_1 : CVE_2024_1708 CVE_2024_1709 FIL
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L249-L268"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L249-L268"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fd6ebc6676d677d6bc19398026eee7b7d2f9727ba7a3c79d1e970a6dc19548aa"
 		score = 75
 		quality = 85
@@ -289535,8 +290099,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwareqwerty_20121
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_querty_fiveeyes.yar#L3-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_querty_fiveeyes.yar#L3-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8263fb58350f3b1d3c4220a602421232d5e40726"
 		logic_hash = "e2660abf4959bc57bcf9d95d974cd20718d5d27f371109cb4526cee208544530"
 		score = 75
@@ -289569,8 +290133,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwaresig_20123_Sys
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_querty_fiveeyes.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_querty_fiveeyes.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a0f0087bd1f8234d5e847363d7e15be8a3e6f099"
 		logic_hash = "881af0e2ff8fad2bca2ae05ad63b5185356181685daafa7a1b9992a1de017c9e"
 		score = 75
@@ -289597,8 +290161,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwaresig_20123_Cmddef
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_querty_fiveeyes.yar#L47-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_querty_fiveeyes.yar#L47-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7b08fc77629f6caaf8cc4bb5f91be6b53e19a3cd"
 		logic_hash = "84776764caa79ad68f2dd0d2f890821c75f2efba7c46d674110ba870a40a372a"
 		score = 75
@@ -289641,8 +290205,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwaresig_20121_Dll
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_querty_fiveeyes.yar#L82-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_querty_fiveeyes.yar#L82-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "89504d91c5539a366e153894c1bc17277116342b"
 		logic_hash = "e735a7c26652cbf2bccac80a14568a3582b254ae25e2db56a46c09a714650611"
 		score = 75
@@ -289666,8 +290230,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwareqwerty_20123
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_querty_fiveeyes.yar#L97-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_querty_fiveeyes.yar#L97-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "edc7228b2e27df9e7ff9286bddbf4e46adb51ed9"
 		logic_hash = "918462399af78b16a8214ceb1d39db554e3136efd4bc643353f0727e4a162516"
 		score = 75
@@ -289701,8 +290265,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwaresig_20120_Dll
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_querty_fiveeyes.yar#L123-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_querty_fiveeyes.yar#L123-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6811bfa3b8cda5147440918f83c40237183dbd25"
 		logic_hash = "fc3aac33c84d3b4a981c2d1a9358c54dc5ceca2017dbf2e2a51e1b6970b90796"
 		score = 75
@@ -289745,8 +290309,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwaresig_20120_Cmddef
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_querty_fiveeyes.yar#L158-L191"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_querty_fiveeyes.yar#L158-L191"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cda9ceaf0a39d6b8211ce96307302a53dfbd71ea"
 		logic_hash = "9c336a09adb5fdf3149e5d0ad716cb854f95effa4ce4dfe3e75f43031e4903ff"
 		score = 75
@@ -289789,8 +290353,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwareqwerty_20120
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_querty_fiveeyes.yar#L193-L216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_querty_fiveeyes.yar#L193-L216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "597082f05bfd3225587d480c30f54a7a1326a892"
 		logic_hash = "7d2617e0ee41ea475608757594cba8ae93f2dbb09b5d01d1fa3324b32ebb8aa0"
 		score = 75
@@ -289823,8 +290387,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwaresig_20121_Cmddef
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_querty_fiveeyes.yar#L218-L251"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_querty_fiveeyes.yar#L218-L251"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "64ac06aa4e8d93ea6063eade7ce9687b1d035907"
 		logic_hash = "d73f0e964bd57ed3a2cd782ac204a2b82a9b334e33d64dc61e6414654d7c38d3"
 		score = 75
@@ -289867,8 +290431,8 @@ rule SIGNATURE_BASE_Duqu1_5_Modules
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://medium.com/chronicle-blog/who-is-gossipgirl-3b4170f846c0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_duqu1_5_modules.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_duqu1_5_modules.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bb3961e2b473c22c3d5939adeb86819eb846ccd07f5736abb5e897918580aace"
 		logic_hash = "795107e227cfb73f6ea09fcdb078f8b57a30d47a2cb702b2d47cc936dea5ae9f"
 		score = 75
@@ -289894,8 +290458,8 @@ rule SIGNATURE_BASE_Gen_Exploit_CVE_2017_10271_Weblogic : HIGHVOL CVE_2017_10271
 		date = "2018-03-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/c0mmand3rOpSec/CVE-2017-10271, https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliver-cryptominers.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_exploit_cve_2017_10271_weblogic.yar#L1-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_exploit_cve_2017_10271_weblogic.yar#L1-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "01e4f7b1c9c068f3953fa58749a14ea148d2b038c7266da789e0998eae83e1a7"
 		score = 75
 		quality = 85
@@ -289926,8 +290490,8 @@ rule SIGNATURE_BASE_HKTL_Venom_LIB_Dec22 : FILE
 		date = "2022-12-17"
 		modified = "2023-12-05"
 		reference = "https://github.com/Idov31/Venom"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_hktl_venom_lib.yar#L2-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_hktl_venom_lib.yar#L2-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa143946479a45b272d507c3aa2b17026bfdcbb4abefd833f95ff78537568ec1"
 		score = 75
 		quality = 85
@@ -289959,8 +290523,8 @@ rule SIGNATURE_BASE_SUSP_Unsigned_OSPPSVC : FILE
 		date = "2019-09-26"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2019/09/24/no-summer-vacations-zebrocy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_sign_anomalies.yar#L4-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_sign_anomalies.yar#L4-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "27d8d8d19e25a2e3cffb765a0b3122e38dcb72d60c00c554163ee193a04b3d82"
 		score = 65
 		quality = 85
@@ -289990,8 +290554,8 @@ rule SIGNATURE_BASE_SUSP_PE_Signed_By_Suspicious_Entitiy_Mar23 : FILE
 		date = "2023-03-06"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_sign_anomalies.yar#L28-L214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_sign_anomalies.yar#L28-L214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2fb7a38e69a88e3da8fece4c6a1a81842c1be6ae9d6ac299afa4aef4eb55fd4b"
 		hash = "9a24befcc0c0926abb49d43174fe25c2469cca06d6ab3b5000d7c9d434c42fe9"
 		hash = "9ad716f0173489e74fefe086000dfbea9dc093b1c3460bed9cdb82f923073806"
@@ -290176,8 +290740,8 @@ rule SIGNATURE_BASE_APT_Webshell_Tiny_1 : FILE
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_aus_parl_compromise.yar#L12-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_aus_parl_compromise.yar#L12-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "277162f720195c94d36fd3350d0dda785007e8cc6ed2ab2aa1a6a6262f2993fa"
 		score = 75
 		quality = 85
@@ -290198,8 +290762,8 @@ rule SIGNATURE_BASE_APT_Webshell_AUS_Tiny_2 : FILE
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_aus_parl_compromise.yar#L25-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_aus_parl_compromise.yar#L25-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e26c265d2b1606257d8c843921601f14cae2beaf246f8e37daeeb6c5ff12f289"
 		score = 75
 		quality = 85
@@ -290222,8 +290786,8 @@ rule SIGNATURE_BASE_APT_Webshell_AUS_Jscript_3 : FILE
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_aus_parl_compromise.yar#L40-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_aus_parl_compromise.yar#L40-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e144e555dd80e15ac9072a645e629a86ca1a6b52949d236ec3daedbf06bd6718"
 		score = 75
 		quality = 85
@@ -290246,8 +290810,8 @@ rule SIGNATURE_BASE_APT_Webshell_AUS_4 : FILE
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_aus_parl_compromise.yar#L56-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_aus_parl_compromise.yar#L56-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4a4f26b50631021979e4a8246a1e1c10150f4fb03eb7d77a1042e41ef57b3961"
 		score = 75
 		quality = 85
@@ -290272,8 +290836,8 @@ rule SIGNATURE_BASE_APT_Script_AUS_4 : FILE
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_aus_parl_compromise.yar#L73-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_aus_parl_compromise.yar#L73-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3a81365572380964abe07a1ec16a9ea299bf16a4e624285faaa6f72c44f762d2"
 		score = 75
 		quality = 83
@@ -290300,8 +290864,8 @@ rule SIGNATURE_BASE_APT_Webshell_AUS_5 : FILE
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_aus_parl_compromise.yar#L92-L111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_aus_parl_compromise.yar#L92-L111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fb0e53e5561f7f14f2ad6afcda2798d353cf4d54d12ae3354b03d62ed0c00bf3"
 		score = 75
 		quality = 85
@@ -290329,8 +290893,8 @@ rule SIGNATURE_BASE_HKTL_Lazycat_Logeraser
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_aus_parl_compromise.yar#L113-L135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_aus_parl_compromise.yar#L113-L135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2b4b69dd675172b9b0c08fac674b6daa107535694b4073750501627fb48d12c2"
 		score = 75
 		quality = 35
@@ -290361,8 +290925,8 @@ rule SIGNATURE_BASE_HKTL_Powerkatz_Feb19_1
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_aus_parl_compromise.yar#L137-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_aus_parl_compromise.yar#L137-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d1d39d68c5c5a3f6142a966925e2a136e937bc09abddd4080862346683886455"
 		score = 75
 		quality = 85
@@ -290386,8 +290950,8 @@ rule SIGNATURE_BASE_HKTL_Unknown_Feb19_1
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_aus_parl_compromise.yar#L154-L172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_aus_parl_compromise.yar#L154-L172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "231c771ed24106a8daf352a0df1bc2db43ebd8d1108d7fa1162d03d40e738d46"
 		score = 75
 		quality = 85
@@ -290415,8 +290979,8 @@ rule SIGNATURE_BASE_MAL_Nitol_Malware_Jan19_1 : FILE
 		date = "2019-01-14"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/shotgunner101/status/1084602413691166721"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_mal_nitol.yar#L4-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_mal_nitol.yar#L4-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4607496beb37500637c1e5509b42c0fe6f9e79548c85603819dc966fa2cc2be0"
 		score = 75
 		quality = 85
@@ -290446,8 +291010,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Jul17_2C : FILE
 		date = "2017-07-18"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/CX3KaY"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_unspecified_malware.yar#L3-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_unspecified_malware.yar#L3-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a078b96ea15b287c8aed960741865aeac356ec8650eac71b8e28f2f1924ec956"
 		score = 75
 		quality = 85
@@ -290478,8 +291042,8 @@ rule SIGNATURE_BASE_VUL_Tomcat_Catalina_CVE_2020_1938 : FILE
 		date = "2020-02-28"
 		modified = "2023-12-05"
 		reference = "https://www.chaitin.cn/en/ghostcat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vul_cve_2020_1938.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vul_cve_2020_1938.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "902b469c8a31add2254e8d5ade6bc22f1bc0a2b10ea70f3131f0640f2900e667"
 		score = 50
 		quality = 85
@@ -290505,11 +291069,11 @@ rule SIGNATURE_BASE_SUSP_Themebleed_Theme_Sep23 : FILE
 		date = "2023-09-13"
 		modified = "2023-12-05"
 		reference = "https://github.com/gabe-k/themebleed"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2023_38146.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2023_38146.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "577003741f07aeffafd2b0b22913de44ea4f5ed264f4104ee013104355f65311"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -290529,8 +291093,8 @@ rule SIGNATURE_BASE_EXPL_WSUS_Exploitation_Indicators_Oct25 : CVE_2025_59287
 		date = "2025-10-25"
 		modified = "2025-10-25"
 		reference = "https://www.huntress.com/blog/exploitation-of-windows-server-update-services-remote-code-execution-vulnerability"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_wsus_cve_2025_59287.yar#L1-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_wsus_cve_2025_59287.yar#L1-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "04487cca15f4151bfc31279fd58dc6898e59149cabb6dbef08c1df88418ab904"
 		score = 75
 		quality = 85
@@ -290559,8 +291123,8 @@ rule SIGNATURE_BASE_CVE_2015_1674_CNGSYS : CVE_2015_1674 FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "http://www.binvul.com/viewthread.php?tid=508"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2015_1674.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2015_1674.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "af4eb2a275f6bbc2bfeef656642ede9ce04fad36"
 		logic_hash = "d751ef739a6fb8b0871f92cb4aba21544f444944710407c723f0452dc3b85522"
 		score = 75
@@ -290587,8 +291151,8 @@ rule SIGNATURE_BASE_APT28_Hospitalitymalware_Document : FILE
 		date = "2017-10-02"
 		modified = "2023-12-05"
 		reference = "http://csecybsec.com/download/zlab/APT28_Hospitality_Malware_report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_hospitality.yar#L3-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_hospitality.yar#L3-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "33c69e03e00c90dc0b673cdb042f8f979552086414bda9c9f17f3785214b05af"
 		score = 75
 		quality = 85
@@ -290612,8 +291176,8 @@ rule SIGNATURE_BASE_APT28_Hospitalitymalware_Mvtband_File
 		date = "2017-10-02"
 		modified = "2023-12-05"
 		reference = "http://csecybsec.com/download/zlab/APT28_Hospitality_Malware_report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_hospitality.yar#L20-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_hospitality.yar#L20-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d5da333444e7c9f023d9c6d8d1dec617859efdb26f9f6bc41e22ef27d2e3059a"
 		score = 75
 		quality = 85
@@ -290636,8 +291200,8 @@ rule SIGNATURE_BASE_EXPL_Cleo_Exploitation_Log_Indicators_Dec24 : SCRIPT
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cleo_dec24.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cleo_dec24.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a7e6713a08d7cce00cffba8daa12b251ccc12dc8d5a5f38d568bd5054e3783a2"
 		score = 75
 		quality = 85
@@ -290660,8 +291224,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Cleo_Exploitation_Log_Indicators_Dec24_1 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cleo_dec24.yar#L18-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cleo_dec24.yar#L18-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "481ddd570d0292036b421223ce0f839ece86cc1a97aa226a8b9fbd1d63905d1b"
 		score = 75
 		quality = 83
@@ -290701,8 +291265,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Cleo_Exploitation_Log_Indicators_Dec24_2 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cleo_dec24.yar#L54-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cleo_dec24.yar#L54-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8debaf2c85ea63501b7a3c2ff8af7a8484f4d6097e073645d808cbd50ef1511a"
 		score = 70
 		quality = 85
@@ -290742,8 +291306,8 @@ rule SIGNATURE_BASE_EXPL_Cleo_Exploitation_XML_Indicators_Dec24 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cleo_dec24.yar#L91-L109"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cleo_dec24.yar#L91-L109"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "21c11c3e0c0ffea89e24b9c002b6112a46b4dc7c2c4f1f5dc9803758a68efc36"
 		score = 70
 		quality = 85
@@ -290766,8 +291330,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Cleo_Exploitation_XML_Indicators_Dec24_1 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cleo_dec24.yar#L112-L146"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cleo_dec24.yar#L112-L146"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c9be15aec57fdde62815ee04daa5616940ab7949784d382a4825dce9f1e28568"
 		score = 70
 		quality = 83
@@ -290807,8 +291371,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Cleo_Exploitation_XML_Indicators_Dec24_2 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cleo_dec24.yar#L148-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cleo_dec24.yar#L148-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "60e53c8d99fde8c48bff67408605aa69c3c1fe3040ba4f9d2080980df970aa93"
 		score = 70
 		quality = 85
@@ -290848,8 +291412,8 @@ rule SIGNATURE_BASE_EXPL_Cleo_Exploitation_PS1_Indicators_Dec24 : SCRIPT
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cleo_dec24.yar#L185-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cleo_dec24.yar#L185-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "87dcd0aa3c16d8948514b1d8589d38c6cc73bf7e6262f4517659cead16fedd3d"
 		score = 75
 		quality = 85
@@ -290874,8 +291438,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_JAR_Indicators_Dec24 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cleo_dec24.yar#L204-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cleo_dec24.yar#L204-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8b87e7000ab5d9759f55660a085bf0f3dddb46ad1ea411cbbabce1000105ee9e"
 		score = 70
 		quality = 85
@@ -290900,8 +291464,8 @@ rule SIGNATURE_BASE_EXPL_Cleo_Exploitation_JAVA_Payloads_Dec24_1_1 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cleo_dec24.yar#L224-L245"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cleo_dec24.yar#L224-L245"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "85600e9310e502b3b2135f2f3cf698ae54fe362047cdf9d378dcc107e0c2fa18"
 		score = 75
 		quality = 85
@@ -290927,8 +291491,8 @@ rule SIGNATURE_BASE_EXPL_Cleo_Exploitation_JAVA_Payloads_Dec24_2 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cleo_dec24.yar#L247-L265"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cleo_dec24.yar#L247-L265"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2bb5eace09b832bf3ce296484f473c9c56f97b881ea17838408be6000cc6fcb1"
 		score = 75
 		quality = 85
@@ -290953,8 +291517,8 @@ rule SIGNATURE_BASE_EXPL_Cleo_Exploitation_JAVA_Payloads_Dec24_3 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cleo_dec24.yar#L267-L286"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cleo_dec24.yar#L267-L286"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "64a6194110d4eb359cc3f15137cf752d598f2f0a52ac181fcaa358bf40072f54"
 		score = 75
 		quality = 85
@@ -290979,8 +291543,8 @@ rule SIGNATURE_BASE_MAL_Cisco_Rayinitiator_Stage_1
 		date = "2025-09-25"
 		modified = "2025-09-27"
 		reference = "https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L1-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L1-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e657de97954545f06fc6997a3221eb77037fb89c6c56f08eeb78be615512a3e4"
 		score = 85
 		quality = 85
@@ -291007,8 +291571,8 @@ rule SIGNATURE_BASE_MAL_Cisco_Rayinitiator_Stage_2
 		date = "2025-09-25"
 		modified = "2025-09-27"
 		reference = "https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L21-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L21-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "27f040bc14caec745f04fa32de08955a09857a801e5f2f04936fffca991c9d19"
 		score = 85
 		quality = 85
@@ -291033,8 +291597,8 @@ rule SIGNATURE_BASE_MAL_Cisco_Rayinitiator_Stage_3
 		date = "2025-09-25"
 		modified = "2025-09-27"
 		reference = "https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L39-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L39-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "332756bc77cc17c3330ce1ffb0af9d1a7c0f5f9a457f7e9ad7f4081d7aba50c6"
 		score = 85
 		quality = 85
@@ -291059,8 +291623,8 @@ rule SIGNATURE_BASE_MAL_Cisco_Rayinitiator_Stage_3_LINE_VIPER_Shellcode
 		date = "2025-09-25"
 		modified = "2025-09-27"
 		reference = "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/RayInitiator-LINE-VIPER/ncsc-mar-rayinitiator-line-viper.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L57-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L57-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e509bde73d8843b188d632fa44bb4d90ff9d1766138c830c2932e503c5a07197"
 		score = 85
 		quality = 85
@@ -291085,8 +291649,8 @@ rule SIGNATURE_BASE_MAL_Cisco_LINE_VIPER_Shellcode_Deobfuscation_Routine
 		date = "2025-09-25"
 		modified = "2025-09-27"
 		reference = "https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L74-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L74-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9feb3703a99c529b28c12646a0834e77d3377f1fd75ec69c46201cb0d4d22775"
 		score = 85
 		quality = 85
@@ -291114,8 +291678,8 @@ rule SIGNATURE_BASE_MAL_Cisco_LINE_VIPER_Shellcode_Initial_Execution
 		date = "2025-09-25"
 		modified = "2025-09-27"
 		reference = "https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L95-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L95-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "813aa79525bb43f62d98142eced501f793764e90a86c7176a686f9017f32eb4b"
 		score = 85
 		quality = 85
@@ -291142,8 +291706,8 @@ rule SIGNATURE_BASE_MAL_Cisco_LINE_VIPER_RSA_Enc_Random_AES_Key_Gen
 		date = "2025-09-25"
 		modified = "2025-09-27"
 		reference = "https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L119-L147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L119-L147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c382158e21300f49ed3da58e3e02c4578c10fd854c87a18227a01b7d6f7723bc"
 		score = 85
 		quality = 85
@@ -291180,8 +291744,8 @@ rule SIGNATURE_BASE_MAL_Cisco_LINE_VIPER_AES_Enc_Tasking_Exfil
 		date = "2025-09-25"
 		modified = "2025-09-27"
 		reference = "https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L149-L177"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L149-L177"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b6181701b512709c812f303a33e13115bb52f28be7095c086ef2a3b17f6ef4fd"
 		score = 85
 		quality = 85
@@ -291218,8 +291782,8 @@ rule SIGNATURE_BASE_MAL_Cisco_LINE_VIPER_ICMP_Tasking_Shellcode_Payloads
 		date = "2025-09-25"
 		modified = "2025-09-27"
 		reference = "https://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L179-L208"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cisco_asa_lineviper_rayinitiator_sep25.yar#L179-L208"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a11d8cebae498340065244ddaf6863925ef8368cea20af1d1f21c46fc51280ee"
 		score = 85
 		quality = 85
@@ -291257,8 +291821,8 @@ rule SIGNATURE_BASE_SUSP_RAR_Single_Doc_File : FILE
 		date = "2020-07-11"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_hunting_susp_rar.yar#L3-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_hunting_susp_rar.yar#L3-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bfc8c60c86e65e041976dac9d15c486ad99da930849bd697c869eec0a2626c38"
 		score = 40
 		quality = 85
@@ -291280,8 +291844,8 @@ rule SIGNATURE_BASE_Sliver_Implant_32Bit_1
 		date = "2022-11-18"
 		modified = "2025-03-21"
 		reference = "https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_gcti_sliver.yar#L26-L94"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_gcti_sliver.yar#L26-L94"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "911f4106350871ddb1396410d36f2d2eadac1166397e28a553b28678543a9357"
 		logic_hash = "3fec6fbba86a24b395e58f02fb35a60b1b9a4b941b4d85c060cc6159c6aa8265"
 		score = 75
@@ -291311,8 +291875,8 @@ rule SIGNATURE_BASE_Sliver_Implant_64Bit_1
 		date = "2022-11-18"
 		modified = "2025-03-21"
 		reference = "https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_gcti_sliver.yar#L112-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_gcti_sliver.yar#L112-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2d1c9de42942a16c88a042f307f0ace215cdc67241432e1152080870fe95ea87"
 		logic_hash = "ccfd944a5bc6521c89d44572910e2998e2404d472a593f9d97224d606d247bcd"
 		score = 75
@@ -291341,8 +291905,8 @@ rule SIGNATURE_BASE_Powerkatz_DLL_Generic : FILE
 		date = "2016-02-05"
 		modified = "2023-12-05"
 		reference = "PowerKatz Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powerkatz.yar#L9-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powerkatz.yar#L9-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "979cdb42b54a26960b3173d5ea6abcc5fa61bef57f98b09e55eb4c75f1040a40"
 		score = 80
 		quality = 85
@@ -291373,8 +291937,8 @@ rule SIGNATURE_BASE_Crimsonrat_Mar18_1 : FILE
 		date = "2018-03-06"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_crimson_rat.yar#L11-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_crimson_rat.yar#L11-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "59b01a98a70c4bac08d396418fac24eb96e461a45502f63edc2a9aa87e05f960"
 		score = 75
 		quality = 85
@@ -291412,8 +291976,8 @@ rule SIGNATURE_BASE_SUSP_Gobfuscate_May21 : FILE
 		date = "2021-05-14"
 		modified = "2024-04-02"
 		reference = "https://github.com/unixpickle/gobfuscate"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_gobfuscate.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_gobfuscate.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f71078dd6354a482a2ead2f0d25f4172cd40e62440a70c2da7916b68f26909a3"
 		score = 70
 		quality = 85
@@ -291435,8 +291999,8 @@ rule SIGNATURE_BASE_Royalroad_Code_Pattern1 : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_royalroad.yar#L25-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_royalroad.yar#L25-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ebd507d95c454562fa0b364072120b35b1bf8dd2be129a419d893f6708ab9cca"
 		score = 80
 		quality = 85
@@ -291458,8 +292022,8 @@ rule SIGNATURE_BASE_Royalroad_Code_Pattern2 : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_royalroad.yar#L42-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_royalroad.yar#L42-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e252868042e5150d99de2c2f4642f3d91d764d5a062f3a8de9ab316e299e00ac"
 		score = 80
 		quality = 85
@@ -291481,8 +292045,8 @@ rule SIGNATURE_BASE_Royalroad_Code_Pattern3 : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_royalroad.yar#L59-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_royalroad.yar#L59-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3b5d9872eb86d1a220e5b70c560e7054bee8b2bc1fa2a75781d87616674e2927"
 		score = 80
 		quality = 85
@@ -291504,8 +292068,8 @@ rule SIGNATURE_BASE_Royalroad_Code_Pattern4Ab : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_royalroad.yar#L77-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_royalroad.yar#L77-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dd9468b3208a27b6f3b56037013f06c4d2adbd201a12df141bc980ad595a75c0"
 		score = 80
 		quality = 85
@@ -291527,8 +292091,8 @@ rule SIGNATURE_BASE_Royalroad_Code_Pattern4Ce : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_royalroad.yar#L94-L109"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_royalroad.yar#L94-L109"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7033c5874b406341a68f761b45fd6a9b73a9875c80b14d52a7c2240202c8fb40"
 		score = 80
 		quality = 85
@@ -291550,8 +292114,8 @@ rule SIGNATURE_BASE_Royalroad_Code_Pattern4D : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_royalroad.yar#L113-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_royalroad.yar#L113-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9b531063d2a5ae36ae4e708a749dcf2cdc4c85fc43769a8525049e6facfca674"
 		score = 80
 		quality = 85
@@ -291573,8 +292137,8 @@ rule SIGNATURE_BASE_Royalroad_RTF : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_royalroad.yar#L133-L148"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_royalroad.yar#L133-L148"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "20031fe6d6a0b2fad43f7e04bb82321c2ea75193f23194edead7ca530af8ac55"
 		score = 80
 		quality = 85
@@ -291596,8 +292160,8 @@ rule SIGNATURE_BASE_Royalroad_RTF_V7 : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_royalroad.yar#L150-L166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_royalroad.yar#L150-L166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "da043123cf72e19295634720196d78bef3af89f44cba795dbbcee4c0f5c8159a"
 		score = 60
 		quality = 85
@@ -291620,8 +292184,8 @@ rule SIGNATURE_BASE_Royalroad_Encode_In_RTF : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_royalroad.yar#L168-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_royalroad.yar#L168-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "00a703a0d7b3a74ec9bfc8ad0e570ee04b3cb6b7f2c062cc2886b41f6fbea49d"
 		score = 60
 		quality = 85
@@ -291650,8 +292214,8 @@ rule SIGNATURE_BASE_Lazarus_Dec_17_1 : FILE
 		date = "2017-12-20"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8U6fY2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_dec17.yar#L12-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_dec17.yar#L12-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "50ff8418cf342147a81ef3a418e5e61d42f0e5764982e43b51d4dd3a983a548e"
 		score = 75
 		quality = 85
@@ -291678,8 +292242,8 @@ rule SIGNATURE_BASE_Lazarus_Dec_17_2 : FILE
 		date = "2017-12-20"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8U6fY2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_dec17.yar#L31-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_dec17.yar#L31-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "273cd54a0c3ecf53893de0ef9c41d784725eea6cc843e04df01cd8f29d61a797"
 		score = 75
 		quality = 85
@@ -291706,8 +292270,8 @@ rule SIGNATURE_BASE_Lazarus_Dec_17_4 : FILE
 		date = "2017-12-20"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8U6fY2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_dec17.yar#L53-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_dec17.yar#L53-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "70801347699d339cb47cad03ec3f694b09a976e32b70052a97fade09fcac679d"
 		score = 75
 		quality = 85
@@ -291731,8 +292295,8 @@ rule SIGNATURE_BASE_Lazarus_Dec_17_5 : FILE
 		date = "2017-12-20"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8U6fY2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_dec17.yar#L69-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_dec17.yar#L69-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "480ec19f7050d34713ed621ae9ec5d5463b1cc4710b473465cc78e533796d2e4"
 		score = 75
 		quality = 85
@@ -291762,8 +292326,8 @@ rule SIGNATURE_BASE_APT_NK_Methodology_Artificial_Useragent_IE_Win7 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt37.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt37.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "43119b83a7eaf3dade9477d342b5656970940e9b4f41b3ba5f720d7fbe927762"
 		score = 45
 		quality = 85
@@ -291789,8 +292353,8 @@ rule SIGNATURE_BASE_EXPL_Exploit_TLB_Scripts : FILE
 		date = "2021-01-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/outflanknl/Presentations/blob/master/Nullcon2020_COM-promise_-_Attacking_Windows_development_environments.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_tlb_scripts.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_tlb_scripts.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "39bf626d60a867d054762043f74e86998d6848439655f84be72003c112db9953"
 		score = 75
 		quality = 85
@@ -291816,8 +292380,8 @@ rule SIGNATURE_BASE_Monsoon_APT_Malware_1 : FILE
 		date = "2017-09-08"
 		modified = "2023-01-06"
 		reference = "http://blog.fortinet.com/2017/04/05/in-depth-look-at-new-variant-of-monsoon-apt-backdoor-part-2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_monsoon.yar#L14-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_monsoon.yar#L14-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "76580f999d445f4baace5287a3038e294f8be3783289d6c7c5b2c0c92c39db86"
 		score = 75
 		quality = 85
@@ -291841,8 +292405,8 @@ rule SIGNATURE_BASE_Monsoon_APT_Malware_2 : FILE
 		date = "2017-09-08"
 		modified = "2023-12-05"
 		reference = "http://blog.fortinet.com/2017/04/05/in-depth-look-at-new-variant-of-monsoon-apt-backdoor-part-2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_monsoon.yar#L37-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_monsoon.yar#L37-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "20552573102dd981c81ffa6a8c7bbdfafc9bbb7da1fbc12f273bca7d6a0c9d05"
 		score = 75
 		quality = 85
@@ -291877,8 +292441,8 @@ rule SIGNATURE_BASE_Crime_Win32_Dridex_Socks5_Mod
 		date = "2020-04-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1247058432223477760"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_evilcorp_dridex_banker.yar#L8-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_evilcorp_dridex_banker.yar#L8-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5ca09e9c7d94e949e453d1bb69b566c12b253579cbcae700929d4f517df35a0a"
 		score = 75
 		quality = 85
@@ -291901,8 +292465,8 @@ rule SIGNATURE_BASE_Crime_Win32_Hvnc_Banker_Gen
 		date = "2020-04-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1247058432223477760"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_evilcorp_dridex_banker.yar#L22-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_evilcorp_dridex_banker.yar#L22-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b01af685c3826834aadaf4eac1f1d8171db288a2efa7b769d8122421f7af8d7e"
 		score = 75
 		quality = 85
@@ -291920,8 +292484,8 @@ rule SIGNATURE_BASE_Windowscredentialeditor
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L20-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L20-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "531a0bdc893d89b1c14deee11df95b430051cef07744a15b5d606e1c5378db97"
 		score = 90
 		quality = 85
@@ -291944,8 +292508,8 @@ rule SIGNATURE_BASE_HKTL_Amplia_Security_Tool : FILE
 		date = "2013-01-01"
 		modified = "2023-02-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L34-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L34-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7ca32d8df0011f23922c6566b28aa55b0756d5b67bf3db8908b206b1038bb1f2"
 		score = 60
 		quality = 85
@@ -291971,8 +292535,8 @@ rule SIGNATURE_BASE_Pwdump
 		date = "2014-04-24"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L58-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L58-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a998d16f84e8689f182f6665ad165c6ff19e25d3e52acc10ca4cc6fe54ba354f"
 		score = 70
 		quality = 85
@@ -291995,8 +292559,8 @@ rule SIGNATURE_BASE_Pscan_Portscan_1
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L74-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L74-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c624fcdf28506b551bf7b36883d95b279a7c56322337a0acafd91205659c92cc"
 		score = 50
 		quality = 85
@@ -292019,8 +292583,8 @@ rule SIGNATURE_BASE_Hacktool_Samples
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L88-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L88-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0064950d88eccbe670cd1dc70861d093c7f49f8f10e984aef4cfb4bcc94e4645"
 		score = 50
 		quality = 83
@@ -292066,8 +292630,8 @@ rule SIGNATURE_BASE_Fierce2
 		date = "2014-01-07"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L126-L139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L126-L139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "05502827dd5d1903507fd1e176d518516a5c1965fb4e51ea26b1a05eb0dce3d2"
 		score = 60
 		quality = 85
@@ -292089,8 +292653,8 @@ rule SIGNATURE_BASE_Ncrack
 		date = "2014-01-07"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L141-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L141-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a42bfaefb873a10821bcc06db109d8ab20daa8c8ac0b6cfb245d2ee339f318bb"
 		score = 60
 		quality = 85
@@ -292112,8 +292676,8 @@ rule SIGNATURE_BASE_Sqlmap
 		date = "2014-01-07"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L156-L169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L156-L169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9c248c856c3d91a282012489b53dc9e15569e1bb1a5c9f5e3c7938f7ce0c3157"
 		score = 60
 		quality = 85
@@ -292136,8 +292700,8 @@ rule SIGNATURE_BASE_HKTL_Portscanner_Simple_Jan14
 		modified = "2025-04-14"
 		old_rule_name = "PortScanner"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L171-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L171-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b381b9212282c0c650cb4b0323436c63"
 		logic_hash = "c69269b227d46b5b970cfc094b3154b0a533b439b8ed492a2059025bc96d17a0"
 		score = 75
@@ -292160,8 +292724,8 @@ rule SIGNATURE_BASE_Domainscanv1_0
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L185-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L185-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "aefcd73b802e1c2bdc9b2ef206a4f24e"
 		logic_hash = "b06d902528fee5d1718d0a2984af3314e92e1ec7033c7596f9fb0e51a20eb848"
 		score = 75
@@ -292190,8 +292754,8 @@ rule SIGNATURE_BASE_HKTL_Moorer_Port_Scanner
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L204-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L204-L217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "376304acdd0b0251c8b19fea20bb6f5b"
 		logic_hash = "248f437964fc6f7836f6b4c87e1f35bb1bac25a1a484cdf1a4065e7efb823b51"
 		score = 75
@@ -292216,8 +292780,8 @@ rule SIGNATURE_BASE_Netbios_Name_Scanner
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L219-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L219-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "888ba1d391e14c0a9c829f5a1964ca2c"
 		logic_hash = "19b40a283b74317fece2f5be0ee3e38227d9631eebbc7efb0ea19056b52630f1"
 		score = 75
@@ -292241,8 +292805,8 @@ rule SIGNATURE_BASE_Felikspack3___Scanners_Ipscan
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L233-L245"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L233-L245"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6c1bcf0b1297689c8c4c12cc70996a75"
 		logic_hash = "8da10a4536ecea889f29bb3f098518580629bf48eda88db7adfc5f61738ede25"
 		score = 75
@@ -292266,8 +292830,8 @@ rule SIGNATURE_BASE_Cgisscan_Cgiscan
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L247-L259"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L247-L259"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "338820e4e8e7c943074d5a5bc832458a"
 		logic_hash = "5bd856a77c53616cf78d093462f8b7ca5a5fb0924406a02941d86bdb015a1fbc"
 		score = 75
@@ -292291,8 +292855,8 @@ rule SIGNATURE_BASE_IP_Stealing_Utilities
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L261-L272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L261-L272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "65646e10fb15a2940a37c5ab9f59c7fc"
 		logic_hash = "38958edeee6e140e11267cdd7899ad517799dbce33ac267d51dea0f8aecfa1ee"
 		score = 75
@@ -292315,8 +292879,8 @@ rule SIGNATURE_BASE_Superscan4
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L274-L287"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L274-L287"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "78f76428ede30e555044b83c47bc86f0"
 		logic_hash = "7f76c59e85efac5c150f783606e2a9bdc8724c6afd9f9c6405d63f7467c72752"
 		score = 75
@@ -292340,8 +292904,8 @@ rule SIGNATURE_BASE_Portracer
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L288-L300"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L288-L300"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2834a872a0a8da5b1be5db65dfdef388"
 		logic_hash = "f6ad85a8970b10e25becca76e17bff30cbc787ed45f331af4ecf9563ff11b65d"
 		score = 75
@@ -292365,8 +292929,8 @@ rule SIGNATURE_BASE_Scanarator
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L302-L312"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L302-L312"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "848bd5a518e0b6c05bd29aceb8536c46"
 		logic_hash = "9400435470c26245cd814e1e39f275eb22566d66d1a72d4f3e618a6ad11bc8d9"
 		score = 75
@@ -292388,8 +292952,8 @@ rule SIGNATURE_BASE_Aolipsniffer
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L314-L332"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L314-L332"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "51565754ea43d2d57b712d9f0a3e62b8"
 		logic_hash = "e627b8ea85e4325714c98e93ad6147adfa600af548a80dce8548b7f5743733b5"
 		score = 75
@@ -292419,8 +292983,8 @@ rule SIGNATURE_BASE__Bitchin_Threads_
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L334-L345"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L334-L345"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7491b138c1ee5a0d9d141fbfd1f0071b"
 		logic_hash = "f43fec37d9dc668b562838465e5696e502c638b207e7af6a77fac5a8b00e92a8"
 		score = 75
@@ -292443,8 +293007,8 @@ rule SIGNATURE_BASE_Cgis4_Cgis4
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L347-L362"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L347-L362"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d658dad1cd759d7f7d67da010e47ca23"
 		logic_hash = "2cf3fc6447323cbefe5f5ad02271eeb4c271bb9784d2c29030858542a43fbb04"
 		score = 75
@@ -292471,8 +293035,8 @@ rule SIGNATURE_BASE_Portscan
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L364-L375"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L364-L375"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a8bfdb2a925e89a281956b1e3bb32348"
 		logic_hash = "d93b54ffc7416b5354304daf156908f11d7e320a91bd936e397a15ede63caae3"
 		score = 75
@@ -292495,8 +293059,8 @@ rule SIGNATURE_BASE_Proport_Zip_Folder_Proport
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L377-L394"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L377-L394"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c1937a86939d4d12d10fc44b7ab9ab27"
 		logic_hash = "0ee2ffc5ed243d170b8013b3a164a3719f43bd473f4af7e1a2697d88a298fe9f"
 		score = 75
@@ -292525,8 +293089,8 @@ rule SIGNATURE_BASE_Stealthwasp_S_Basic_Portscanner_V1_2
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L396-L407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L396-L407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7c0f2cab134534cd35964fe4c6a1ff00"
 		logic_hash = "b01c165b5e5be3ba6905e8bc44a14c3d7195effd058e4c0c31678777d19db8b5"
 		score = 75
@@ -292549,8 +293113,8 @@ rule SIGNATURE_BASE_Bluesportscan
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L409-L420"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L409-L420"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6292f5fc737511f91af5e35643fc9eef"
 		logic_hash = "5cb4e4b87eaf166c85d23114f5abc10ef83b4a29968bf6fef4b3fce7ff2787fd"
 		score = 75
@@ -292573,8 +293137,8 @@ rule SIGNATURE_BASE_Scanarator_Iis
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L422-L433"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L422-L433"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3a8fc02c62c8dd65e038cc03e5451b6e"
 		logic_hash = "092cb902e10624b207b7932e6b3c1fe2277ed1d183e5de9ee4d07d8548e90ab6"
 		score = 75
@@ -292597,8 +293161,8 @@ rule SIGNATURE_BASE_Stealth_Stealth
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L435-L446"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L435-L446"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8ce3a386ce0eae10fc2ce0177bbc8ffa"
 		logic_hash = "e210b1a553549c22f66511dfc9d0d3f5b17f02981b9e9915827bc909f34b3262"
 		score = 75
@@ -292621,8 +293185,8 @@ rule SIGNATURE_BASE_Angry_IP_Scanner_V2_08_Ipscan
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L448-L460"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L448-L460"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "70cf2c09776a29c3e837cb79d291514a"
 		logic_hash = "1b50856ad35c146a684298a86f1629c45996ab08ffae8486a388805262ec2367"
 		score = 75
@@ -292646,8 +293210,8 @@ rule SIGNATURE_BASE_Crack_Loader
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L462-L473"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L462-L473"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f4f79358a6c600c1f0ba1f7e4879a16d"
 		logic_hash = "3380ace7c34c15dfd9a9625c8c4a1ed7e35c1cf3c2eca9b1e00dd0092d256150"
 		score = 75
@@ -292670,8 +293234,8 @@ rule SIGNATURE_BASE_CN_GUI_Scanner
 		date = "2014-04-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L475-L492"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L475-L492"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3c67bbb1911cdaef5e675c56145e1112"
 		logic_hash = "f9281277ad7058527699d1f5037bb78be1363c90f38e2e399592c58f0b313bd7"
 		score = 65
@@ -292698,8 +293262,8 @@ rule SIGNATURE_BASE_CN_Packed_Scanner : FILE
 		date = "2014-06-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L494-L510"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L494-L510"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6323b51c116a77e3fba98f7bb7ff4ac6"
 		logic_hash = "0d9178ec65029e4ce8d4c3cc28ebd041c612f3a48f095b60c7a4515de03cccf4"
 		score = 40
@@ -292725,8 +293289,8 @@ rule SIGNATURE_BASE_Tiny_Network_Tool_Generic : FILE
 		date = "2014-08-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L512-L545"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L512-L545"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "efd04ee3a7bb120cdff00369e1856dd03ec9db84e1fb3196bf5e1a8ebd302802"
 		score = 40
 		quality = 85
@@ -292765,8 +293329,8 @@ rule SIGNATURE_BASE_Beastdoor_Backdoor
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L547-L567"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L547-L567"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5ab10dda548cb821d7c15ebcd0a9f1ec6ef1a14abcc8ad4056944d060c49535a"
 		logic_hash = "35aa5d66c0fd4bf1995fc23a68283e8a28f31b5a1e1f3b742dd0ab89c48bf403"
 		score = 55
@@ -292797,8 +293361,8 @@ rule SIGNATURE_BASE_Powershell_Netcat
 		date = "2014-10-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L569-L583"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L569-L583"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ff9d7c3e83fd27620559306c07556ce7afd1ba7a5db5f5c21ad0841d58b85014"
 		score = 60
 		quality = 85
@@ -292822,8 +293386,8 @@ rule SIGNATURE_BASE_Chinese_Hacktool_1014
 		date = "2014-10-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L585-L602"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L585-L602"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "98c07a62f7f0842bcdbf941170f34990"
 		logic_hash = "ffb1f653fd536a46dae4bf2c91c3c0582b703b8f0d33838b9736083e307a8e79"
 		score = 60
@@ -292850,8 +293414,8 @@ rule SIGNATURE_BASE_CN_Hacktool_BAT_Portsopen
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L604-L618"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L604-L618"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e5bc7b3264d7fc63fcc6c3d7e45859eb83b8ce60bd9a918f5eff887f626d09a3"
 		score = 60
 		quality = 85
@@ -292875,8 +293439,8 @@ rule SIGNATURE_BASE_CN_Hacktool_Ssport_Portscanner
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L620-L634"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L620-L634"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "30c380b6c683cbcbef7072e793d94e1782206b844fa23d334b737818f0a32f9f"
 		score = 70
 		quality = 85
@@ -292900,8 +293464,8 @@ rule SIGNATURE_BASE_CN_Hacktool_Scanport_Portscanner
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L636-L650"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L636-L650"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa2dce57cc3e9baecb80b0165dfeb1af1ba4c4b30098e3b1252eb98b4fc30f7f"
 		score = 70
 		quality = 60
@@ -292925,8 +293489,8 @@ rule SIGNATURE_BASE_CN_Hacktool_S_EXE_Portscanner
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L652-L666"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L652-L666"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "658ae90f3af3c7abec6e692b6be350939ba7b654a9972d1a1016ff33e815a1de"
 		score = 70
 		quality = 85
@@ -292950,8 +293514,8 @@ rule SIGNATURE_BASE_CN_Hacktool_Milkt_BAT
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L668-L681"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L668-L681"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ad74c45db0ef52223eb4dd162a21c57074a4ecb869a841d836d14afc997a7478"
 		score = 70
 		quality = 85
@@ -292974,8 +293538,8 @@ rule SIGNATURE_BASE_CN_Hacktool_Milkt_Scanner
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L683-L701"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L683-L701"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "707cbd625b5694b710d01622a053e60828da7f70b38e43012d04364137583fe9"
 		score = 60
 		quality = 85
@@ -293003,8 +293567,8 @@ rule SIGNATURE_BASE_CN_Hacktool_1433_Scanner : FILE
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L703-L720"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L703-L720"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3e51e3596fc90bcea46236728da5437a9b6f56a42d64a651940321f575b32129"
 		score = 40
 		quality = 85
@@ -293031,8 +293595,8 @@ rule SIGNATURE_BASE_CN_Hacktool_1433_Scanner_Comp2 : FILE
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L722-L736"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L722-L736"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7c84d59a821531d9e741a05a23a911bb1caa825a18bb6532381e5ff38193c260"
 		score = 40
 		quality = 85
@@ -293056,8 +293620,8 @@ rule SIGNATURE_BASE_WCE_Modified_1_1014
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L738-L752"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L738-L752"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "09a412ac3c85cedce2642a19e99d8f903a2e0354"
 		logic_hash = "f094d635aabea9b9101fad3d0d23ad37692317ae5b4f636296ee612752c4421f"
 		score = 70
@@ -293082,8 +293646,8 @@ rule SIGNATURE_BASE_Ikat_Wmi_Rundll : FILE
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L773-L794"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L773-L794"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "97c4d4e6a644eed5aa12437805e39213e494d120"
 		logic_hash = "b857e17c790a97468ae69c8cbec6474ee38bea25bb04520516a2603996d4bd41"
 		score = 65
@@ -293113,8 +293677,8 @@ rule SIGNATURE_BASE_Ikat_Revelations
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L796-L813"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L796-L813"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c4e217a8f2a2433297961561c5926cbd522f7996"
 		logic_hash = "0f3aa9e784beb7de8b560ecde8cc06d49e07f5e4ea4acb233ec9ac007179d7a3"
 		score = 75
@@ -293140,8 +293704,8 @@ rule SIGNATURE_BASE_Ikat_Priv_Esc_Tasksch
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L815-L841"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L815-L841"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "84ab94bff7abf10ffe4446ff280f071f9702cf8b"
 		logic_hash = "6d0f755a758aaac4328f5f4343b424c03c2751ddad6a1dbe7c0332171c027945"
 		score = 75
@@ -293176,8 +293740,8 @@ rule SIGNATURE_BASE_Ikat_Command_Lines_Agent
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L843-L864"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L843-L864"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c802ee1e49c0eae2a3fc22d2e82589d857f96d94"
 		logic_hash = "a39f8e388aa11c732156753f4a19aa9cc3ccd0437de30cdcc608926320a089b0"
 		score = 75
@@ -293207,8 +293771,8 @@ rule SIGNATURE_BASE_Ikat_Cmd_As_Dll
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L866-L884"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L866-L884"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b5d0ba941efbc3b5c97fe70f70c14b2050b8336a"
 		logic_hash = "3f8390fb6eb16749e63379222a5899b811e7ccd6b3b219b60d7a621fd4595e7b"
 		score = 65
@@ -293234,8 +293798,8 @@ rule SIGNATURE_BASE_Ikat_Tools_Nmap
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L886-L903"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L886-L903"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d0543f365df61e6ebb5e345943577cc40fca8682"
 		logic_hash = "f538d807ed4904a2c321385a095a97bc0d718349f7eb31a367e521228412cef2"
 		score = 50
@@ -293261,8 +293825,8 @@ rule SIGNATURE_BASE_Ikat_Startbar
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L905-L925"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L905-L925"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0cac59b80b5427a8780168e1b85c540efffaf74f"
 		logic_hash = "adb29d4903a771b0dab9dee8313878757ff12fc014da86291e32eb3ec60bf551"
 		score = 50
@@ -293291,8 +293855,8 @@ rule SIGNATURE_BASE_Ikat_Tool_Generic
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L927-L953"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L927-L953"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5c5aa2d7d82d4b65541c5b6bcae6260fdaed0030493ed689363722cd78fd0a26"
 		score = 55
 		quality = 85
@@ -293327,8 +293891,8 @@ rule SIGNATURE_BASE_Bypassuac2
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L955-L967"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L955-L967"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ef3e7dd2d1384ecec1a37254303959a43695df61"
 		logic_hash = "398783fa0453a60fd1c6aa64eacfbfa7c5385e81c79d1b6a8a8386dae9b825cc"
 		score = 75
@@ -293352,8 +293916,8 @@ rule SIGNATURE_BASE_Bypassuac_3
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L969-L982"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L969-L982"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1974aacd0ed987119999735cad8413031115ce35"
 		logic_hash = "cf3183ff4562f2962f87bc594c1710c73c113fa1d49fa56f7a3ff391ba4b9003"
 		score = 75
@@ -293378,8 +293942,8 @@ rule SIGNATURE_BASE_Bypassuacdll_6
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1000-L1011"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1000-L1011"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "58d7b24b6870cb7f1ec4807d2f77dd984077e531"
 		logic_hash = "3cb89875ddf79a3709aeb58149e228e03b9fb43fa1565aab5ece743857b4cc71"
 		score = 75
@@ -293402,8 +293966,8 @@ rule SIGNATURE_BASE_Bypassuac_EXE
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1013-L1027"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1013-L1027"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "58d7b24b6870cb7f1ec4807d2f77dd984077e531"
 		logic_hash = "0283efd6866ed9417f2d255715f04c0ed6d7a89befce6a3a52c22ac06593c0bd"
 		score = 75
@@ -293429,8 +293993,8 @@ rule SIGNATURE_BASE_APT_Proxy_Malware_Packed_Dev
 		date = "2014-11-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1029-L1044"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1029-L1044"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6b6a86ceeab64a6cb273debfa82aec58"
 		logic_hash = "64b15aaf93b40744b887c75fa26f4996d72045a55ac82ab4de89a0d9a3714684"
 		score = 50
@@ -293454,8 +294018,8 @@ rule SIGNATURE_BASE_Tzddos_Ddos_Tool_CN
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1046-L1065"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1046-L1065"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d4c517eda5458247edae59309453e0ae7d812f8e"
 		logic_hash = "fed09a8586f9b573e46871efa71082f4573d2bd069fde9cc2928b267d0025bab"
 		score = 60
@@ -293484,8 +294048,8 @@ rule SIGNATURE_BASE_Ncat_Hacktools_CN
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1067-L1085"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1067-L1085"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "001c0c01c96fa56216159f83f6f298755366e528"
 		logic_hash = "0e059e90447747ed5259da4a870036d37d181c1cfea734ab25e760e81612f0f3"
 		score = 60
@@ -293513,8 +294077,8 @@ rule SIGNATURE_BASE_MS08_067_Exploit_Hacktools_CN
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1087-L1106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1087-L1106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a3e9e0655447494253a1a60dbc763d9661181322"
 		logic_hash = "e5756250de401324d0c86f855bc088c8364e4a632cece25e553939fa621b73d8"
 		score = 60
@@ -293543,8 +294107,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Burst_Sql
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1108-L1129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1108-L1129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d5139b865e99b7a276af7ae11b14096adb928245"
 		logic_hash = "139f7308055351d9dc8a704c055360ac9408dcefc9eee4b9f222886fb5249b8c"
 		score = 60
@@ -293575,8 +294139,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Panda_445TOOL
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1131-L1147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1131-L1147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "92050ba43029f914696289598cf3b18e34457a11"
 		logic_hash = "69a17bf7735eea946a5326d9535e68b8f010f2a0229875970b1bb15029c6dc4e"
 		score = 60
@@ -293602,8 +294166,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Panda_445
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1149-L1169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1149-L1169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a61316578bcbde66f39d88e7fc113c134b5b966b"
 		logic_hash = "d3f5b2c601dfa1702bbd1f8bdc1f847dd34ba84a6c527a3e02cdb76075e4ad2c"
 		score = 60
@@ -293633,8 +294197,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Wineggdrop
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1171-L1194"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1171-L1194"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7665011742ce01f57e8dc0a85d35ec556035145d"
 		logic_hash = "6123a07038e30e11e37a70b912a1c854c13341e67eaf4ed14ca9954288a42d62"
 		score = 60
@@ -293667,8 +294231,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Scan_BAT
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1196-L1214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1196-L1214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6517d7c245f1300e42f7354b0fe5d9666e5ce52a"
 		logic_hash = "eed941d2ad5d33d7224504b08d2104d4043fab7a2ff027fc54cd1afd42e32549"
 		score = 60
@@ -293696,8 +294260,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Panda_Burst
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1216-L1229"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1216-L1229"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ce8e3d95f89fb887d284015ff2953dbdb1f16776"
 		logic_hash = "c334019cab377f4d96f5daee6a2f1fa7e24ecc43b3aee1eb76537640fdfd8a97"
 		score = 60
@@ -293720,8 +294284,8 @@ rule SIGNATURE_BASE_Hacktools_CN_445_Cmd : FILE
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1231-L1246"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1231-L1246"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "69b105a3aec3234819868c1a913772c40c6b727a"
 		logic_hash = "e0ab572fe9009ddc39f34302d8a16531c23f51ce4ea373d57a039f22ccc934c7"
 		score = 60
@@ -293746,8 +294310,8 @@ rule SIGNATURE_BASE_Hacktools_CN_GOGOGO_Bat
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1248-L1273"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1248-L1273"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4bd4f5b070acf7fe70460d7eefb3623366074bbd"
 		logic_hash = "0209ffba87ff07379c768c1c00496a37f0f9bc6b786a31afdafe55d65a9f39ab"
 		score = 60
@@ -293782,8 +294346,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Burst_Pass
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1275-L1298"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1275-L1298"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "55a05cf93dbd274355d798534be471dff26803f9"
 		logic_hash = "3a30cc602a66bd87304756311d56e7c698c1edb0b4b209198c589c4792776992"
 		score = 60
@@ -293816,8 +294380,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Johor_Posts_Killer
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1300-L1321"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1300-L1321"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d157f9a76f9d72dba020887d7b861a05f2e56b6a"
 		logic_hash = "2fc63cd42619a2b92ab8670b14ab4c01eb3b194cd337d329ba224b7088d26318"
 		score = 60
@@ -293848,8 +294412,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Panda_Tesksd
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1323-L1338"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1323-L1338"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "922147b3e1e6cf1f5dd5f64a4e34d28bdc9128cb"
 		logic_hash = "dc81acef0ad3e6307f68ee755e5b27f2dcf1e2822e560a72dc5ae572703f4459"
 		score = 60
@@ -293874,8 +294438,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Http : FILE
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1340-L1356"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1340-L1356"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "788bf0fdb2f15e0c628da7056b4e7b1a66340338"
 		logic_hash = "690b41bdf856e0d4d90b4a42524134302e9649018fdd495c359582aa6121a017"
 		score = 60
@@ -293901,8 +294465,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Burst_Start
 		date = "2014-11-17"
 		modified = "2023-01-27"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1358-L1380"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1358-L1380"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "75d194d53ccc37a68286d246f2a84af6b070e30c"
 		logic_hash = "b435957150da7b790809d2cf90a01c967127c183ddcbf333beda1a7c599b69a5"
 		score = 60
@@ -293933,8 +294497,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Panda_Tasksvr
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1382-L1397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1382-L1397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a73fc74086c8bb583b1e3dcfd326e7a383007dc0"
 		logic_hash = "183708e525ec6676662b59a2a3c79f5113a80f2d5b3bd4713c74a536fe303b2d"
 		score = 60
@@ -293959,8 +294523,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Burst_Clear
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1398-L1419"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1398-L1419"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "148c574a4e6e661aeadaf3a4c9eafa92a00b68e4"
 		logic_hash = "d10ed2c6ea3f1a8b289529cc90f50f84288003576aced903f48db3c2abc4722d"
 		score = 60
@@ -293991,8 +294555,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Burst_Thecard
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1421-L1438"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1421-L1438"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "50b01ea0bfa5ded855b19b024d39a3d632bacb4c"
 		logic_hash = "29e1fb2e0bfa60e5406f9fd1c0ec99f0fc1b416ffc4d59846627e40959a32c63"
 		score = 60
@@ -294019,8 +294583,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Burst_Blast
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1440-L1454"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1440-L1454"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b07702a381fa2eaee40b96ae2443918209674051"
 		logic_hash = "77902c7b23bab80d035f1dbe074554f16f99b2c9e31c80171296a1d33f705dac"
 		score = 60
@@ -294044,8 +294608,8 @@ rule SIGNATURE_BASE_Vubrute_Vubrute
 		date = "2014-11-22"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1456-L1472"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1456-L1472"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "166fa8c5a0ebb216c832ab61bf8872da556576a7"
 		logic_hash = "9dab03b70b249c0c481e3bc98c3196e83da93ea2723674d38baf32469392d52a"
 		score = 70
@@ -294071,8 +294635,8 @@ rule SIGNATURE_BASE_DK_Brute
 		date = "2014-11-22"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/xiIphp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1474-L1491"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1474-L1491"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "93b7c3a01c41baecfbe42461cb455265f33fbc3d"
 		logic_hash = "a48ba3513c9c99066e9dda02859089e9e1db15e7bd52443795771609f011c94a"
 		score = 70
@@ -294098,8 +294662,8 @@ rule SIGNATURE_BASE_Vubrute_Config
 		date = "2014-11-22"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/xiIphp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1493-L1513"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1493-L1513"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b9f66b9265d2370dab887604921167c11f7d93e9"
 		logic_hash = "b4c54d5ecb269c7310b5bd2a9e8fe5d6c75503f8cb1f25679399e25185d9cb51"
 		score = 70
@@ -294128,8 +294692,8 @@ rule SIGNATURE_BASE_Sig_238_Hunt
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1515-L1534"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1515-L1534"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f9f059380d95c7f8d26152b1cb361d93492077ca"
 		logic_hash = "66d22c4dc2864d61bd485d6840887905f020fce8e19bb976ec09acaa6ed0387c"
 		score = 60
@@ -294158,8 +294722,8 @@ rule SIGNATURE_BASE_Sig_238_Listip
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1536-L1554"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1536-L1554"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f32a0c5bf787c10eb494eb3b83d0c7a035e7172b"
 		logic_hash = "db5cc21e8c76fdd10953ba0f06c4a1ad319ee522d9def7777dad66612b51edfc"
 		score = 60
@@ -294187,8 +294751,8 @@ rule SIGNATURE_BASE_Arttrayhookdll
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1556-L1570"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1556-L1570"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4867214a3d96095d14aa8575f0adbb81a9381e6c"
 		logic_hash = "e43cefdb11df870f4732e74782ecefb94c0a4850c4aa994e4fbc940f523d2434"
 		score = 60
@@ -294212,8 +294776,8 @@ rule SIGNATURE_BASE_Sig_238_Eee
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1572-L1591"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1572-L1591"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "236916ce2980c359ff1d5001af6dacb99227d9cb"
 		logic_hash = "b12c11f46125a33a2d7d9d02f25762c07b9d5088f70887c000b29e82a7921399"
 		score = 60
@@ -294242,8 +294806,8 @@ rule SIGNATURE_BASE_Aspbackdoor_Asp4
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1593-L1613"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1593-L1613"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "faf991664fd82a8755feb65334e5130f791baa8c"
 		logic_hash = "dab19a2b92bbfe17cb860981d7bd5c3f3dd1a9e7c2ac5093fc4117f9205c1c27"
 		score = 60
@@ -294273,8 +294837,8 @@ rule SIGNATURE_BASE_Aspfile1
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1615-L1633"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1615-L1633"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "77b1e3a6e8f67bd6d16b7ace73dca383725ac0af"
 		logic_hash = "4968e44f807f8ffface65e21fd8684ccfaee281b4da10f5110482c3f26ccac26"
 		score = 60
@@ -294302,8 +294866,8 @@ rule SIGNATURE_BASE_Editserver
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1635-L1657"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1635-L1657"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "87b29c9121cac6ae780237f7e04ee3bc1a9777d3"
 		logic_hash = "6a8f6fcf8f4a0ea5ac114150d7becbd716be0bb40cd45fd5c76a4a8a328e5e40"
 		score = 60
@@ -294334,8 +294898,8 @@ rule SIGNATURE_BASE_Sig_238_Letmein
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1659-L1675"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1659-L1675"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "74d223a56f97b223a640e4139bb9b94d8faa895d"
 		logic_hash = "6cf454d11bc806b3a30c52b730994adb8d92613c92849162717f415e5681e417"
 		score = 60
@@ -294361,8 +294925,8 @@ rule SIGNATURE_BASE_Sig_238_Token
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1677-L1694"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1677-L1694"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c52bc6543d4281aa75a3e6e2da33cfb4b7c34b14"
 		logic_hash = "88d7086a48c6a2e3801db75565184b087e663e80e2364765072fc37a5549b8b5"
 		score = 60
@@ -294389,8 +294953,8 @@ rule SIGNATURE_BASE_Sig_238_TELNET
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1696-L1712"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1696-L1712"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "50d02d77dc6cc4dc2674f90762a2622e861d79b1"
 		logic_hash = "4e90d95b7c94933ed5c50f060840291540fc99de0173298b97d2c6ccbf75d26a"
 		score = 60
@@ -294416,8 +294980,8 @@ rule SIGNATURE_BASE_Snifferport
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1714-L1731"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1714-L1731"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d14133b5eaced9b7039048d0767c544419473144"
 		logic_hash = "361f1a55ed4bd5a7a5d01d346c4efd1b83e701363484282235b5aab18d3abe1a"
 		score = 60
@@ -294444,8 +295008,8 @@ rule SIGNATURE_BASE_Sig_238_Webget
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1733-L1749"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1733-L1749"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "36b5a5dee093aa846f906bbecf872a4e66989e42"
 		logic_hash = "958c465caddf6436b29042f1f1772e039d011d23ff13d91818a9d7ad21a2c750"
 		score = 60
@@ -294471,8 +295035,8 @@ rule SIGNATURE_BASE_Xyzcmd_Zip_Folder_Xyzcmd
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1751-L1767"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1751-L1767"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bbea5a94950b0e8aab4a12ad80e09b630dd98115"
 		logic_hash = "ad0e8f964c7be376236b50ea370de3e433fa9e7b043663d8f32fad06997056ea"
 		score = 60
@@ -294498,8 +295062,8 @@ rule SIGNATURE_BASE_Aspack_Chinese
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1769-L1786"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1769-L1786"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "02a9394bc2ec385876c4b4f61d72471ac8251a8e"
 		logic_hash = "98b3af76986cd41190612a2fdfbd9ba48f102456897f4acaedd89a40ab5a582a"
 		score = 60
@@ -294526,8 +295090,8 @@ rule SIGNATURE_BASE_Aspbackdoor_EDIR
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1788-L1805"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1788-L1805"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "03367ad891b1580cfc864e8a03850368cbf3e0bb"
 		logic_hash = "be7d956333107a57a0fd86c69fc9eabcd3d9daf3f66385c44ba246fc2000dc4d"
 		score = 60
@@ -294554,8 +295118,8 @@ rule SIGNATURE_BASE_Bypassfirewall_Zip_Folder_Ie
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1807-L1823"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1807-L1823"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d1b9058f16399e182c9b78314ad18b975d882131"
 		logic_hash = "844e260870f075b0afae0667691e61ab8f138a29871f9a18d1f2b623f9bb9e2a"
 		score = 60
@@ -294581,8 +295145,8 @@ rule SIGNATURE_BASE_Editkeylogreadme
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1825-L1843"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1825-L1843"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dfa90540b0e58346f4b6ea12e30c1404e15fbe5a"
 		logic_hash = "a58a2336e7d714a2e7f60eec8dacbee9a7190552dd791d8b6eba084ffaf0904a"
 		score = 60
@@ -294610,8 +295174,8 @@ rule SIGNATURE_BASE_Passsniffer_Zip_Folder_Readme
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1845-L1860"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1845-L1860"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a52545ae62ddb0ea52905cbb61d895a51bfe9bcd"
 		logic_hash = "d9e6cd2ba7e98481664b0560184a07349bb471dd370c4b73ef5f5f05a8e89946"
 		score = 60
@@ -294636,8 +295200,8 @@ rule SIGNATURE_BASE_Sig_238_Gina
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1862-L1877"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1862-L1877"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "324acc52566baf4afdb0f3e4aaf76e42899e0cf6"
 		logic_hash = "f0ece7406a31f5a4212da5c4144233c5c45b8120d09267fdf7e291d6c9827384"
 		score = 60
@@ -294662,8 +295226,8 @@ rule SIGNATURE_BASE_Splitjoin
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1879-L1895"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1879-L1895"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e4a9ef5d417038c4c76b72b5a636769a98bd2f8c"
 		logic_hash = "dede4518ed9be28e89bc67dab4e68503383c16746f088f37a4c8069e256183ca"
 		score = 60
@@ -294689,8 +295253,8 @@ rule SIGNATURE_BASE_Editkeylog
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1897-L1913"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1897-L1913"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a450c31f13c23426b24624f53873e4fc3777dc6b"
 		logic_hash = "0efb173598117857c5bf7894f017d655653e843dd0a44439d1b10b7e5c59b248"
 		score = 60
@@ -294716,8 +295280,8 @@ rule SIGNATURE_BASE_Passsniffer
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1915-L1933"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1915-L1933"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dcce4c577728e8edf7ed38ac6ef6a1e68afb2c9f"
 		logic_hash = "771b45473c48618c43c6be84dd37b2ccb23643f1674d437763cb78ce560067c0"
 		score = 60
@@ -294745,8 +295309,8 @@ rule SIGNATURE_BASE_Aspfile2
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1935-L1951"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1935-L1951"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "14efbc6cb01b809ad75a535d32b9da4df517ff29"
 		logic_hash = "0fd52e646751b14840f30100382c5171fd001c05110dccb4ac87be9b2c4b6131"
 		score = 60
@@ -294772,8 +295336,8 @@ rule SIGNATURE_BASE_Unpack_Rar_Folder_Injectt
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1953-L1976"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1953-L1976"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "80f39e77d4a34ecc6621ae0f4d5be7563ab27ea6"
 		logic_hash = "f9d682a9438f49cf8292c33e680537d8c2137b8cba2670430b92d0a620de85b9"
 		score = 60
@@ -294805,8 +295369,8 @@ rule SIGNATURE_BASE_Jc_Wineggdrop_Shell
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1978-L1997"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1978-L1997"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "820674b59f32f2cf72df50ba4411d7132d863ad2"
 		logic_hash = "af43980b4052cef56884e9d6bdbb12919f1a86420a3f189e30fba624ab37a420"
 		score = 60
@@ -294835,8 +295399,8 @@ rule SIGNATURE_BASE_Aspbackdoor_Asp1
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L1999-L2017"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L1999-L2017"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9ef9f34392a673c64525fcd56449a9fb1d1f3c50"
 		logic_hash = "7ce1911d7524e9961f907f863b3966817bcad7a571c933dac6a76e1d8a1eeaf8"
 		score = 60
@@ -294864,8 +295428,8 @@ rule SIGNATURE_BASE_QQ_Zip_Folder_QQ
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2019-L2039"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2019-L2039"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9f8e3f40f1ac8c1fa15a6621b49413d815f46cfb"
 		logic_hash = "d2517c3646b9a3babfa767c5c57b4b576fda471c190ab66e1054c4de359713ad"
 		score = 60
@@ -294895,8 +295459,8 @@ rule SIGNATURE_BASE_Unpack_Rar_Folder_Tback
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2041-L2069"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2041-L2069"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "30fc9b00c093cec54fcbd753f96d0ca9e1b2660f"
 		logic_hash = "89f978742ab952b727a9a8dbab0cd88cfc07440e8c4f974dcfa14ed630083761"
 		score = 60
@@ -294934,8 +295498,8 @@ rule SIGNATURE_BASE_Sig_238_Cmd_2
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2071-L2088"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2071-L2088"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "be4073188879dacc6665b6532b03db9f87cfc2bb"
 		logic_hash = "a794d6b60194a190bd8d549ad00cf90649a52d831fdc7539c68a1f6312609bc2"
 		score = 60
@@ -294962,8 +295526,8 @@ rule SIGNATURE_BASE_Rangescan
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2090-L2107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2090-L2107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bace2c65ea67ac4725cb24aa9aee7c2bec6465d7"
 		logic_hash = "f334a59c2d95505807df642a8d5605b1b7d8b3385a552e8f5a37f344d7a75412"
 		score = 60
@@ -294990,8 +295554,8 @@ rule SIGNATURE_BASE_Xyzcmd_Zip_Folder_Readme
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2109-L2123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2109-L2123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "967cb87090acd000d22e337b8ce4d9bdb7c17f70"
 		logic_hash = "38d69eee78ff8fa2ad064871481bd1b8a926146922952c7e199d27c809d0c980"
 		score = 60
@@ -295015,8 +295579,8 @@ rule SIGNATURE_BASE_Bypassfirewall_Zip_Folder_Inject
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2125-L2140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2125-L2140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "34f564301da528ce2b3e5907fd4b1acb7cb70728"
 		logic_hash = "6350e11097bc2bb8fb0fbecf6be463aeaf39ad4169d2dd06a57577bf02b515f8"
 		score = 60
@@ -295041,8 +295605,8 @@ rule SIGNATURE_BASE_Sig_238_Sqlcmd
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2142-L2161"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2142-L2161"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b6e356ce6ca5b3c932fa6028d206b1085a2e1a9a"
 		logic_hash = "1e41c38da7552d6a25c918547a39ed07ec38a537fd04e2090d1199c4fb0e3b1e"
 		score = 40
@@ -295071,8 +295635,8 @@ rule SIGNATURE_BASE_Aspack_ASPACK
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2163-L2178"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2163-L2178"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c589e6fd48cfca99d6335e720f516e163f6f3f42"
 		logic_hash = "1c7abc0a126ee8c8b20e55ad85974067f1a230efc5f95a1a1e732025e39d5bab"
 		score = 60
@@ -295097,8 +295661,8 @@ rule SIGNATURE_BASE_Sig_238_2323
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2180-L2198"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2180-L2198"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "21812186a9e92ee7ddc6e91e4ec42991f0143763"
 		logic_hash = "1278c53f64a0ba7f3f6a728237eac6808b260ad36551923276bfba9b36586870"
 		score = 60
@@ -295126,8 +295690,8 @@ rule SIGNATURE_BASE_Jc_ALL_Wineggdropshell_Rar_Folder_Install_2
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2200-L2218"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2200-L2218"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "95866e917f699ee74d4735300568640ea1a05afd"
 		logic_hash = "9c12e8491918a656e37b4ee6c3a42ec970cb6cf101ca5fe3fdfe9eab16526219"
 		score = 60
@@ -295155,8 +295719,8 @@ rule SIGNATURE_BASE_Sig_238_TFTPD32
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2220-L2241"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2220-L2241"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5c5f8c1a2fa8c26f015e37db7505f7c9e0431fe8"
 		logic_hash = "cbf239330f8f1fd8be3ef3c93571c723447ca3b814fb7c1eff5ea4b2e7f5364f"
 		score = 60
@@ -295187,8 +295751,8 @@ rule SIGNATURE_BASE_Sig_238_Iecv
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2243-L2260"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2243-L2260"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6e6e75350a33f799039e7a024722cde463328b6d"
 		logic_hash = "e2985d85030d88cb63eb8b80673812f85aea6e11c6aeb430387cdb8886958b6a"
 		score = 60
@@ -295215,8 +295779,8 @@ rule SIGNATURE_BASE_Antiy_Ports_1_21
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2262-L2277"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2262-L2277"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ebf4bcc7b6b1c42df6048d198cbe7e11cb4ae3f0"
 		logic_hash = "fb175c413faf0ca33cf166029b217aac31126d6cabc81883c16b2de2ab00c16c"
 		score = 60
@@ -295241,8 +295805,8 @@ rule SIGNATURE_BASE_Perlcmd_Zip_Folder_Cmd
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2279-L2299"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2279-L2299"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "21b5dc36e72be5aca5969e221abfbbdd54053dd8"
 		logic_hash = "4391207d66b7ed5ac2db127d3efcf22f8c2bbd0ee1f0c6982d656b91e5e10c8f"
 		score = 60
@@ -295272,8 +295836,8 @@ rule SIGNATURE_BASE_Aspbackdoor_Asp3
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2301-L2321"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2301-L2321"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e5588665ca6d52259f7d9d0f13de6640c4e6439c"
 		logic_hash = "c62ae1d32e93a8614a8288ce2df8e26806ab67b3b133067182f0396f0f080b78"
 		score = 60
@@ -295303,8 +295867,8 @@ rule SIGNATURE_BASE_Sig_238_Fpipe
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2323-L2341"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2323-L2341"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "41d57d356098ff55fe0e1f0bcaa9317df5a2a45c"
 		logic_hash = "ecf143c231aeb37cf9575c3ea8db83c9a049e85a7c95668deeac0878f9c30b9c"
 		score = 60
@@ -295332,8 +295896,8 @@ rule SIGNATURE_BASE_Sig_238_Concon
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2343-L2356"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2343-L2356"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "816b69eae66ba2dfe08a37fff077e79d02b95cc1"
 		logic_hash = "c45955cc59970657f8787ddc0e549939d2fa30d11cfd19fd12cd9067abb3bcd6"
 		score = 60
@@ -295356,8 +295920,8 @@ rule SIGNATURE_BASE_Aspbackdoor_Regdll
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2358-L2374"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2358-L2374"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5c5e16a00bcb1437bfe519b707e0f5c5f63a488d"
 		logic_hash = "89606ccf4341ba9451fd1bfbc818bbcd55d45d50e06f09b9f1ecd8efb3c322af"
 		score = 60
@@ -295383,8 +295947,8 @@ rule SIGNATURE_BASE_Cleaniislog
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2376-L2397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2376-L2397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "827cd898bfe8aa7e9aaefbe949d26298f9e24094"
 		logic_hash = "77a26e57b36f73d4d2730bc3a4d8485718119e2ccc80b40de3515ec688616eb9"
 		score = 60
@@ -295415,8 +295979,8 @@ rule SIGNATURE_BASE_Sqlcheck
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2399-L2416"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2399-L2416"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5a5778ac200078b627db84fdc35bf5bcee232dc7"
 		logic_hash = "e9c1d7cabe7236e059f4bfec917ca00c47a3db955746ebfcda0f5e733de359c7"
 		score = 60
@@ -295443,8 +296007,8 @@ rule SIGNATURE_BASE_Sig_238_Runasex
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2418-L2436"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2418-L2436"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a22fa4e38d4bf82041d67b4ac5a6c655b2e98d35"
 		logic_hash = "dac03251539028da02c9f26f20ca751ee577c125fb4f287c61ac2ea6afb1bb28"
 		score = 60
@@ -295472,8 +296036,8 @@ rule SIGNATURE_BASE_Sig_238_Nbtdump
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2438-L2457"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2438-L2457"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cfe82aad5fc4d79cf3f551b9b12eaf9889ebafd8"
 		logic_hash = "fd17851820b5036b4cc1ebb6f927bb62c898027a17b5376e9420cbfa6a166ef2"
 		score = 60
@@ -295502,8 +296066,8 @@ rule SIGNATURE_BASE_Sig_238_Glass2K
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2459-L2476"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2459-L2476"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b05455a1ecc6bc7fc8ddef312a670f2013704f1a"
 		logic_hash = "d9b6b904028d67804d095f85caea5796f528f866191d3b4250055a75511f2090"
 		score = 60
@@ -295530,8 +296094,8 @@ rule SIGNATURE_BASE_Splitjoin_V1_3_3_Rar_Folder_3
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2478-L2493"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2478-L2493"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "21409117b536664a913dcd159d6f4d8758f43435"
 		logic_hash = "79eb49413cd6919e4b91e916d2612e007fd2c4da7244d9e1e3dd04d46c461d8c"
 		score = 60
@@ -295556,8 +296120,8 @@ rule SIGNATURE_BASE_Aspbackdoor_EDIT
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2495-L2514"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2495-L2514"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "12196cf62931cde7b6cb979c07bb5cc6a7535cbb"
 		logic_hash = "0f97c831eb9f257a2a6c9a677dde2ce17d529584fb7085bc94edd83d886e469f"
 		score = 60
@@ -295586,8 +296150,8 @@ rule SIGNATURE_BASE_Aspbackdoor_Entice
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2516-L2533"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2516-L2533"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e273a1b9ef4a00ae4a5d435c3c9c99ee887cb183"
 		logic_hash = "c11313351565d26d9b16a2d5c3c4589676593fe633c441a1c1a33b3c134a2d56"
 		score = 60
@@ -295614,8 +296178,8 @@ rule SIGNATURE_BASE_Fpipe2_0
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2535-L2553"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2535-L2553"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "891609db7a6787575641154e7aab7757e74d837b"
 		logic_hash = "b28566315ddda7765dfee722f5ad02c1206c6916363d86407fdc61b53148f511"
 		score = 60
@@ -295643,8 +296207,8 @@ rule SIGNATURE_BASE_Instgina
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2555-L2570"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2555-L2570"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5317fbc39508708534246ef4241e78da41a4f31c"
 		logic_hash = "a55a13ced122b9901f0505d585e7a7c984d4231b3507282c1b15ff400ce51265"
 		score = 60
@@ -295669,8 +296233,8 @@ rule SIGNATURE_BASE_Arttray_Zip_Folder_Arttray
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2572-L2588"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2572-L2588"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ee1edc8c4458c71573b5f555d32043cbc600a120"
 		logic_hash = "225be71bfd047331399162941edf06c72d2fd1afa04c78cbc51099665f50883b"
 		score = 60
@@ -295696,8 +296260,8 @@ rule SIGNATURE_BASE_Sig_238_Findoor
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2590-L2607"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2590-L2607"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cdb1ececceade0ecdd4479ecf55b0cc1cf11cdce"
 		logic_hash = "223f324ab6b61775d500dc248b9db8363ce915ec279a893a6f0ec92b273a27c0"
 		score = 60
@@ -295724,8 +296288,8 @@ rule SIGNATURE_BASE_Aspbackdoor_Ipclear
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2609-L2626"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2609-L2626"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9f8fdfde4b729516330eaeb9141fb2a7ff7d0098"
 		logic_hash = "49fbe844a99aa8cae25db90e1d8cdeee13c81293bba7b3201afc4748cb0a6a7c"
 		score = 60
@@ -295752,8 +296316,8 @@ rule SIGNATURE_BASE_Wineggdropshellfinal_Zip_Folder_Injectt
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2628-L2645"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2628-L2645"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "516e80e4a25660954de8c12313e2d7642bdb79dd"
 		logic_hash = "01840f4df12fbf6f5f27a3050c841002678605cd373e9ea9b182b2026caa29f9"
 		score = 60
@@ -295780,8 +296344,8 @@ rule SIGNATURE_BASE_Gina_Zip_Folder_Gina
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2647-L2667"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2647-L2667"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e0429e1b59989cbab6646ba905ac312710f5ed30"
 		logic_hash = "1344634346f9e7e3ef96c901705ac7bd4aa9a70cfbebf71c8222544e84ca9f98"
 		score = 60
@@ -295811,8 +296375,8 @@ rule SIGNATURE_BASE_Superscan3_0
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2669-L2690"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2669-L2690"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a9a02a14ea4e78af30b8b4a7e1c6ed500a36bc4d"
 		logic_hash = "448d3af61062c53c5b148e58697537bd98316e6c6d4d9ed9e0ff36cbd5a0b4f5"
 		score = 60
@@ -295843,8 +296407,8 @@ rule SIGNATURE_BASE_Sig_238_Xsniff
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2692-L2713"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2692-L2713"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d61d7329ac74f66245a92c4505a327c85875c577"
 		logic_hash = "90c08db197a00885ffc62967bd814479a438f500316cf65e81fcec617517dd9c"
 		score = 60
@@ -295875,8 +296439,8 @@ rule SIGNATURE_BASE_Sig_238_Fscan
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2715-L2736"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2715-L2736"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d5646e86b5257f9c83ea23eca3d86de336224e55"
 		logic_hash = "0af558345e8c85021fd4f8d399dacb3b6e8d9c692060c31a36e943fc48bfabff"
 		score = 60
@@ -295907,8 +296471,8 @@ rule SIGNATURE_BASE__Iissample_Nesscan_Twwwscan
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2738-L2764"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2738-L2764"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6088dd060507f4efa2f4c1770dc746100966e8a7475859918488d7be6c96bc31"
 		score = 60
 		quality = 85
@@ -295944,8 +296508,8 @@ rule SIGNATURE_BASE__Fshttp_Fspop_Fssniffer
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2766-L2792"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2766-L2792"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "50c91f1036ae467de51227b6782978c33607f94724d2e1b0af7c958028a84b48"
 		score = 60
 		quality = 85
@@ -295981,8 +296545,8 @@ rule SIGNATURE_BASE_Ammyy_Admin_AA_V3
 		date = "2014-12-22"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/gkAg2E"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2794-L2818"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2794-L2818"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6ab1de9f3b58cdb2c03f2d72986772333f8b81c98e6cbfd941f20b2fed1c5ff2"
 		score = 55
 		quality = 85
@@ -296014,8 +296578,8 @@ rule SIGNATURE_BASE_Linuxhacktool_Eyes_Scanssh
 		date = "2015-01-19"
 		modified = "2025-04-14"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2822-L2847"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2822-L2847"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "467398a6994e2c1a66a3d39859cde41f090623ad"
 		logic_hash = "cb20c28f1767ce23f60c377943d8a129fa069b1a1407bbaf43370f0ff79ade30"
 		score = 75
@@ -296050,8 +296614,8 @@ rule SIGNATURE_BASE_Linuxhacktool_Eyes_Pscan2
 		date = "2015-01-19"
 		modified = "2025-04-14"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2849-L2867"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2849-L2867"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "56b476cba702a4423a2d805a412cae8ef4330905"
 		logic_hash = "3686ccbd53a6dcedf9b10d131a1fc76b51b265328ad10f63671b64d4bf57a0b6"
 		score = 75
@@ -296079,8 +296643,8 @@ rule SIGNATURE_BASE_Linuxhacktool_Eyes_A
 		date = "2015-01-19"
 		modified = "2025-04-14"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2869-L2887"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2869-L2887"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "458ada1e37b90569b0b36afebba5ade337ea8695"
 		logic_hash = "a246eb907fd6525c96c911acde6b513fca68248ef8d4f8fa64039791942950ab"
 		score = 75
@@ -296108,8 +296672,8 @@ rule SIGNATURE_BASE_Linuxhacktool_Eyes_Mass
 		date = "2015-01-19"
 		modified = "2025-04-14"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2889-L2906"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2889-L2906"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2054cb427daaca9e267b252307dad03830475f15"
 		logic_hash = "5bf17d1a8ae78681d2c3cba8511019ddf85e6d7a242900b56848521eef40ffc6"
 		score = 75
@@ -296136,8 +296700,8 @@ rule SIGNATURE_BASE_Linuxhacktool_Eyes_Pscan2_2
 		date = "2015-01-19"
 		modified = "2025-04-14"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2908-L2925"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2908-L2925"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "eb024dfb441471af7520215807c34d105efa5fd8"
 		logic_hash = "981514cf0887a1a7cb55fe9ed9dadd48adbf0f033e527b357e90e052a4c2d251"
 		score = 75
@@ -296164,8 +296728,8 @@ rule SIGNATURE_BASE_CN_Portscan : APT FILE
 		date = "2013-11-29"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2927-L2941"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2927-L2941"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e1b745bd321527cee3eb203847d00c9eda4a7b1e498cb8f0ad6b588f87221759"
 		score = 70
 		quality = 85
@@ -296188,8 +296752,8 @@ rule SIGNATURE_BASE_WMI_Vbs : APT
 		date = "2013-11-29"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2943-L2957"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2943-L2957"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "94163981c1a80838d1bea1b21f713f1d8fbdac8704319d1a145f0b4f6d8ff3f6"
 		score = 70
 		quality = 85
@@ -296212,8 +296776,8 @@ rule SIGNATURE_BASE_CN_Toolset__Xscanlib_Xscanlib_Xscanlib
 		date = "2015-03-30"
 		modified = "2025-04-14"
 		reference = "http://qiannao.com/ls/905300366/33834c0c/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2959-L2980"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2959-L2980"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f7f66f1f3ca05e60ac850fbb94c471f664d2dc8a60c09b18686c9f2937296697"
 		score = 70
 		quality = 85
@@ -296243,8 +296807,8 @@ rule SIGNATURE_BASE_CN_Toolset_Ntscan_Pipecmd
 		date = "2015-03-30"
 		modified = "2025-04-14"
 		reference = "http://qiannao.com/ls/905300366/33834c0c/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L2982-L3006"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L2982-L3006"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a931d65de66e1468fe2362f7f2e0ee546f225c4e"
 		logic_hash = "2dab5a4de2abeff5659aa90fbc82bef359937ca9e45e8805b509baeb16943531"
 		score = 70
@@ -296277,8 +296841,8 @@ rule SIGNATURE_BASE_CN_Toolset_Lscanportss_2
 		date = "2015-03-30"
 		modified = "2025-04-14"
 		reference = "http://qiannao.com/ls/905300366/33834c0c/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3008-L3028"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3008-L3028"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4631ec57756466072d83d49fbc14105e230631a0"
 		logic_hash = "aeecdbef3fe6d66a209df10b44046783e53ef12f67c6877309cb219db4354733"
 		score = 70
@@ -296307,8 +296871,8 @@ rule SIGNATURE_BASE_CN_Toolset_Sig_1433_135_Sqlr
 		date = "2015-03-30"
 		modified = "2025-04-14"
 		reference = "http://qiannao.com/ls/905300366/33834c0c/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3030-L3047"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3030-L3047"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8542c7fb8291b02db54d2dc58cd608e612bfdc57"
 		logic_hash = "14c9d104cfb71a2d3545bfb6274e3a282d4597f38057187d76adaf26fe2718fa"
 		score = 70
@@ -296325,6 +296889,30 @@ rule SIGNATURE_BASE_CN_Toolset_Sig_1433_135_Sqlr
 	condition:
 		all of them
 }
+rule SIGNATURE_BASE_Darkcomet_Keylogger_File : FILE
+{
+	meta:
+		description = "Looks like a keylogger file created by DarkComet Malware"
+		author = "Florian Roth (Nextron Systems)"
+		id = "65058450-3ae3-5b85-bcc5-8bc1fab14614"
+		date = "2014-07-25"
+		modified = "2025-04-14"
+		reference = "https://github.com/Neo23x0/signature-base"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3049-L3063"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
+		logic_hash = "28f2eb8f5082559f9de4e72243f4bf8a0be21a9a4c5e16c443d036733584ea97"
+		score = 50
+		quality = 35
+		tags = "FILE"
+		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
+
+	strings:
+		$entry = /\n:: [A-Z]/
+		$timestamp = /\([0-9]?[0-9]:[0-9][0-9]:[0-9][0-9] [AP]M\)/
+
+	condition:
+		uint16( 0 ) == 0x3A3A and #entry > 10 and #timestamp > 10
+}
 rule SIGNATURE_BASE_Vssown_VBS
 {
 	meta:
@@ -296334,8 +296922,8 @@ rule SIGNATURE_BASE_Vssown_VBS
 		date = "2015-10-01"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3065-L3082"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3065-L3082"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f49e9d7a07d591330e16fc539bd98d019b47dd8579d0f1ad92fa987790e64189"
 		score = 75
 		quality = 85
@@ -296362,8 +296950,8 @@ rule SIGNATURE_BASE_Netview_Hacktool : FILE
 		date = "2016-03-07"
 		modified = "2025-04-14"
 		reference = "https://github.com/mubix/netview"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3084-L3107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3084-L3107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "52cec98839c3b7d9608c865cfebc904b4feae0bada058c2e8cdbd561cfa1420a"
 		logic_hash = "dc27d2358937d736823891c9d5c3f41f83a6f4e72d35fae0983435effda2141a"
 		score = 60
@@ -296395,8 +296983,8 @@ rule SIGNATURE_BASE_Netview_Hacktool_Output
 		date = "2016-03-07"
 		modified = "2025-04-14"
 		reference = "https://github.com/mubix/netview"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3109-L3124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3109-L3124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "38a51e583b1485bdb29400cb9d0a73ec4d5387675779f949572d2b4d74da4230"
 		score = 60
 		quality = 85
@@ -296420,8 +297008,8 @@ rule SIGNATURE_BASE_Psattack_EXE : FILE
 		date = "2016-03-09"
 		modified = "2023-01-06"
 		reference = "https://github.com/gdssecurity/PSAttack/releases/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3135-L3155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3135-L3155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ad05d75640c850ee7eeee26422ba4f157be10a4e2d6dc6eaa19497d64cf23715"
 		logic_hash = "b73566eb6370fbe68f0477d1179e5d6c19fb9be2c29f63d560c42adcdf19fe58"
 		score = 100
@@ -296448,8 +297036,8 @@ rule SIGNATURE_BASE_Powershell_Attack_Scripts
 		date = "2016-03-09"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3157-L3172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3157-L3172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "42a52de089ee00e229499fea23b8acd0b7c881a9c578671aea180c0c018a54e0"
 		score = 70
 		quality = 85
@@ -296474,8 +297062,8 @@ rule SIGNATURE_BASE_Psattack_ZIP : FILE
 		date = "2016-03-09"
 		modified = "2025-04-14"
 		reference = "https://github.com/gdssecurity/PSAttack/releases/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3174-L3188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3174-L3188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3864f0d44f90404be0c571ceb6f95bbea6c527bbfb2ec4a2b4f7d92e982e15a2"
 		logic_hash = "4c869e8663b8c87780d4be622f86b3887511e1ac3cfc67767f1c986af7d43767"
 		score = 100
@@ -296498,8 +297086,8 @@ rule SIGNATURE_BASE_Linux_Portscan_Shark_1 : FILE
 		date = "2016-04-01"
 		modified = "2025-04-14"
 		reference = "Virustotal Research - see https://github.com/Neo23x0/Loki/issues/35"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3199-L3216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3199-L3216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e807ed6c83c8d908bfe29c65abd7b877b65655cc64cd1497fc124a2fd88cd1e9"
 		score = 75
 		quality = 85
@@ -296526,8 +297114,8 @@ rule SIGNATURE_BASE_Linux_Portscan_Shark_2
 		date = "2016-04-01"
 		modified = "2025-04-14"
 		reference = "Virustotal Research - see https://github.com/Neo23x0/Loki/issues/35"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3218-L3235"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3218-L3235"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "45efbbe01c45065efc07e9c75b6a7cdcae469861f84df4a1e1381fe864f7ddc0"
 		score = 75
 		quality = 85
@@ -296554,8 +297142,8 @@ rule SIGNATURE_BASE_Dnscat2_Hacktool : FILE
 		date = "2016-05-15"
 		modified = "2025-04-14"
 		reference = "https://downloads.skullsecurity.org/dnscat2/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3244-L3263"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3244-L3263"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c163a62b607323e08ca083a7091585550c830827728a8a60e25af8db6550ed1c"
 		score = 75
 		quality = 85
@@ -296584,8 +297172,8 @@ rule SIGNATURE_BASE_WCE_In_Memory
 		date = "2016-08-28"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3265-L3279"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3265-L3279"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "74ab7772db5b1de8a4eae03370e2be3cd35004730f84d472677688109a1d6d88"
 		score = 80
 		quality = 85
@@ -296608,8 +297196,8 @@ rule SIGNATURE_BASE_Pstgdump : FILE
 		date = "2016-09-08"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3281-L3299"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3281-L3299"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0c4f8697b1b65007acc4fdabd1c6263a428448232f95dbb12d8f737297893157"
 		score = 75
 		quality = 85
@@ -296637,8 +297225,8 @@ rule SIGNATURE_BASE_Lsremora : FILE
 		date = "2016-09-08"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3301-L3323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3301-L3323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ac8f6b7284307456749b3386340a2b3deb0718bc68875bc90bccf74a96469a59"
 		score = 75
 		quality = 85
@@ -296669,8 +297257,8 @@ rule SIGNATURE_BASE_Servpw : FILE
 		date = "2016-09-08"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3325-L3344"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3325-L3344"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "150466c23ea7aa20f6e60c592ab6bd2f42e3a48a65a6665b89a9f19fa61aae8f"
 		score = 75
 		quality = 85
@@ -296699,8 +297287,8 @@ rule SIGNATURE_BASE_Fgexec : FILE
 		date = "2016-09-08"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3346-L3362"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3346-L3362"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3672255d7829520aa8ca792519f645b86fe4244a16652a960375f23baa7d32b3"
 		score = 75
 		quality = 85
@@ -296726,8 +297314,8 @@ rule SIGNATURE_BASE_Cachedump : FILE
 		date = "2016-09-08"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3364-L3384"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3364-L3384"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7e4d710ed9dab12114e87fa33abe6db6245c780b31bcd94fbd21e75aaa355ca8"
 		score = 75
 		quality = 85
@@ -296757,8 +297345,8 @@ rule SIGNATURE_BASE_Pwdump_B : FILE
 		date = "2016-09-08"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3386-L3406"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3386-L3406"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d50ad359b9433439cddda9408d227f35ee8de3280ad24f42c5e6ef1e6a1526bd"
 		score = 75
 		quality = 85
@@ -296787,8 +297375,8 @@ rule SIGNATURE_BASE_Msbuild_Mimikatz_Execution_Via_XML
 		date = "2016-10-07"
 		modified = "2025-04-14"
 		reference = "https://gist.github.com/subTee/c98f7d005683e616560bda3286b6a0d8#file-katz-xml"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3417-L3436"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3417-L3436"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f926a2d5ab987b97c6ed2a89c69eac5549d8b7885bdbf75ce40e05e6ce6cfa7a"
 		score = 75
 		quality = 85
@@ -296816,8 +297404,8 @@ rule SIGNATURE_BASE_Fscan_Portscanner : FILE
 		date = "2017-01-06"
 		modified = "2025-04-14"
 		reference = "https://twitter.com/JamesHabben/status/817112447970480128"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3447-L3461"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3447-L3461"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "35770f040da0b14fe4492a44383e332c9912bd89943838627491196ce8f0ec37"
 		score = 75
 		quality = 85
@@ -296841,8 +297429,8 @@ rule SIGNATURE_BASE_WPR_Loader_EXE : FILE
 		date = "2017-03-15"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3473-L3493"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3473-L3493"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "26af6fe1b3dfe8e3a48c03a9f6f2033fbc909a677d35159e28b7e9b867ea5542"
 		score = 75
 		quality = 85
@@ -296872,8 +297460,8 @@ rule SIGNATURE_BASE_WPR_Loader_DLL : FILE
 		date = "2017-03-15"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3495-L3528"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3495-L3528"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "015334828007e954d1e910e6377b37bade99df2ce86152901ec4ded8c71975de"
 		score = 75
 		quality = 85
@@ -296909,8 +297497,8 @@ rule SIGNATURE_BASE_WPR_Passscape_Loader : FILE
 		date = "2017-03-15"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3530-L3548"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3530-L3548"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "79b1a3ed1ea0d9a3ddee0b8557393318a8baf4812110a6ed03a7106b8096b31e"
 		score = 75
 		quality = 85
@@ -296938,8 +297526,8 @@ rule SIGNATURE_BASE_WPR_Asterisk_Hook_Library : FILE
 		date = "2017-03-15"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3550-L3572"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3550-L3572"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6bb75cb8c3ba18a34f4651532060154608c78e6f748148226da4416ad1171124"
 		score = 75
 		quality = 85
@@ -296971,8 +297559,8 @@ rule SIGNATURE_BASE_WPR_Windowspasswordrecovery_EXE : FILE
 		date = "2017-03-15"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3574-L3603"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3574-L3603"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0f2995a8ba1644d384167221560aa0c3f074e8e2cf2b79bbb06537fcaed2df7f"
 		score = 75
 		quality = 85
@@ -297003,8 +297591,8 @@ rule SIGNATURE_BASE_WPR_Windowspasswordrecovery_EXE_64 : FILE
 		date = "2017-03-15"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3605-L3622"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3605-L3622"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6cdd46609d401b7c12b936de7f64bab0bc45b9d2c6079fae45a96f5be6857b82"
 		score = 75
 		quality = 85
@@ -297030,8 +297618,8 @@ rule SIGNATURE_BASE_Beyondexec_Remoteaccess_Tool : FILE
 		date = "2017-03-17"
 		modified = "2025-04-14"
 		reference = "https://goo.gl/BvYurS"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3634-L3652"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3634-L3652"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6f21ddf04ab0d29549c3d07a45afb3e7648a15b0c81f88b8d7ccccc436ba4084"
 		score = 75
 		quality = 85
@@ -297058,8 +297646,8 @@ rule SIGNATURE_BASE_Mimikatz_Gen_Strings : FILE
 		date = "2017-06-19"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3654-L3676"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3654-L3676"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "371e74538a63cfe355ebd31e1ac73cd25e92f3a7ce3f9299e0f3406f2bcb5b01"
 		score = 75
 		quality = 85
@@ -297091,8 +297679,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Lpe : FILE
 		date = "2017-07-07"
 		modified = "2025-04-14"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3688-L3709"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3688-L3709"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "77d72792d7fcf2c54b36d124448e928f306981296715e583d346ccd101e22fc7"
 		score = 75
 		quality = 85
@@ -297123,8 +297711,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Exploit : FILE
 		date = "2017-07-07"
 		modified = "2025-04-14"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3711-L3725"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3711-L3725"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "12a7a04fdc621242f42107204996e44b1962b5ac5eef4f9b9cbbe0ad52b85676"
 		score = 75
 		quality = 85
@@ -297148,8 +297736,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Injectdll : FILE
 		date = "2017-07-07"
 		modified = "2022-12-21"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3727-L3745"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3727-L3745"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b0a9bd4fa2d8a1192258b303cb757c8bbce7f6962a1d895f57add8a1c3887799"
 		score = 75
 		quality = 85
@@ -297176,8 +297764,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Payload_MSI : FILE
 		date = "2017-07-07"
 		modified = "2022-12-21"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3747-L3763"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3747-L3763"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7dfc8d2bd871ad6acb7d362a946d34ed1830f42ab625c3d3d9cb512f28ccdb57"
 		score = 75
 		quality = 85
@@ -297202,8 +297790,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Injector : FILE
 		date = "2017-07-07"
 		modified = "2025-04-14"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3765-L3785"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3765-L3785"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "37ed19fe19d3645adcd5fa7d6f6b3572d2821fdb78a6d0c8afdba6ccecfc8528"
 		score = 75
 		quality = 60
@@ -297233,8 +297821,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Lpe_2 : FILE
 		date = "2017-07-07"
 		modified = "2025-04-14"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3787-L3802"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3787-L3802"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e9ca23e4375674ea189d5e9de015f6a1ae16c30d35378580bdc8f42007b716df"
 		score = 75
 		quality = 85
@@ -297259,8 +297847,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Shellcodegenerator : FILE
 		date = "2017-07-07"
 		modified = "2025-04-14"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3804-L3817"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3804-L3817"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b267a816871c30e9403805b942be25ed8e28ad2fd946f234f6877a65420754d8"
 		score = 75
 		quality = 85
@@ -297283,8 +297871,8 @@ rule SIGNATURE_BASE_Securityxploded_Producer_String : FILE
 		date = "2017-07-13"
 		modified = "2025-04-14"
 		reference = "http://securityxploded.com/browser-password-dump.php"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3819-L3833"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3819-L3833"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "101e0b8b8aeb8ed4314bc07139dcc2b40600fde82ff786d15a15c10692f9aa4a"
 		score = 60
 		quality = 85
@@ -297307,8 +297895,8 @@ rule SIGNATURE_BASE_Kekeo_Hacktool : FILE
 		date = "2017-07-21"
 		modified = "2025-04-14"
 		reference = "https://github.com/gentilkiwi/kekeo/releases"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3845-L3860"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3845-L3860"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "14283064e7c8fcee9cde206d25b43b02876a7a4d5de9da6dab47d7f5ba54f019"
 		score = 75
 		quality = 85
@@ -297333,8 +297921,8 @@ rule SIGNATURE_BASE_Allthethings : FILE
 		date = "2017-07-27"
 		modified = "2022-12-21"
 		reference = "https://github.com/subTee/AllTheThings"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3873-L3892"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3873-L3892"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0d6b961afb98cfaefe930a7bc246b3f087469b752a8d4abb62b2826418fdfd53"
 		score = 75
 		quality = 85
@@ -297362,8 +297950,8 @@ rule SIGNATURE_BASE_Impacket_Keyword : FILE
 		date = "2017-08-04"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3894-L3911"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3894-L3911"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "92a911dc36f8e74ad49ae09ef4dd997b968a2dde46a7500c98983fafb84a086e"
 		score = 60
 		quality = 85
@@ -297389,8 +297977,8 @@ rule SIGNATURE_BASE_Passwordspro : FILE
 		date = "2017-08-27"
 		modified = "2025-04-14"
 		reference = "PasswordPro"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3924-L3942"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3924-L3942"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "24887c3a7e4997c9a4e5d3317a5684b0eca7ccc0ffb213660dd9b37bb220f514"
 		score = 75
 		quality = 85
@@ -297416,8 +298004,8 @@ rule SIGNATURE_BASE_Passwordpro_NTLM_DLL : FILE
 		date = "2017-08-27"
 		modified = "2025-04-14"
 		reference = "PasswordPro"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3944-L3962"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3944-L3962"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1021fe1a4c7a237d7a7cfcb1db8fa5e6fa640d3dd9f14ed37910a6b847717d36"
 		score = 75
 		quality = 85
@@ -297441,8 +298029,8 @@ rule SIGNATURE_BASE_Keethief_PS : FILE
 		date = "2017-08-29"
 		modified = "2025-04-14"
 		reference = "https://github.com/HarmJ0y/KeeThief"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3974-L3991"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3974-L3991"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8d3d4ff3b854c5efad99e6f20121b16d5f2f0a31a4c8efd87a937f857923a5e1"
 		score = 75
 		quality = 85
@@ -297466,8 +298054,8 @@ rule SIGNATURE_BASE_Keetheft_EXE : FILE
 		date = "2017-08-29"
 		modified = "2025-04-14"
 		reference = "https://github.com/HarmJ0y/KeeThief"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L3993-L4012"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L3993-L4012"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a6019248ad9708b1508fdf77a2ecbe92a7e8aac916fbca88aec117abeb07b9a0"
 		score = 75
 		quality = 85
@@ -297496,8 +298084,8 @@ rule SIGNATURE_BASE_Keetheft_Out_Shellcode : FILE
 		date = "2017-08-29"
 		modified = "2025-04-14"
 		reference = "https://github.com/HarmJ0y/KeeThief"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4014-L4028"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4014-L4028"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2d536edf1a40defc3b3aa7ce8e595c53e7dd3b7f1daea772c13319ee5bf7675e"
 		score = 75
 		quality = 85
@@ -297521,8 +298109,8 @@ rule SIGNATURE_BASE_Sharpire : FILE
 		date = "2017-09-23"
 		modified = "2022-12-21"
 		reference = "https://github.com/0xbadjuju/Sharpire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4038-L4061"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4038-L4061"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1437b4c5229761bcc18d97ea6328866f4b9c763461fa6ecb5c18e6f3961c3114"
 		score = 75
 		quality = 83
@@ -297553,8 +298141,8 @@ rule SIGNATURE_BASE_Invoke_Metasploit : FILE
 		date = "2017-09-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/jaredhaight/Invoke-MetasploitPayload/blob/master/Invoke-MetasploitPayload.ps1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4071-L4086"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4071-L4086"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7ef174008517b101be844e30890626378f49a275bad3f08ce25fb8d6118c77c3"
 		score = 75
 		quality = 85
@@ -297579,8 +298167,8 @@ rule SIGNATURE_BASE_Powershell_Mal_Hacktool_Gen : FILE
 		date = "2017-11-02"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4088-L4104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4088-L4104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "273222cde3ff155cef09c25192dcb4865179e8172e625fe8f43b21a13fe1a170"
 		score = 75
 		quality = 85
@@ -297606,8 +298194,8 @@ rule SIGNATURE_BASE_Sig_Remoteadmin_1 : FILE
 		date = "2017-12-03"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4106-L4120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4106-L4120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "81912bbfc1f6ac3ec7c54fc935b9ed531c97ad509cf2c096a19e638836cd0baf"
 		score = 45
 		quality = 85
@@ -297630,8 +298218,8 @@ rule SIGNATURE_BASE_Remcom_Remotecommandexecution
 		date = "2017-12-28"
 		modified = "2025-04-14"
 		reference = "https://goo.gl/tezXZt"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4122-L4137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4122-L4137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c39a09c8d0c1799febcb4d9eafece43f8b21e7ffc277fdfad6c235eb1a201697"
 		score = 50
 		quality = 85
@@ -297655,8 +298243,8 @@ rule SIGNATURE_BASE_Crackmapexec_EXE : FILE
 		date = "2018-04-06"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4139-L4155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4139-L4155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa05fa41d6aaed45a9b44806a310fdb584874f7eb382e576b36e6d1db87cef88"
 		score = 85
 		quality = 85
@@ -297682,8 +298270,8 @@ rule SIGNATURE_BASE_SUSP_Imphash_Passrevealer_PY_EXE : FILE
 		date = "2018-04-06"
 		modified = "2021-11-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4157-L4175"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4157-L4175"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "684e901eebf47e2bd8b25fd302963c2761376ce4754d74f9e6f1eb3024c89144"
 		score = 40
 		quality = 85
@@ -297707,8 +298295,8 @@ rule SIGNATURE_BASE_MAL_Unknown_Pwdumper_Apr18_3 : FILE
 		date = "2018-04-06"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4177-L4196"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4177-L4196"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bf0dff02bdfa239336b2bc865f2a9aed6d20cafb059caa87a60aa30269dd94b5"
 		score = 75
 		quality = 85
@@ -297738,8 +298326,8 @@ rule SIGNATURE_BASE_Processinjector_Gen : HIGHVOL FILE
 		date = "2018-04-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4198-L4219"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4198-L4219"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "90d200e79c97911b105e592549bc2c04fb09ce841413c30117d421b45bb9988c"
 		score = 60
 		quality = 85
@@ -297766,8 +298354,8 @@ rule SIGNATURE_BASE_Lazagne_PW_Dumper
 		date = "2018-03-22"
 		modified = "2025-04-14"
 		reference = "https://github.com/AlessandroZ/LaZagne/releases/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4221-L4235"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4221-L4235"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2eac81d5cecdaca7eeaa83be70a688a595f8bbf54679ee565ba325b9e384552b"
 		score = 70
 		quality = 85
@@ -297790,8 +298378,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Tclsh : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4237-L4249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4237-L4249"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "622805e8067f5158d82783971dcf31e8db05f1d52a38bd1ec3e76ddbbd78032b"
 		score = 65
 		quality = 85
@@ -297813,8 +298401,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Ruby : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4251-L4263"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4251-L4263"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aa076540ef01d04117d3340f4d84c21f79acfc558ed4aa585d801b6a6bc797a2"
 		score = 65
 		quality = 85
@@ -297836,8 +298424,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Awk : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4265-L4278"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4265-L4278"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7d676ffbd1ce083a1b8e34576125fb0805caef4423089cd72a92483467669b78"
 		score = 65
 		quality = 85
@@ -297860,8 +298448,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Netcat_UDP : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4280-L4293"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4280-L4293"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0c85b1275ccf5bbc7f6e0ab0f1fa9d1bce7d56912411f84f9946163191c79576"
 		score = 65
 		quality = 85
@@ -297884,8 +298472,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Socat : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4295-L4308"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4295-L4308"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "48c06096b27be11ae12cc38294acb495b739101cabc04e89eb76e93fb42c52df"
 		score = 65
 		quality = 85
@@ -297908,8 +298496,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Perl : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4310-L4323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4310-L4323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8f3c5920acdc080b437c15b93e192a00a5037be0323cc04473e238033b7d53ec"
 		score = 75
 		quality = 85
@@ -297932,8 +298520,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Python : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4325-L4337"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4325-L4337"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e4c35bb739eeabf0de558ee1b97225ed4eb3198e7e6db1817348115b848146c7"
 		score = 75
 		quality = 85
@@ -297955,8 +298543,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_PHP_TCP : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4339-L4352"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4339-L4352"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8ffab71130b4fa6efbe9864f97c33fed9359f79d51b84e8f952c911f24d1496c"
 		score = 75
 		quality = 85
@@ -297979,8 +298567,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Powershell_TCP : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4354-L4367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4354-L4367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8eb484ba87fa2e10af3c59445ccb4be73db2f5ae67c59118a2e188ba02fdc957"
 		score = 75
 		quality = 85
@@ -298003,8 +298591,8 @@ rule SIGNATURE_BASE_SUSP_Powershell_Shellcommand_May18_1 : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4369-L4382"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4369-L4382"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bc858d74b8aad09ff539489e961e1a51ba5fe17d3424615ffe5029587ddb9478"
 		score = 65
 		quality = 85
@@ -298026,8 +298614,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Telnet_TCP : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4384-L4397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4384-L4397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e900fb8c0f1fa61f242b97ac542cb1bfd691dd50523e0023e97e3b21617053d7"
 		score = 75
 		quality = 85
@@ -298050,8 +298638,8 @@ rule SIGNATURE_BASE_SUSP_Shellpop_Bash
 		date = "2018-05-18"
 		modified = "2025-04-11"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4399-L4416"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4399-L4416"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a557822eaaad84897acc32935f7545deb17ea3b8c6e34acd0ac5ef9fad08cb1e"
 		score = 70
 		quality = 85
@@ -298075,8 +298663,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Netcat : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4418-L4433"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4418-L4433"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2c61da27d4bc455a9f2555fcc1c5cce7cead226a5900eeed1aaf622616051b79"
 		score = 75
 		quality = 85
@@ -298101,8 +298689,8 @@ rule SIGNATURE_BASE_HKTL_Berootexe : FILE
 		date = "2018-07-25"
 		modified = "2025-04-14"
 		reference = "https://github.com/AlessandroZ/BeRoot/tree/master/Windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4436-L4452"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4436-L4452"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8e10fddd3b3eb5e5200d9ed0bcb23961d196d9e1de03ebf03a96374ee02a9097"
 		score = 75
 		quality = 85
@@ -298126,8 +298714,8 @@ rule SIGNATURE_BASE_HKTL_Berootexe_Output : FILE
 		date = "2018-07-25"
 		modified = "2025-04-14"
 		reference = "https://github.com/AlessandroZ/BeRoot/tree/master/Windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4454-L4468"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4454-L4468"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7886535d071092df76507f0dd431409e85c368d404f49e7f118278f6565618e6"
 		score = 75
 		quality = 85
@@ -298151,8 +298739,8 @@ rule SIGNATURE_BASE_HKTL_Embeddedpdf : FILE
 		date = "2018-07-25"
 		modified = "2025-04-14"
 		reference = "https://twitter.com/infosecn1nja/status/1021399595899731968?s=12"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4470-L4487"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4470-L4487"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "041580406e2a7c644d713d8fbf7fccb81664ff536e62df26b3c0f331409fb993"
 		score = 75
 		quality = 85
@@ -298176,8 +298764,8 @@ rule SIGNATURE_BASE_HTKL_Blackbone_Driverinjector : FILE
 		date = "2018-09-11"
 		modified = "2025-04-14"
 		reference = "https://github.com/DarthTon/Blackbone"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4489-L4515"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4489-L4515"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d6a5f02a465ea46892e1de54a3482aace387ab0d2cdb949e263ce63f4f9edbb7"
 		score = 60
 		quality = 85
@@ -298211,8 +298799,8 @@ rule SIGNATURE_BASE_HKTL_Sqlmap : FILE
 		date = "2018-10-09"
 		modified = "2025-04-14"
 		reference = "https://github.com/sqlmapproject/sqlmap"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4517-L4530"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4517-L4530"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9aa13bc2db40f5ab3debd617c84b1e11805d137bc55e9088bc9a0c23e185dfce"
 		score = 75
 		quality = 85
@@ -298235,8 +298823,8 @@ rule SIGNATURE_BASE_HKTL_Sqlmap_Backdoor : FILE
 		date = "2018-10-09"
 		modified = "2025-04-14"
 		reference = "https://github.com/sqlmapproject/sqlmap"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4532-L4548"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4532-L4548"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5e09135e3908442d873511b7b75c8475b2345a28f3bad41a242d6fc5a3b7c002"
 		score = 75
 		quality = 85
@@ -298254,8 +298842,8 @@ rule SIGNATURE_BASE_HKTL_Lazagne_Passworddumper_Dec18_1 : FILE
 		date = "2018-12-11"
 		modified = "2025-04-14"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4550-L4570"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4550-L4570"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "887c8e91942076395dc7575d5cbd926e7e0971a759daf719983dd918d9babad3"
 		score = 85
 		quality = 85
@@ -298284,8 +298872,8 @@ rule SIGNATURE_BASE_HKTL_Lazagne_Gen_18
 		date = "2018-12-11"
 		modified = "2025-04-14"
 		reference = "https://creativecommons.org/licenses/by-nc/4.0/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4572-L4589"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4572-L4589"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6f3e895080267a551a3b7a0ba2d4207b31befacbd35d1e6941e1b69d7e2689ce"
 		score = 80
 		quality = 85
@@ -298310,8 +298898,8 @@ rule SIGNATURE_BASE_HKTL_Nopowershell
 		date = "2018-12-28"
 		modified = "2022-12-21"
 		reference = "https://github.com/bitsadmin/nopowershell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4591-L4608"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4591-L4608"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2207af9fcc61d547dfeff347a1eae2c59024a7270d1b8cbb7abef56d80864728"
 		score = 75
 		quality = 85
@@ -298337,8 +298925,8 @@ rule SIGNATURE_BASE_HKTL_Htran_Go : FILE
 		date = "2019-01-09"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4609-L4622"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4609-L4622"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "444fe8ce2fdb67c982de26a10882d2cfebc4d2de6c4b4ba6ee10cf39130f1cc5"
 		score = 75
 		quality = 85
@@ -298362,11 +298950,11 @@ rule SIGNATURE_BASE_SUSP_Katz_PDB : FILE
 		date = "2019-02-04"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4624-L4637"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4624-L4637"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1a38f63d8e8baa9bc8f34c1886fc2aaea7f61d5e09792ba9cde4cf6ed8441fab"
 		score = 65
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		hash1 = "6888ce8116c721e7b2fc3d7d594666784cf38a942808f35e309a48e536d8e305"
 
@@ -298386,8 +298974,8 @@ rule SIGNATURE_BASE_HKTL_LNX_Pnscan : FILE
 		date = "2019-05-27"
 		modified = "2025-04-14"
 		reference = "https://github.com/ptrrkssn/pnscan"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4639-L4652"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4639-L4652"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "46a064f9df9d0a0f3fad4ec7be70b1e42074e5e117f7403d8239bc725590f268"
 		score = 55
 		quality = 85
@@ -298409,8 +298997,8 @@ rule SIGNATURE_BASE_Paexec : FILE
 		date = "2017-03-27"
 		modified = "2025-04-14"
 		reference = "http://researchcenter.paloaltonetworks.com/2017/03/unit42-shamoon-2-delivering-disttrack/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4654-L4674"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4654-L4674"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "30478d90756a9ea362c40236518fe9013e5e5683641b7e7e1ad33aa3b5587e04"
 		score = 40
 		quality = 85
@@ -298439,8 +299027,8 @@ rule SIGNATURE_BASE_HKTL_Domainpasswordspray : FILE
 		date = "2023-01-13"
 		modified = "2025-04-14"
 		reference = "https://github.com/dafthack/DomainPasswordSpray"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4676-L4691"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4676-L4691"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aa20bf139eff36100624771fe7617c214337ae5ab2e2746143bd8e6cc1b05b4e"
 		score = 60
 		quality = 85
@@ -298463,8 +299051,8 @@ rule SIGNATURE_BASE_HKTL_Rusthound : FILE
 		date = "2023-03-30"
 		modified = "2025-04-14"
 		reference = "https://github.com/OPENCYBER-FR/RustHound"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-hacktools.yar#L4693-L4720"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-hacktools.yar#L4693-L4720"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "409f61a34d9771643246f401a9670f6f7dcced9df50cbd89a2e1a5c9ba8d03ab"
 		hash = "b1a58a9c94b1df97a243e6c3fc2d04ffd92bc802edc7d8e738573b394be331a9"
 		hash = "170f4a48911f3ebef674aade05184ea0a6b1f6b089bcffd658e95b9905423365"
@@ -298497,8 +299085,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_1 : FILE
 		date = "2018-10-17"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_greyenergy.yar#L12-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_greyenergy.yar#L12-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0cbdc156b7080608c1071feeb4826a70bb259c55139d74d019465c4bb5244260"
 		score = 75
 		quality = 85
@@ -298523,8 +299111,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_2 : FILE
 		date = "2018-10-17"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_greyenergy.yar#L31-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_greyenergy.yar#L31-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "600bc5b423ef3281bfc7ad7ab479aa1208b0144b0f4afd8c2d14f17b5e2c600b"
 		score = 75
 		quality = 85
@@ -298547,8 +299135,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_3 : FILE
 		date = "2018-10-17"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_greyenergy.yar#L46-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_greyenergy.yar#L46-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f4851f5381a4d8dea488d50ff11048052826c51428f8610bc5d3480ed254d32f"
 		score = 75
 		quality = 85
@@ -298573,8 +299161,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_4 : FILE
 		date = "2018-10-17"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_greyenergy.yar#L62-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_greyenergy.yar#L62-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c845be8b56dc9aa9f0eaec2a67c4baef9c9b4fd1789e96cd781e3876721b1297"
 		score = 75
 		quality = 85
@@ -298601,8 +299189,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_5 : FILE
 		date = "2018-10-17"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_greyenergy.yar#L84-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_greyenergy.yar#L84-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3ced67c514d54324b41a4a4a92c1d3138e75380f3129b39ae92c1895c267acb2"
 		score = 75
 		quality = 85
@@ -298625,8 +299213,8 @@ rule SIGNATURE_BASE_EXPL_Shitrix_Exploit_Code_Jan20_1 : FILE CVE_2019_19781
 		date = "2020-01-13"
 		modified = "2023-12-05"
 		reference = "https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Overview+of+Observed+Payloads/25704/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_shitrix.yar#L2-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_shitrix.yar#L2-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "00687b30235be5ef3c00432b5b96bbc325dee553e7c0cb565d6f389b1bce12de"
 		score = 70
 		quality = 85
@@ -298661,11 +299249,11 @@ rule SIGNATURE_BASE_EXPL_CVE_2024_21413_Microsoft_Outlook_RCE_Feb24 : CVE_2024_2
 		date = "2024-02-17"
 		modified = "2024-02-19"
 		reference = "https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_outlook_cve_2024_21413.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_outlook_cve_2024_21413.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "06cfafe0b92949e493dca6d54f671d0607242d97341144b69f563a0cc24dc6a1"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "CVE-2024-21413, FILE"
 
 	strings:
@@ -298685,8 +299273,8 @@ rule SIGNATURE_BASE_Irongate_APT_Step7Prosim_Gen : FILE
 		date = "2016-06-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Mr6M2J"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irongate.yar#L10-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irongate.yar#L10-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aab41ada32a8186f958baccad08b60ac1ab686f7561d4dd4471a1e88ddd53730"
 		score = 90
 		quality = 85
@@ -298723,8 +299311,8 @@ rule SIGNATURE_BASE_Irongate_Pyinstaller_Update_EXE : FILE
 		date = "2016-06-04"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/Mr6M2J"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irongate.yar#L42-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irongate.yar#L42-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b55e02af900b3510743502bd72d5e14c9235985b5a7b05def0f5c462b28f2216"
 		score = 60
 		quality = 85
@@ -298752,8 +299340,8 @@ rule SIGNATURE_BASE_Nirsoft_Netresview : FILE
 		date = "2016-06-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Mr6M2J"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irongate.yar#L67-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irongate.yar#L67-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "56c3c7a98bcefa609ee604ea0d7d3f4dd237d91a9439eeed66e0d6f3a20dfdd0"
 		score = 40
 		quality = 85
@@ -298777,8 +299365,8 @@ rule SIGNATURE_BASE_APT_MAL_BKA_Goldenspy_Aug20_1 : FILE
 		date = "2020-08-21"
 		modified = "2023-12-05"
 		reference = "https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_goldenspy.yar#L1-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_goldenspy.yar#L1-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ba81a2b081842aaf06bbf623640a87946894df83fd0d7b7149c48afa8ed0a081"
 		score = 75
 		quality = 85
@@ -298806,8 +299394,8 @@ rule SIGNATURE_BASE_Recon_Commands_Windows_Gen1 : FILE
 		date = "2017-07-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/MSJCxP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_recon_indicators.yar#L12-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_recon_indicators.yar#L12-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "36beb09c428949140cb007c1022c385c9a1ae4eea8c1f1a419f96b36b8030c7c"
 		score = 60
 		quality = 85
@@ -298851,8 +299439,8 @@ rule SIGNATURE_BASE_SUSP_Recon_Outputs_Jun20_1 : FILE
 		date = "2020-06-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/cycldek-bridging-the-air-gap/97157/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_recon_indicators.yar#L52-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_recon_indicators.yar#L52-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "652b28bfb45a11eaaee198c76560c1f55edc5b32c5394e606bb5426551260f24"
 		score = 60
 		quality = 85
@@ -298877,8 +299465,8 @@ rule SIGNATURE_BASE_SUSP_TINY_PE : FILE
 		date = "2019-10-23"
 		modified = "2023-12-05"
 		reference = "https://webserver2.tecgraf.puc-rio.br/~ismael/Cursos/YC++/apostilas/win32_xcoff_pe/tyne-example/Tiny%20PE.htm"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_file_anomalies.yar#L3-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_file_anomalies.yar#L3-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5eabfa8e0fd4d6d1376d263484fba985e7a4b05d68046be1f79c1dfdbbfff9e5"
 		score = 80
 		quality = 85
@@ -298899,8 +299487,8 @@ rule SIGNATURE_BASE_SUSP_GIF_Anomalies : FILE
 		date = "2020-07-02"
 		modified = "2023-12-05"
 		reference = "https://en.wikipedia.org/wiki/GIF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_file_anomalies.yar#L17-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_file_anomalies.yar#L17-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "64d17c8de72600cd889a802fd002faaaf9a3a17f7fa157ae5b2b620b28e6c439"
 		score = 60
 		quality = 85
@@ -298919,8 +299507,8 @@ rule SIGNATURE_BASE_SUSP_Hxd_Icon_Anomaly_May23_1 : FILE
 		date = "2023-05-29"
 		modified = "2023-12-05"
 		reference = "https://www.linkedin.com/feed/update/urn:li:activity:7068631930040188929/?utm_source=share&utm_medium=member_ios"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_file_anomalies.yar#L32-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_file_anomalies.yar#L32-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a328687ac8b868fb78a49188b286a8951c6043a7ff6ff0c7a23c3f9b3ef15eb2"
 		score = 65
 		quality = 85
@@ -298960,8 +299548,8 @@ rule SIGNATURE_BASE_SUSP_Qakbot_Uninstaller_Shellcode_Aug23
 		date = "2023-08-30"
 		modified = "2023-12-05"
 		reference = "https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_qakbot_uninstaller.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_qakbot_uninstaller.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "91d26c50bf29517aa68e709ca3b6f32f4ca390f4c2f48e48cd251bfdd5dbcc71"
 		score = 60
 		quality = 85
@@ -298982,8 +299570,8 @@ rule SIGNATURE_BASE_SUSP_Qakbot_Uninstaller_FBI_Aug23
 		date = "2023-08-31"
 		modified = "2023-12-05"
 		reference = "https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_qakbot_uninstaller.yar#L16-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_qakbot_uninstaller.yar#L16-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0ce963190502709edec9434e6a64cb9db7c5553113b686afc56a516350d76baa"
 		score = 60
 		quality = 85
@@ -299010,8 +299598,8 @@ rule SIGNATURE_BASE_CN_Tools_Xbat : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktool_scripts.yar#L10-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktool_scripts.yar#L10-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a7005acda381a09803b860f04d4cae3fdb65d594"
 		logic_hash = "c6dae76bbda7b43eef348c61e1330405923baf724f1aa5d2b51132dde89248fe"
 		score = 75
@@ -299035,8 +299623,8 @@ rule SIGNATURE_BASE_CN_Tools_Temp : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktool_scripts.yar#L26-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktool_scripts.yar#L26-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c3327ef63b0ed64c4906e9940ef877c76ebaff58"
 		logic_hash = "05fd1cb3f7c8b96ccf824013c130a0b21f43724463f8658e23239d009be7f4fe"
 		score = 75
@@ -299062,8 +299650,8 @@ rule SIGNATURE_BASE_CN_Tools_Srss : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktool_scripts.yar#L44-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktool_scripts.yar#L44-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "092ab0797947692a247fe80b100fb4df0f9c37a0"
 		logic_hash = "e01fd60adc32be26b0940ecc127a17bfcfe2ebfcf6cefea76ba6adc61d3c18d4"
 		score = 75
@@ -299087,8 +299675,8 @@ rule SIGNATURE_BASE_Dll_Unreg : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktool_scripts.yar#L60-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktool_scripts.yar#L60-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d5e24ba86781c332d0c99dea62f42b14e893d17e"
 		logic_hash = "0e534e475a5b4338aa53bea09325dd63a3d451a13b46a70b5208cabd2deecabe"
 		score = 75
@@ -299112,8 +299700,8 @@ rule SIGNATURE_BASE_Dll_Reg : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktool_scripts.yar#L76-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktool_scripts.yar#L76-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cb8a92fe256a3e5b869f9564ecd1aa9c5c886e3f"
 		logic_hash = "db2032d5689f9fcfc446d5ebe8a6d28c6dbd8bcd1d93769ec969d76f8add4f9d"
 		score = 75
@@ -299137,8 +299725,8 @@ rule SIGNATURE_BASE_Sbin_Squid : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktool_scripts.yar#L92-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktool_scripts.yar#L92-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8b795a8085c3e6f3d764ebcfe6d59e26fdb91969"
 		logic_hash = "c440bcfda55f926354ea5e462fe1e6a0e9e9585bb1c1539c0aa0588405a46105"
 		score = 75
@@ -299164,8 +299752,8 @@ rule SIGNATURE_BASE_Sql1433_Creck : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktool_scripts.yar#L110-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktool_scripts.yar#L110-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "189c11a3b268789a3fbcfac3bd4e03cbfde87b1d"
 		logic_hash = "2d9ff5f130d625450e7de41832695839f0427a6186569280a224f20e89fe1d8a"
 		score = 75
@@ -299190,8 +299778,8 @@ rule SIGNATURE_BASE_Sql1433_Start : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktool_scripts.yar#L127-L145"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktool_scripts.yar#L127-L145"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bd4be10f4c3a982647b2da1a8fb2e19de34eaf01"
 		logic_hash = "b7dfc2b04e838fa3a71487287a50e183443eb62b69cd23494294f231b43baf2f"
 		score = 75
@@ -299219,8 +299807,8 @@ rule SIGNATURE_BASE_POSHSPY_Malware
 		date = "2017-07-15"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_poshspy.yar#L11-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_poshspy.yar#L11-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e1f8b502950d2f7600041b5492f529682b9f5f2863c36ad40618b5ed78a94567"
 		score = 75
 		quality = 85
@@ -299247,8 +299835,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Csharpsetthreadcontext : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/CSharpSetThreadContext"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L6-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L6-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1fab70ce4bb1a00d8e8155ce7d859aa2f8d193dd40378a8fff0fdfb1c94f9a76"
 		score = 75
 		quality = 85
@@ -299271,8 +299859,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_DLL_Injection : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/ihack4falafel/DLL-Injection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L22-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L22-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a9ad0c7a68602214cf31d9b065b9b2c5f7eb616bcec0f3428e958c0f762282b2"
 		score = 75
 		quality = 85
@@ -299294,8 +299882,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Limeusb_Csharp : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/LimeUSB-Csharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L37-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L37-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cd5b12c43046e56ebef78104fd7a9389476686bd4adca4964fc8b559432ae236"
 		score = 75
 		quality = 85
@@ -299317,8 +299905,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ladon : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/k8gege/Ladon"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L52-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L52-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1a2c6d3bb2964847aaff4828bbd7b75301e287bcff3f27324bc7767c0f73820f"
 		score = 75
 		quality = 85
@@ -299340,8 +299928,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Whitelistevasion : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/khr0x40sh/WhiteListEvasion"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L67-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L67-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "38838b45c3c7359e49f890f5f7608e5a6026421e83b0ef7371c8558c571395a6"
 		score = 75
 		quality = 85
@@ -299363,8 +299951,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lime_Downloader : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Lime-Downloader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L82-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L82-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8086f6be648bcb5535b98aafc5fd898dc975273eec3c19a54263f74bb7c0f629"
 		score = 75
 		quality = 85
@@ -299386,8 +299974,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Darkeye : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/K1ngSoul/DarkEye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L97-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L97-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7571ed93fd3ea690549ab35682b0073e1c2b9ac57e36394d35794aba7c50b79e"
 		score = 75
 		quality = 85
@@ -299409,8 +299997,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpkatz : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/b4rtik/SharpKatz"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L112-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L112-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8899192a8006bb31ce4277fc371a30b301ffc1a42030ca3a4059a2b53c889bae"
 		score = 75
 		quality = 85
@@ -299432,8 +300020,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Externalc2 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/ryhanson/ExternalC2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L127-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L127-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "81042972411ab82da8460f9e263614f563bc67e3ce585f1a955b565b066ee8c9"
 		score = 75
 		quality = 85
@@ -299456,8 +300044,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Povlsomware : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/povlteksttv/Povlsomware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L143-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L143-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f8e246080ffcaa73ad727d2d9a1f2b75f2d413b49dff0c3b50831a41e1f14a2f"
 		score = 75
 		quality = 85
@@ -299479,8 +300067,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Runshellcode : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/zerosum0x0/RunShellcode"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L158-L171"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L158-L171"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5df20e170651f32e41a905992d0bb52542638e2d0a56841db900b70e324c9afe"
 		score = 75
 		quality = 85
@@ -299502,8 +300090,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharploginprompt : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/shantanu561993/SharpLoginPrompt"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L173-L186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L173-L186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e8abbc67d568956bf98e733b1e98910d0501225d4a0dc0bec6be9b572fcc2b36"
 		score = 75
 		quality = 85
@@ -299525,8 +300113,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Adamantium_Thief : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/LimerBoy/Adamantium-Thief"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L188-L201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L188-L201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "37303dd37952d08ca2f85d03b4a9a8d52a3c55870e1350bca7ac84749942dfd8"
 		score = 75
 		quality = 85
@@ -299548,8 +300136,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Psbypassclm : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/padovah4ck/PSByPassCLM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L203-L216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L203-L216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a2646ff961b5fc94035fae0b7e5afedc054dfcfe710701dbf9ba17674c2bb6c8"
 		score = 75
 		quality = 85
@@ -299571,8 +300159,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Physmem2Profit : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/FSecureLABS/physmem2profit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L218-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L218-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "57e6159bc047c372bb7fa9ac0f77183fe06fe3f41b83039f8b0185f2743cc774"
 		score = 75
 		quality = 85
@@ -299594,8 +300182,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Noamci : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/med0x2e/NoAmci"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L233-L246"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L233-L246"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7d934503bab7318930f958b1818037f00d3d5be7f5f89f3b519c5072bb4fee03"
 		score = 75
 		quality = 85
@@ -299617,8 +300205,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpblock : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/CCob/SharpBlock"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L248-L261"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L248-L261"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7bc689efc6f89ac685f1066da4e9735a0e2b985008679c51e14664cebdaebe4a"
 		score = 75
 		quality = 85
@@ -299640,8 +300228,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Nopowershell : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/bitsadmin/nopowershell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L263-L276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L263-L276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5e4088d451cdc939608fb82f0259d3b60ce8247dfd2f76de839681c9e3d60414"
 		score = 75
 		quality = 85
@@ -299663,8 +300251,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Limelogger : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/LimeLogger"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L278-L291"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L278-L291"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "58588726f5f548b9aa948eac6d752404aa43fed18ccd4340422a652b9b061c9b"
 		score = 75
 		quality = 85
@@ -299686,8 +300274,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aggressorscripts : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/harleyQu1nn/AggressorScripts"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L293-L306"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L293-L306"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b5d84b6dea0290b901f1d911f341a2b15ab42cf9197775d9bb2f613f4baeb69d"
 		score = 75
 		quality = 85
@@ -299709,8 +300297,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Gopher : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/EncodeGroup/Gopher"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L308-L321"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L308-L321"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "430727d064ae07a4ca4411ee78fe74c684ce21d287283467c1afb9795545003e"
 		score = 75
 		quality = 85
@@ -299732,8 +300320,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aviator : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Ch0pin/AVIator"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L323-L336"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L323-L336"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9101444f7d9306058a42b0325fefc0a088d1669932e4a6ba23b387829f01a097"
 		score = 75
 		quality = 85
@@ -299755,8 +300343,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Njcrypter : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xPh0enix/njCrypter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L338-L352"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L338-L352"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2e3c616b75e15ad082cf0871b7ef8e04f0c2a937000f4bea6927962451ac7f12"
 		score = 75
 		quality = 85
@@ -299779,8 +300367,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpminidump : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/b4rtik/SharpMiniDump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L354-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L354-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eea9a60c5d0acb1ffa7cbfec59f2a3f7f29b507fba2c3694480627c583d24c97"
 		score = 75
 		quality = 85
@@ -299802,8 +300390,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Cinarat : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/wearelegal/CinaRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L369-L383"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L369-L383"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d3e006450f3bd35d9d8b0d5c74470f555917d8b3583285ac3ac925ce2a83972b"
 		score = 75
 		quality = 85
@@ -299826,8 +300414,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Toxiceye : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/LimerBoy/ToxicEye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L385-L398"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L385-L398"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "58070408e4c08d20a3f37a2bf59f4b125ef4608e9ee3e7ed5fe1e26ad51b6c88"
 		score = 75
 		quality = 85
@@ -299849,8 +300437,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Disable_Windows_Defender : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Disable-Windows-Defender"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L400-L413"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L400-L413"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "65cc86433a3c4cb22ad54065b90010a0f3eb18ad8791c45343d103deea880195"
 		score = 75
 		quality = 85
@@ -299872,8 +300460,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dinvoke_Poc : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/dtrizna/DInvoke_PoC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L415-L428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L415-L428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "51299abecf7244d150e7c148b5896cd64bcf5817a9a962013d6a986891bd321f"
 		score = 75
 		quality = 85
@@ -299895,8 +300483,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Reverseshell : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/chango77747/ReverseShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L430-L444"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L430-L444"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cf8220444b6ffe810451e4754f8561e80acd99f8b5fbb013e8eef488b3c4243e"
 		score = 75
 		quality = 85
@@ -299919,8 +300507,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpc2 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/SharpC2/SharpC2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L446-L464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L446-L464"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5439cbe057d5735e3d35ac01966fc65ca0727e1c1c353564d38d1c20bb04484a"
 		score = 75
 		quality = 85
@@ -299947,8 +300535,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sneakyexec : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/HackingThings/SneakyExec"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L466-L479"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L466-L479"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cb2d505666c4395c9e43607468332c7559807d4da063eb69b31638f2520fee0e"
 		score = 75
 		quality = 85
@@ -299970,8 +300558,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Urbanbishoplocal : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/slyd0g/UrbanBishopLocal"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L481-L494"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L481-L494"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cd0ded2fbfbf0fb8c53928e3f1bc4425bfa6112b92b609f421d517f931814faa"
 		score = 75
 		quality = 85
@@ -299993,8 +300581,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpshell : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/cobbr/SharpShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L496-L510"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L496-L510"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9d49e6a85514fb47bd6875372cbbc8fc1d30e8572ce6e5caa594da07f58d4c06"
 		score = 75
 		quality = 85
@@ -300017,8 +300605,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Evilwmiprovider : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/sunnyc7/EvilWMIProvider"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L512-L525"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L512-L525"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "431aa788d1cd192803ad7a5cc66ea48b7a83d47e009c42280e3e77c6ffb8662c"
 		score = 75
 		quality = 85
@@ -300040,8 +300628,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Gadgettojscript : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/med0x2e/GadgetToJScript"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L527-L541"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L527-L541"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b072024bc927eaff8bb81bc660dd55a126f9b78e5db591042137b59647631544"
 		score = 75
 		quality = 85
@@ -300064,8 +300652,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Azurecli_Extractor : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/0x09AL/AzureCLI-Extractor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L543-L556"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L543-L556"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6c55a291ba3475a7c7faa2a0152c04b01066a3b3569a5fb052c092b08a8e75ae"
 		score = 75
 		quality = 85
@@ -300087,8 +300675,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_UAC_Escaper : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/UAC-Escaper"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L558-L571"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L558-L571"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8b7315970124c7997ca7d7d21e6c26ac9c905cdbc1ee009f7800b6bc98f9c3d4"
 		score = 75
 		quality = 85
@@ -300110,8 +300698,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Httpsbeaconshell : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/limbenjamin/HTTPSBeaconShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L573-L586"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L573-L586"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4e51832b9a5f7b82da2f11bcb34664b0a8d0308b0e823436f4339233c07213b3"
 		score = 75
 		quality = 85
@@ -300133,8 +300721,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Amsiscanbufferbypass : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/AmsiScanBufferBypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L588-L601"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L588-L601"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "227b9878e11d1e14aa216cc9d46364cff727b1443f4c18f083971be8dd5e603c"
 		score = 75
 		quality = 85
@@ -300156,8 +300744,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Shellcodeloader : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Hzllaga/ShellcodeLoader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L603-L616"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L603-L616"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3461e21a0a0661be9830023d56ecdd0434ab9f32328118ad87b2216061851127"
 		score = 75
 		quality = 85
@@ -300179,8 +300767,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Keystrokeapi : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/fabriciorissetto/KeystrokeAPI"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L618-L632"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L618-L632"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "36690992d1e5f3df52ad3a3fc218335ee78ce5e1bf7433fa769c8ee618f00b9e"
 		score = 75
 		quality = 85
@@ -300203,8 +300791,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Shellcoderunner : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/antman1p/ShellCodeRunner"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L634-L648"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L634-L648"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fecb1562fe42fa512ab3dd932019fa9ba2c09d574e909361c3af9e190cd5db17"
 		score = 75
 		quality = 85
@@ -300227,8 +300815,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Offensivecsharp : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/diljith369/OffensiveCSharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L650-L674"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L650-L674"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "64beb345845aeb7083a2c35d94fa433e95dd810b82c0cf392dd5e3de3bb5b110"
 		score = 75
 		quality = 85
@@ -300261,8 +300849,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_SHAPESHIFTER : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/matterpreter/SHAPESHIFTER"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L676-L689"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L676-L689"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "87804b4f657dd838e969e41320d08455470611688f1624632df03868d204490d"
 		score = 75
 		quality = 85
@@ -300284,8 +300872,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Evasor : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/cyberark/Evasor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L691-L704"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L691-L704"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "883dcb8214c036d4a81ee09f97f206f19f24c6a6526437ba61145cb01cb2b1ba"
 		score = 75
 		quality = 85
@@ -300307,8 +300895,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Stracciatella : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/mgeeky/Stracciatella"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L706-L719"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L706-L719"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ca28e325cd98f2c9793c434dfd57404e17ed80e57023095d877993a01ee718ee"
 		score = 75
 		quality = 85
@@ -300330,8 +300918,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Logger : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/xxczaki/logger"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L721-L734"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L721-L734"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bf77dcb7fccad566e998df42e9a8248a117a8636500b80fe885d756cfa999f37"
 		score = 75
 		quality = 85
@@ -300353,8 +300941,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Internal_Monologue : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/eladshamir/Internal-Monologue"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L736-L750"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L736-L750"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "983273ebcba36e8a22d5bda8bdbba0e1fb31fb128a76a7b39aa012bc83873aff"
 		score = 75
 		quality = 85
@@ -300377,8 +300965,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_GRAT2 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/r3nhat/GRAT2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L752-L765"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L752-L765"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "535f24d46b317dc5c74779931deb92dd922a79cba4f48588763a3d717bbdec82"
 		score = 75
 		quality = 85
@@ -300400,8 +300988,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Powershdll : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/p3nt4/PowerShdll"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L767-L780"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L767-L780"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0c2b4a2e3008605c35296d2064d4ab3dbb62230db57d1756f0c11e47a303c007"
 		score = 75
 		quality = 85
@@ -300423,8 +301011,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Csharpamsibypass : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/WayneJLee/CsharpAmsiBypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L782-L795"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L782-L795"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "65daf297f51dd75ed3616504df96aea9b7a61aebd5a3b43c208f1709daedc193"
 		score = 75
 		quality = 85
@@ -300446,8 +301034,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hastyseries : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/obscuritylabs/HastySeries"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L797-L819"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L797-L819"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4987c7afbf339a6a21634eb4647a0b09bfa149d330b7fb2aea2467a25e629c62"
 		score = 75
 		quality = 85
@@ -300478,8 +301066,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dreamprotectorfree : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Paskowsky/DreamProtectorFree"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L821-L834"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L821-L834"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bd8a6373695b9ab69fdf9e7f4a65c2db4e7a5f6f04f6d308ec352322a396aa44"
 		score = 75
 		quality = 85
@@ -300501,8 +301089,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Redsharp : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/padovah4ck/RedSharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L836-L849"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L836-L849"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b751bedba84e8fc253686a7acd33e46a96140f2903f99ce1df6b4932d475bf30"
 		score = 75
 		quality = 85
@@ -300524,8 +301112,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_ESC : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NetSPI/ESC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L851-L865"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L851-L865"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0a8244145b25260912c8b1d2968fe33fb8497762a6d8f2bbb88a734346990d55"
 		score = 75
 		quality = 85
@@ -300548,8 +301136,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Csharp_Loader : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Csharp-Loader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L867-L880"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L867-L880"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aa1a176ce3dbf6ae43d921822d2ab1689a4bf74077fa2a9aa72534ab3cfa3ecc"
 		score = 75
 		quality = 85
@@ -300571,8 +301159,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Bantam : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/gellin/bantam"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L882-L895"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L882-L895"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2dce37cd31fa359658519bd50fbb335fc6fd82af5e78a4d86d173d3628e0951f"
 		score = 75
 		quality = 85
@@ -300594,8 +301182,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharptask : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/jnqpblc/SharpTask"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L897-L910"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L897-L910"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c3f4ddf4ea9389e01611880a47f2a199938e9a5e0f05df4e7f772f7a9acedc61"
 		score = 75
 		quality = 85
@@ -300617,8 +301205,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Windowsplague : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/RITRedteam/WindowsPlague"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L912-L925"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L912-L925"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "01ad0621f2bb129fd963093b65cd054bc2a2e185f21041c779b02b1e63475a1c"
 		score = 75
 		quality = 85
@@ -300640,8 +301228,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Misc_Csharp : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/jnqpblc/Misc-CSharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L927-L941"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L927-L941"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "32893d4396842c3df3756d7090a1e86bf73c5ad2476aab5d6c53db8bdae9c31a"
 		score = 75
 		quality = 85
@@ -300664,8 +301252,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpspray : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/jnqpblc/SharpSpray"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L943-L956"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L943-L956"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "15ad567589656894f0da6ee56c26f48868936db015d0b41c04ccd6fd56f5753e"
 		score = 75
 		quality = 85
@@ -300687,8 +301275,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Obfuscator : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/3xpl01tc0d3r/Obfuscator"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L958-L971"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L958-L971"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "523ce9e83bd6cd7152d86fe77a441a3f721d79f8df45c4041e47cae4b15673d5"
 		score = 75
 		quality = 85
@@ -300710,8 +301298,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Safetykatz : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/SafetyKatz"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L973-L986"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L973-L986"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "08b1e8ee951140dc6ac07f2646e0bf84bb22bea9948d231e1ba8d4cf0a28a2e8"
 		score = 75
 		quality = 85
@@ -300733,8 +301321,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dropless_Malware : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Dropless-Malware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L988-L1001"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L988-L1001"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "833b7758aea58d3065c2c3153f0ab21b7b6a54f7e7083655f2a52c2861080f7d"
 		score = 75
 		quality = 85
@@ -300756,8 +301344,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_UAC_Silentclean : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/EncodeGroup/UAC-SilentClean"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1003-L1016"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1003-L1016"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "32d331148578923e7f5017ce874f9daa234a759ea5a87cbddc1e111834acf920"
 		score = 75
 		quality = 85
@@ -300779,8 +301367,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Desktopgrabber : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/DesktopGrabber"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1018-L1031"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1018-L1031"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1937fa6b9e5af3c12a2eef6356aed2c93e6534db492ebc7a8955c4cac240a840"
 		score = 75
 		quality = 85
@@ -300802,8 +301390,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Wsmanager : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/guillaC/wsManager"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1033-L1046"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1033-L1046"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cbcdcf8c4895263b881f45f54df01b6a6a3d76cf1be195475217ccffa9eedfed"
 		score = 75
 		quality = 85
@@ -300825,8 +301413,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Uglyexe : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/fashionproof/UglyEXe"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1048-L1061"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1048-L1061"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "caf7c8ae7060822e0014710e521020e5d502eedb505165374b7600b11dea7bad"
 		score = 75
 		quality = 85
@@ -300848,8 +301436,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpdump : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/SharpDump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1063-L1076"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1063-L1076"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "95217122df1b56132e7774c10c0e993d914cdf8e2463f949cfbab59cb0d99ca4"
 		score = 75
 		quality = 85
@@ -300871,8 +301459,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Educationalrat : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/securesean/EducationalRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1078-L1091"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1078-L1091"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c46fee5ff948537fb1defe636f3987b3de52b2e37a1130b4b425c6645d74b11b"
 		score = 75
 		quality = 85
@@ -300894,8 +301482,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Stealth_Kid_RAT : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/ctsecurity/Stealth-Kid-RAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1093-L1107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1093-L1107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9a885a48053d501273fc8043e990166558458239781feb9e09f972c52d57e8da"
 		score = 75
 		quality = 85
@@ -300918,8 +301506,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcradle : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/anthemtotheego/SharpCradle"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1109-L1122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1109-L1122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4213877aaf5606c9e5f3f38a1f057f8068e0fa062a5f1eb4389d83c6032df6c3"
 		score = 75
 		quality = 85
@@ -300941,8 +301529,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Bypassuac : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/cnsimo/BypassUAC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1124-L1138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1124-L1138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "05dbd4d443664735a10bd48dbbda4edf7ba3756c9dd3f53cb25e066e8f5f1b61"
 		score = 75
 		quality = 85
@@ -300965,8 +301553,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hanzoinjection : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/P0cL4bs/hanzoInjection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1140-L1153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1140-L1153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "692e5288fffb8eb65b6f84017c31bb3d5d7320c141cd5a60eef6d9482385bb88"
 		score = 75
 		quality = 85
@@ -300988,8 +301576,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Clr_Meterpreter : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/OJ/clr-meterpreter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1155-L1173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1155-L1173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5d48897457c5f3ea7a9c24a24ab63207c3841bc3ac444d1c42987cb291f05941"
 		score = 75
 		quality = 85
@@ -301016,8 +301604,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_BYTAGE : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/KNIF/BYTAGE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1175-L1188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1175-L1188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2d295501a64515a68bbd9a3c7f0f5ca0bbf59df5f6c91dd66d2ce6e744ce3fc1"
 		score = 75
 		quality = 85
@@ -301039,8 +301627,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Multios_Reverseshell : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/belane/MultiOS_ReverseShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1190-L1203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1190-L1203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a0b7f881aee1097dcbbd39a832073aada103b23ebc5b167052e9483083fec02d"
 		score = 75
 		quality = 85
@@ -301062,8 +301650,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hidefromamsi : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/0r13lc0ch4v1/HideFromAMSI"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1205-L1218"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1205-L1218"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "05fccd4c7346c1ac1830984f945f5d37ca3e44a479287d681dfdb06d200764f1"
 		score = 75
 		quality = 85
@@ -301085,8 +301673,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dotnetavbypass_Master : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/lockfale/DotNetAVBypass-Master"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1220-L1233"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1220-L1233"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3382613db4970475922fb7db70b6ce4f9c247f083a2164b86ba9e81a770e0e36"
 		score = 75
 		quality = 85
@@ -301108,8 +301696,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpdpapi : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/SharpDPAPI"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1235-L1249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1235-L1249"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "70f40bc48eeba3f835a280e7e2ce06b2a16179be9914d5c2548c820b02f4c837"
 		score = 75
 		quality = 85
@@ -301132,8 +301720,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Telegra_Csharp_C2 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/sf197/Telegra_Csharp_C2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1251-L1264"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1251-L1264"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ebdec8d1781ffc106f93f3686eb96e6b79810fbb0c7b1eb7cbbb161397298adc"
 		score = 75
 		quality = 85
@@ -301155,8 +301743,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcompile : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/SpiderLabs/SharpCompile"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1266-L1279"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1266-L1279"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a8b46bf3017f336dc669b6c81a339953cc8931df49283b67172f45d1715ef422"
 		score = 75
 		quality = 85
@@ -301178,8 +301766,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Carbuncle : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/checkymander/Carbuncle"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1281-L1294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1281-L1294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f792c3ed1f62915635dc9090cc608475701d1a4ec60810946336a5d72280af48"
 		score = 75
 		quality = 85
@@ -301201,8 +301789,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ossfiletool : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/B1eed/OSSFileTool"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1296-L1309"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1296-L1309"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0dda05d0a53babdf83a2edf9ac0ed21954c059baa73963c79fb840c737865df1"
 		score = 75
 		quality = 85
@@ -301224,8 +301812,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Rubeus : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/Rubeus"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1311-L1324"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1311-L1324"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3d2df79b86b2c1eb4721ee9b6fce920db3e48f9cf96fa693876a6d7d8dad54e6"
 		score = 75
 		quality = 85
@@ -301247,8 +301835,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Simple_Loader : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/cribdragg3r/Simple-Loader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1326-L1339"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1326-L1339"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0dff8268f2c0c0764736727c78c648567b42cd3e177a7b73aa47a5afdf2f6d4a"
 		score = 75
 		quality = 85
@@ -301270,8 +301858,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Minidump : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/3xpl01tc0d3r/Minidump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1341-L1354"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1341-L1354"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "798c1c569b224442c2f7b98254062e8cd3b008cb6d7aefef3063d9d57dbfbaee"
 		score = 75
 		quality = 85
@@ -301293,8 +301881,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpbypassuac : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/FatRodzianko/SharpBypassUAC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1356-L1369"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1356-L1369"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa9aae20fc35bba3b88e32f03e832579ee48d03303e789a13949a859a6da1a3d"
 		score = 75
 		quality = 85
@@ -301316,8 +301904,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharppack : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Lexus89/SharpPack"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1371-L1391"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1371-L1391"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "43701a68c6bbb5fc1217f9b47096dcc87d2b1ffa9399ba50df9f7e99cec2c0d8"
 		score = 75
 		quality = 85
@@ -301346,8 +301934,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Salsa_Tools : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Hackplayers/Salsa-tools"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1393-L1407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1393-L1407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "086108496c5ff6df15a26453da7f0922c29132fd4136cca9a02c21afc9c55ad5"
 		score = 75
 		quality = 85
@@ -301370,8 +301958,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Windowsdefender_Payload_Downloader : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/notkohlrexo/WindowsDefender-Payload-Downloader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1409-L1422"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1409-L1422"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "587784216f3cf47e291219e08dc2b38bd43b11519d612eaccc631539ecc27c60"
 		score = 75
 		quality = 85
@@ -301393,8 +301981,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Privilege_Escalation : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Mrakovic-ORG/Privilege_Escalation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1424-L1437"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1424-L1437"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "18f5d4f917e1e3f0902ab50d6ae2c249782c65d0fc1ed4bc4d06ffae4d286598"
 		score = 75
 		quality = 85
@@ -301416,8 +302004,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Marauder : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/maraudershell/Marauder"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1439-L1452"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1439-L1452"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b1a14c6dd80beedd1f385f3b85cec44a443020a76d4da03ea3a53e1c7c0a7b82"
 		score = 75
 		quality = 85
@@ -301439,8 +302027,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_AV_Evasion_Tool : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/1y0n/AV_Evasion_Tool"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1454-L1468"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1454-L1468"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9962ed855d43e12ecfcb38337e20db714315d0ec9d83f74d115765a973939b5c"
 		score = 75
 		quality = 85
@@ -301463,8 +302051,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Fenrir : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/nccgroup/Fenrir"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1470-L1483"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1470-L1483"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9b62914aea33db4027c62ecf57854d20942197d1b9212245d1932c0a6b80fe5f"
 		score = 75
 		quality = 85
@@ -301486,8 +302074,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Stormkitty : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/LimerBoy/StormKitty"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1485-L1499"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1485-L1499"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e346a56a555fe8fae6d5f3704a39b97e82de79160da93cba7646eb7d6a98d5a8"
 		score = 75
 		quality = 85
@@ -301510,8 +302098,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Crypter_Runtime_AV_S_Bypass : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/netreverse/Crypter-Runtime-AV-s-bypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1501-L1514"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1501-L1514"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4427fdd90b88576b05bc47c0a24a6daa92e066868e3c738007bfcf9c29058b2e"
 		score = 75
 		quality = 85
@@ -301533,8 +302121,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Runasuser : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/atthacks/RunAsUser"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1516-L1529"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1516-L1529"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8ac64be85ae1a55c3390dace5e43580453568758a712bdca0a5e81817d0a7fb0"
 		score = 75
 		quality = 85
@@ -301556,8 +302144,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hwidbypass : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/yunseok/HWIDbypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1531-L1544"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1531-L1544"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1b19d3560fdf5bfbfd3c4fb434474cdde5efa42de611fb97e76312664b8cedb7"
 		score = 75
 		quality = 85
@@ -301579,8 +302167,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Xoredreflectivedll : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/r3nhat/XORedReflectiveDLL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1546-L1560"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1546-L1560"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "92df3b5c8d1b531dd4b4d04ba53aa6ae5ebf9d1f6869a0d46cd972b082fa1b9f"
 		score = 75
 		quality = 85
@@ -301603,8 +302191,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharp_Suite : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/FuzzySecurity/Sharp-Suite"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1562-L1596"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1562-L1596"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cffb4eae9fe3f2034fb03defcd0e0f3f1abaaa2638b137bdfdf67d071e055d42"
 		score = 75
 		quality = 83
@@ -301646,8 +302234,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Rat_Shell : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/stphivos/rat-shell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1598-L1612"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1598-L1612"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3d88c891393c914b4b1520bbdb575e78740f21bd361fe4187fdd08aeed708540"
 		score = 75
 		quality = 85
@@ -301670,8 +302258,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dotnet_Gargoyle : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/countercept/dotnet-gargoyle"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1614-L1629"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1614-L1629"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c7ad2c6c775ed6355dd93b06e31e04916277564301b45fe13b69d3e25dcd7bad"
 		score = 75
 		quality = 85
@@ -301695,8 +302283,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aresskit : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/BlackVikingPro/aresskit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1631-L1644"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1631-L1644"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3f7c2cb5dee0d77f70ea1fe231e498d1a16c11f92a8b930c9a603fa64a54cec0"
 		score = 75
 		quality = 85
@@ -301718,8 +302306,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_DLL_Injector : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/tmthrgd/DLL-Injector"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1646-L1660"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1646-L1660"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fe92cb643d8ddbc0d8d09a88e90655965001375d05c799d6c2437e6c94b26c7a"
 		score = 75
 		quality = 85
@@ -301742,8 +302330,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Trufflesnout : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/dsnezhkov/TruffleSnout"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1662-L1675"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1662-L1675"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "03b340ccf4b314ec5d3c33e83e5a47b55e935a8e55acbd6bd9daba43443d53a1"
 		score = 75
 		quality = 85
@@ -301765,8 +302353,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Anti_Analysis : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Anti-Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1677-L1690"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1677-L1690"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1a4141b376afbf36a7a9aa340ea5514b85dd6b0fab003554bae06c0240c98a79"
 		score = 75
 		quality = 85
@@ -301788,8 +302376,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Backnet : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/valsov/BackNet"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1692-L1708"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1692-L1708"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "82ab970de2e27e711c502903cc2ede47da296df3ea346c870698c920a4ece282"
 		score = 75
 		quality = 85
@@ -301814,8 +302402,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Allthethings : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/johnjohnsp1/AllTheThings"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1710-L1723"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1710-L1723"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a4a562e4db2477be34fa4ccf2c83afafc7aafead3a9eae434b4bc0a5ea6430f7"
 		score = 75
 		quality = 85
@@ -301837,8 +302425,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Addreferencedotredteam : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/ceramicskate0/AddReferenceDotRedTeam"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1725-L1738"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1725-L1738"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ec7e0c39db13d212ff9aac4ec8d7d9b4274f3a404997f9291dcbfeaf311f31b4"
 		score = 75
 		quality = 85
@@ -301860,8 +302448,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lime_Crypter : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Lime-Crypter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1740-L1753"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1740-L1753"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ab4243f5e4efcadc9d1a9a34bdb4d5aedcf500accf4cb3681a73015c7f3f6900"
 		score = 75
 		quality = 85
@@ -301884,8 +302472,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Browserghost : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/QAX-A-Team/BrowserGhost"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1755-L1770"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1755-L1770"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "448177aae4b0b2f17faefb22599649b7264c85e3af96b1d78bab6ada891b7a82"
 		score = 75
 		quality = 85
@@ -301907,8 +302495,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpshot : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/tothi/SharpShot"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1772-L1785"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1772-L1785"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "65bbe20eb2aac648648b828c176e418648ebdc6372d287e4bc3b0d3edf233e86"
 		score = 75
 		quality = 85
@@ -301930,8 +302518,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Offensive__NET : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/mrjamiebowman/Offensive-.NET"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1787-L1800"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1787-L1800"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dddbee2e6d1cd4046f91192fe26841cc6c359dd9188d472c8b2acca691c15a34"
 		score = 75
 		quality = 85
@@ -301953,8 +302541,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ruralbishop : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/RuralBishop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1802-L1815"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1802-L1815"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8dfa8652507851305da814b1410a7854be2c1c78cac325881118829be3456776"
 		score = 75
 		quality = 85
@@ -301976,8 +302564,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Deviceguardbypasses : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/tyranid/DeviceGuardBypasses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1817-L1835"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1817-L1835"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aff1a0236c532d5822a440f1d9a0a0265b422ebe0b53d799d53e838aef5f64ad"
 		score = 75
 		quality = 85
@@ -302004,8 +302592,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_AMSI_Handler : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/two06/AMSI_Handler"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1837-L1853"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1837-L1853"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3b27157331b3b9f6897134172f7dd9198fad7747c12d1020cb3e2d924c2910ce"
 		score = 75
 		quality = 85
@@ -302030,8 +302618,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_RAT_Telegramspybot : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/SebastianEPH/RAT.TelegramSpyBot"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1855-L1868"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1855-L1868"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9fc671ef600548d962a2d5ab12ba3111ed19e83ef96d2d536eb343bb8fb4b0d2"
 		score = 75
 		quality = 85
@@ -302053,8 +302641,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Thehacktoolboxteek : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/teeknofil/TheHackToolBoxTeek"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1870-L1889"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1870-L1889"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f18d6be2789371f3db649d0df3fc31a2e97604b399873c9843c1e08c981be0da"
 		score = 75
 		quality = 85
@@ -302082,8 +302670,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Usbtrojan : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/mashed-potatoes/USBTrojan"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1891-L1904"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1891-L1904"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2280803c42311b8b78a51f0917d9fb4cdd8ca427ce2361372914e5922a1a0b68"
 		score = 75
 		quality = 85
@@ -302105,8 +302693,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_IIS_Backdoor : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/WBGlIl/IIS_backdoor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1906-L1920"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1906-L1920"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "61fcba7e59ac005db140d8eee1d8a1fd4ce8cd18c069053270e0195ee9d63ccc"
 		score = 75
 		quality = 85
@@ -302129,8 +302717,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Shellgen : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/jasondrawdy/ShellGen"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1922-L1935"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1922-L1935"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "80c7291653e6cb5d7ef4d69390f7508cd95149d92b59aa3b5c8e6e0fe3723bfe"
 		score = 75
 		quality = 85
@@ -302152,8 +302740,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Mass_RAT : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Mass-RAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1937-L1952"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1937-L1952"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "53ef9b1d44e6497bafe0982f2e6be65240fcf5684a7b5a6c32a704ab3b7e085c"
 		score = 75
 		quality = 85
@@ -302177,8 +302765,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Browser_Externalc2 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/mdsecactivebreach/Browser-ExternalC2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1954-L1967"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1954-L1967"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1a0027775fb2a06d01cfe30c85ce03e11cf43976abe9bf7b2c61895a55d26404"
 		score = 75
 		quality = 85
@@ -302200,8 +302788,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Offensivepowershelltasking : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/leechristensen/OffensivePowerShellTasking"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1969-L1983"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1969-L1983"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "21d7192eaefeeed030b1ef1be29b54c12826914dc6f0945789f3690a39bee217"
 		score = 75
 		quality = 85
@@ -302224,8 +302812,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dohc2 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/SpiderLabs/DoHC2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L1985-L1998"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L1985-L1998"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1601c438c4359d3daa1b5b3cc36a82e049a5ed379ec7a52cdd4a9bca83518dd3"
 		score = 75
 		quality = 85
@@ -302247,8 +302835,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Syscallpoc : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/SolomonSklash/SyscallPOC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2000-L2014"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2000-L2014"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a12628052d5c1043b3aae0bedb62908a35cb27871e329f84b0fc22e29149f89e"
 		score = 75
 		quality = 85
@@ -302271,8 +302859,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Pen_Test_Tools : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/awillard1/Pen-Test-Tools"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2016-L2040"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2016-L2040"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dc124d65fd724a2e73c708925f44fd87dcd067c121f2875a15ed790c84405899"
 		score = 50
 		quality = 85
@@ -302305,8 +302893,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_The_Collection : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Tlgyt/The-Collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2042-L2059"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2042-L2059"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d8e28d972aaf44caff35bf982788a6e9b69d0acce4b11c8cfa00c65466412305"
 		score = 75
 		quality = 85
@@ -302332,8 +302920,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Change_Lockscreen : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/nccgroup/Change-Lockscreen"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2061-L2074"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2061-L2074"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6b3cd265c6ccdae529a52c3609610f0e633f0112180afd63a5d9892e78d12ef1"
 		score = 75
 		quality = 85
@@ -302355,8 +302943,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_LOLBITS : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Kudaes/LOLBITS"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2076-L2089"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2076-L2089"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa5978a49940cef63308ae228607eff22d19ea05373b2c4a3a293074af422b20"
 		score = 75
 		quality = 85
@@ -302378,8 +302966,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Keylogger : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/BlackVikingPro/Keylogger"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2091-L2104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2091-L2104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "490fb06375b32c70041754e8855cc1d26b76531d24a58bb0b719a998fdb809d6"
 		score = 75
 		quality = 85
@@ -302401,8 +302989,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2020_1337 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/neofito/CVE-2020-1337"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2106-L2119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2106-L2119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "05d557a3592845030880c3b87d8134565c2858db89218e1c38edbb025b945d72"
 		score = 75
 		quality = 85
@@ -302424,8 +303012,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharplogger : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/SharpLogger"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2121-L2134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2121-L2134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9f63dc6bf41b6a062e80b6726c86bbeb7db68e319a78d1bd0187eef234a1c090"
 		score = 75
 		quality = 85
@@ -302447,8 +303035,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Asyncrat_C_Sharp : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2136-L2159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2136-L2159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ac6319ecfbfc2ddb096b8674a9b494d9460181ebaa2b32ee337d46f6dd33f21d"
 		score = 75
 		quality = 85
@@ -302480,8 +303068,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Darkfender : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xyg3n/DarkFender"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2161-L2174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2161-L2174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2afa4ff5719cb5b3a53b45a880e08e2cac6df8bb1ff053ee290ad6b025f9a6b5"
 		score = 75
 		quality = 85
@@ -302503,8 +303091,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Minerdropper : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/DylanAlloy/MinerDropper"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2194-L2208"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2194-L2208"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1a604745a0d95c54be0d1b183486aad0751aee825574500fbff6380571565a18"
 		score = 75
 		quality = 85
@@ -302527,8 +303115,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpdomainspray : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/HunnicCyber/SharpDomainSpray"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2210-L2223"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2210-L2223"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "da8a964691758e8179199b5725b0811a5b37de964f6a5fa01d6adac286bc544a"
 		score = 75
 		quality = 85
@@ -302550,8 +303138,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ispykeylogger : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/mwsrc/iSpyKeylogger"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2225-L2241"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2225-L2241"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0c0b0a8d53efc5e922f73eec7550e6927f19aaef950921fde95b7bd651adeec7"
 		score = 75
 		quality = 85
@@ -302576,8 +303164,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Solarflare : FILE
 		date = "2020-12-15"
 		modified = "2025-08-15"
 		reference = "https://github.com/mubix/solarflare"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2243-L2256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2243-L2256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9968c4f65672e98ec1ced26e2344e9b12141e3ea7e58be650d077089c9f6bd1c"
 		score = 75
 		quality = 85
@@ -302599,8 +303187,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Snaffler : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/SnaffCon/Snaffler"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2258-L2272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2258-L2272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a99f8012e45bbc7b689c49d2f6b5e86918b3984ce211fc4b459b6297d75c233a"
 		score = 75
 		quality = 85
@@ -302623,8 +303211,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpshares : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/SharpShares/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2274-L2287"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2274-L2287"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "09151f0ee360aaa74ebd0fe809ee45135705475a8559f78762ea80e261d173f3"
 		score = 75
 		quality = 85
@@ -302646,8 +303234,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpedrchecker : FILE
 		date = "2020-12-18"
 		modified = "2025-08-15"
 		reference = "https://github.com/PwnDexter/SharpEDRChecker"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2289-L2302"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2289-L2302"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9a5a192bb5aedf801465760fd362e0917c7a68c97058c82d0954ce44d3632c43"
 		score = 75
 		quality = 85
@@ -302669,8 +303257,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcliphistory : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/FSecureLABS/SharpClipHistory"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2304-L2317"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2304-L2317"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "18558f9c446847d2021c3f2a99315c490fc26b1c585dd8a7a0ba4470be8d1e45"
 		score = 75
 		quality = 85
@@ -302692,8 +303280,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpgpo_Remoteaccesspolicies : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/FSecureLABS/SharpGPO-RemoteAccessPolicies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2319-L2332"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2319-L2332"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e2e3168f733ce8a3e6129e4f2faa6a90a47f6cfc683c840032c0323170720a1b"
 		score = 75
 		quality = 85
@@ -302715,8 +303303,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Absinthe : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/cameronhotchkies/Absinthe"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2334-L2347"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2334-L2347"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "54040db5bdcfc711a26401d082693471c3f98fc043a550d1253f72a2d2611ae4"
 		score = 75
 		quality = 85
@@ -302738,8 +303326,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Exploitremotingservice : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/tyranid/ExploitRemotingService"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2349-L2364"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2349-L2364"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b22513722be15f582d06c23fb6db53722c0edf2f89f17e28ca067f431ffd4616"
 		score = 75
 		quality = 85
@@ -302763,8 +303351,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Xploit : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/shargon/Xploit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2366-L2389"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2366-L2389"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0b622acce9ff8186266c69d4ca097902027f5ca652408bfa4ec36fa145e14737"
 		score = 75
 		quality = 85
@@ -302796,8 +303384,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Poc : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/thezdi/PoC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2391-L2404"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2391-L2404"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f3001a60ce4b6415de2cb035ab56023cd2ee5f4c73e745d87409e5fef1fc9e8a"
 		score = 75
 		quality = 85
@@ -302819,8 +303407,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpgpoabuse : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/FSecureLABS/SharpGPOAbuse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2406-L2419"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2406-L2419"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "683be1b4cee3ba705146f62cdc36c99ce5e4711cd38aec8103584321afd934f1"
 		score = 75
 		quality = 85
@@ -302842,8 +303430,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Watson : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/Watson"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2421-L2434"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2421-L2434"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0fa1d96e9c9fdd612f092dbdcde980956cf4bf24b384991d77737af43637bb34"
 		score = 75
 		quality = 85
@@ -302865,8 +303453,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Standin : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/FuzzySecurity/StandIn"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2436-L2449"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2436-L2449"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "db008e841cef47916e06167661b3825d1272357a347f522ccea25cc887438480"
 		score = 75
 		quality = 85
@@ -302888,8 +303476,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Azure_Password_Harvesting : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/guardicore/azure_password_harvesting"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2451-L2464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2451-L2464"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eac946e4110f9e7fdcc69ca562ed37a5e77216a325ccd11e29ec7348c2dd12d4"
 		score = 75
 		quality = 85
@@ -302911,8 +303499,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Powerops : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/fdiskyou/PowerOPS"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2466-L2479"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2466-L2479"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7afb5a5c5eaaba574f31d2041ec2e23f969508bac76aeb58a98714b06b8e6ae7"
 		score = 75
 		quality = 85
@@ -302934,8 +303522,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Random_Csharptools : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/xorrior/Random-CSharpTools"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2481-L2500"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2481-L2500"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "633cfdc2f1950f36474e15cb186fc4673e7cbc9417fdbee61409b14be94bc6cb"
 		score = 75
 		quality = 85
@@ -302963,8 +303551,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2020_0668 : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/RedCursorSecurityConsulting/CVE-2020-0668"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2502-L2515"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2502-L2515"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ac81e20fa9e5a4f701172d3e68c016b33e5cbda6053505d46f761337fb374161"
 		score = 75
 		quality = 85
@@ -302986,8 +303574,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Windowsrpcclients : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/tyranid/WindowsRpcClients"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2517-L2536"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2517-L2536"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2e99c98514bde102450b119cda3cc3c20d7680de5ccbbf64124b719fb8333e8d"
 		score = 75
 		quality = 85
@@ -303015,8 +303603,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpfruit : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rvrsh3ll/SharpFruit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2538-L2551"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2538-L2551"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "da59a7c8fb038171a560d337a49f33a28a2ea88e4c7b08df12eaeb85906c0753"
 		score = 75
 		quality = 85
@@ -303038,8 +303626,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwitness : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/SharpWitness"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2553-L2566"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2553-L2566"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9a9bc18362347f55b77ec275ad377da9e72ac8a65cab06a867ae55b61b69e7cd"
 		score = 75
 		quality = 85
@@ -303061,8 +303649,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Rexcrypter : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/syrex1013/RexCrypter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2568-L2581"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2568-L2581"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fc8bd8eaa3561431bc8886de74b1d569d5fa1f2de7f866146669b4e918a3bf30"
 		score = 75
 		quality = 85
@@ -303084,8 +303672,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpersist : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/fireeye/SharPersist"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2583-L2596"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2583-L2596"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "265f42a83973cacb82d4ff12db210ad6cb10265acc38724ed895dc772cf7855e"
 		score = 75
 		quality = 85
@@ -303107,8 +303695,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2019_1253 : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/padovah4ck/CVE-2019-1253"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2598-L2611"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2598-L2611"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f365dcec83696032370192d95312999d3baa950379472b99af17687a501dfa9c"
 		score = 75
 		quality = 85
@@ -303130,8 +303718,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Scout : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/jaredhaight/scout"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2613-L2626"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2613-L2626"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b677eb07dde231e1d6d542aaafcc0350ce51a66c5396949dd0f1d41311a822b5"
 		score = 75
 		quality = 85
@@ -303153,8 +303741,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Grouper2 : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/l0ss/Grouper2/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2628-L2641"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2628-L2641"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b89180f81c4231ea03bb49631b0931b2b7e4ff9e97f44798dd50f6fa4d12b75f"
 		score = 75
 		quality = 85
@@ -303176,8 +303764,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Casperstager : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/ustayready/CasperStager"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2643-L2657"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2643-L2657"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "556dd774b6ba38371951ca416133573b0539d699671200e3accfe5bc6fbc979d"
 		score = 75
 		quality = 85
@@ -303200,8 +303788,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Tellmeyoursecrets : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xbadjuju/TellMeYourSecrets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2659-L2672"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2659-L2672"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b606c11986ff26d279db58c088633f39eddb41c96c2510f7738cfcef5ff4941f"
 		score = 75
 		quality = 85
@@ -303223,8 +303811,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpexcel4_DCOM : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rvrsh3ll/SharpExcel4-DCOM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2674-L2687"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2674-L2687"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "278eeabdfa26eec5f9e6d2fba093b4698a9813813f644b65e4e28791b600a5dc"
 		score = 75
 		quality = 85
@@ -303246,8 +303834,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpshooter : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/mdsecactivebreach/SharpShooter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2689-L2702"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2689-L2702"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "79a63f9a24b94327b5b720c415143977c7fba088930dd94f6f2f2784770d182d"
 		score = 75
 		quality = 85
@@ -303269,8 +303857,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Nomsbuild : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rvrsh3ll/NoMSBuild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2704-L2718"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2704-L2718"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "df8bfecf2f983975a4885cbabc79d2b42c1281bdd918aa0fc9fa50ef75bbfe5d"
 		score = 75
 		quality = 85
@@ -303293,8 +303881,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Teleshadow2 : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/ParsingTeam/TeleShadow2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2720-L2734"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2720-L2734"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "df4f26856b5ee348393ddb41e53bdfc8e2bed58ed9fc7b4f758cd1746431d85c"
 		score = 75
 		quality = 85
@@ -303317,8 +303905,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Badpotato : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/BeichenDream/BadPotato"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2736-L2749"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2736-L2749"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b78b623666279dab22c263a5a925fc665646ddcc24d1638ebe54bad2ccd5ed4c"
 		score = 75
 		quality = 85
@@ -303340,8 +303928,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lethalhta : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/codewhitesec/LethalHTA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2751-L2765"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2751-L2765"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ebcf9df0cdbab82ee2eea25479058366651746990b32e5af7cbf4da7dae8fafe"
 		score = 75
 		quality = 85
@@ -303364,8 +303952,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpstat : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/Raikia/SharpStat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2767-L2780"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2767-L2780"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b163520c47d593244a66ee64071147824486bde4174a5276972a3329b0271a73"
 		score = 75
 		quality = 85
@@ -303387,8 +303975,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sneakyservice : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/malcomvetter/SneakyService"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2782-L2795"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2782-L2795"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3f9e4a9666875e8b70ced55924f7dae661e9be6e033bafe4efc1614fb65a7f08"
 		score = 75
 		quality = 85
@@ -303410,8 +303998,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpexec : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/anthemtotheego/SharpExec"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2797-L2810"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2797-L2810"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "099c18601efc20cb50e7e463755ebda5898cce5d4a0253216a72018337da07f4"
 		score = 75
 		quality = 85
@@ -303433,8 +304021,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcom : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rvrsh3ll/SharpCOM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2812-L2825"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2812-L2825"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f409d4390fbf8eea8b288e02fbe75d4ecf338a239d8015511f4a9979a1e8a7df"
 		score = 75
 		quality = 85
@@ -303456,8 +304044,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Inception : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/two06/Inception"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2827-L2840"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2827-L2840"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "846dfe525380eae42905a3adfbfc56f6c0e6de8abfa4f92e5f02889448dbcc29"
 		score = 75
 		quality = 85
@@ -303480,8 +304068,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwmi_1 : FILE
 		modified = "2025-08-15"
 		old_rule_name = "HKTL_NET_GUID_sharpwmi"
 		reference = "https://github.com/QAX-A-Team/sharpwmi"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2842-L2856"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2842-L2856"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "295315b876579ee0d2eb60a44e4be643c143ec1331b155faf0ba61ab016df07f"
 		score = 75
 		quality = 85
@@ -303503,8 +304091,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2019_1064 : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/RythmStick/CVE-2019-1064"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2858-L2871"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2858-L2871"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5f72f2569d7e3c1ee6fcd742e22d56331bcbf130b9f2bbc63fbc1504c6597e57"
 		score = 75
 		quality = 85
@@ -303526,8 +304114,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Tokenvator : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xbadjuju/Tokenvator"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2873-L2886"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2873-L2886"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "45e75eee8ece293a35ac385311994cf8b23fd4f38d84bf53bd724e03ec092e4e"
 		score = 75
 		quality = 85
@@ -303549,8 +304137,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Wheresmyimplant : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xbadjuju/WheresMyImplant"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2888-L2901"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2888-L2901"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e25816823669753dc475c059320634203e9f9450c320baac3af0d6c996a17264"
 		score = 75
 		quality = 85
@@ -303572,8 +304160,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Naga : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/byt3bl33d3r/Naga"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2903-L2917"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2903-L2917"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c579546957c1b05d5fff7ad914d4b6de22ccf216bda92972abd66b0dae89895b"
 		score = 75
 		quality = 85
@@ -303596,8 +304184,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpbox : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/P1CKLES/SharpBox"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2919-L2932"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2919-L2932"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1a52663ffad8b36d8e6be74c341fb26205b9605df35530b19ab2f4a4c454eb16"
 		score = 75
 		quality = 85
@@ -303619,8 +304207,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Rundotnetdll32 : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xbadjuju/rundotnetdll32"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2934-L2947"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2934-L2947"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d0a0fa8604eaca14e2fc8545c5b008d26ef1a09f3d792b62549d76fb2d5155d1"
 		score = 75
 		quality = 85
@@ -303642,8 +304230,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Antidebug : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/malcomvetter/AntiDebug"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2949-L2962"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2949-L2962"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b665c72e191cc42307f6eecbf0a9ea9238da886e8d5d73b2d569cda2dabe2b1a"
 		score = 75
 		quality = 85
@@ -303665,8 +304253,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dinvisibleregistry : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/NVISO-BE/DInvisibleRegistry"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2964-L2977"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2964-L2977"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7703b24ca72770547d76ebfb8b94b5d13d9d7fa1c65cc8e2ffbf8eca30c1f8d0"
 		score = 75
 		quality = 85
@@ -303688,8 +304276,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Tikitorch : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/TikiTorch"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L2979-L2998"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L2979-L2998"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "394b4e7ecb7333e7d0944690276de6d942dfa949ba04d28d5576da639a5489bc"
 		score = 75
 		quality = 85
@@ -303717,8 +304305,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hivejack : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/Viralmaniar/HiveJack"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3000-L3013"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3000-L3013"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "46eb7b01deb14eb7a9e1b59f04844b442a47a5c3545fa9925448349ef50e317e"
 		score = 75
 		quality = 85
@@ -303740,8 +304328,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Decryptautologon : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/securesean/DecryptAutoLogon"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3015-L3028"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3015-L3028"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "122f265f812e81aef554c1907c8397ac4ad03ff85f53254806abe36049c9b746"
 		score = 75
 		quality = 85
@@ -303763,8 +304351,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Unstoppableservice : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/malcomvetter/UnstoppableService"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3030-L3043"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3030-L3043"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ad88047730485852c1d051f168b762da18a85242acf0850204dd5fc86b313390"
 		score = 75
 		quality = 85
@@ -303787,8 +304375,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwmi_2 : FILE
 		modified = "2025-08-15"
 		old_rule_name = "HKTL_NET_GUID_SharpWMI"
 		reference = "https://github.com/GhostPack/SharpWMI"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3045-L3059"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3045-L3059"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "968eddc046e0629fed50d77c3b6c55a6d88d4fa68f05bab77f4b43bea6ad62fc"
 		score = 75
 		quality = 85
@@ -303810,8 +304398,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ewstoolkit : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/EWSToolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3061-L3074"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3061-L3074"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d8e10bc2bc8dc0b526f919eed141660555334b97f528d3a74c5b91db05394fad"
 		score = 75
 		quality = 85
@@ -303833,8 +304421,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sweetpotato : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/CCob/SweetPotato"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3076-L3090"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3076-L3090"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "36430e0c2874aed1d86e061f9413c16bbb4527d0d04dfb8993214920083cc30a"
 		score = 75
 		quality = 85
@@ -303857,8 +304445,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Memscan : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/nccgroup/memscan"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3092-L3105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3092-L3105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9885512853fc46cc680b70ab26b40d4e51393b1f0b744565d4a4aa063cb78440"
 		score = 75
 		quality = 85
@@ -303880,8 +304468,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpstay : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xthirteen/SharpStay"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3107-L3120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3107-L3120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "91fe0fd4bea7678df8bdb0948a0952e01b6588e07836d535f5aaa3700294d838"
 		score = 75
 		quality = 85
@@ -303903,8 +304491,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharplocker : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/Pickfordmatt/SharpLocker"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3122-L3135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3122-L3135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "030b7a87042ce70c9de6031d0e03f07e508563f4ca2da4d6dc80e87f8bf483de"
 		score = 75
 		quality = 85
@@ -303926,8 +304514,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sauroneye : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/vivami/SauronEye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3137-L3151"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3137-L3151"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "feeda6aec173cb13209559dc3a156bdc3d4be6e14cbe52ffb2e1bb7bf652441a"
 		score = 75
 		quality = 85
@@ -303950,8 +304538,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sitrep : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/mdsecactivebreach/sitrep"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3153-L3166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3153-L3166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "113e3a23c3f8258707f9d0c1baa143b3599e5da10928f275fca908c3a57f76e8"
 		score = 75
 		quality = 85
@@ -303973,8 +304561,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpclipboard : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/slyd0g/SharpClipboard"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3168-L3181"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3168-L3181"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5070ae56bb7f5df31e915104ce42e18dbf86b93a327c49dabddcfbd141d468ac"
 		score = 75
 		quality = 85
@@ -303996,8 +304584,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcookiemonster : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/m0rv4i/SharpCookieMonster"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3183-L3196"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3183-L3196"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1aac6d1c4e1d28805ec7e61ee00d105795ce355dce6238981b22b6f7cf9d4e29"
 		score = 75
 		quality = 85
@@ -304019,8 +304607,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_P0Wnedshell : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3198-L3211"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3198-L3211"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7c6d8dbcd1ff31a9b34c36b4db2867f0b9e3fac98c7039d2a51bfe5a45afcc71"
 		score = 75
 		quality = 85
@@ -304042,8 +304630,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpmove : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xthirteen/SharpMove"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3213-L3226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3213-L3226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4980a9b197479b2514e12b78aa5a3bf9825772f8578d3abd219607e39af7e470"
 		score = 75
 		quality = 85
@@ -304065,8 +304653,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_C_Sharp_R_A_T_Client : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/AdvancedHacker101/C-Sharp-R.A.T-Client"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3228-L3241"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3228-L3241"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a090996b8453fb41483888f433da57340a6509221439ffd8f17e546424686c55"
 		score = 75
 		quality = 85
@@ -304088,8 +304676,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpprinter : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rvrsh3ll/SharpPrinter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3243-L3256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3243-L3256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "86eb7194039aa8bb89f77041215a3421bb35acd790aa769156298f30a124e9b3"
 		score = 75
 		quality = 85
@@ -304111,8 +304699,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Evilfoca : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/ElevenPaths/EvilFOCA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3258-L3271"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3258-L3271"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f903e2552bdb75a985065e9b78229b56c8005041cf3a75be355192684582caee"
 		score = 75
 		quality = 85
@@ -304134,8 +304722,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Poshc2_Misc : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/nettitude/PoshC2_Misc"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3273-L3287"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3273-L3287"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2ad0da62428f8412c748418b44d943a143191bbe789394ffc7b21658f87c27b9"
 		score = 75
 		quality = 85
@@ -304158,8 +304746,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpire : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xbadjuju/Sharpire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3289-L3302"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3289-L3302"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c53b3205e58257292e34526ea4fd0e0550bbdcf4039f94d268a313ae28733182"
 		score = 75
 		quality = 85
@@ -304181,8 +304769,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharp_Smbexec : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/checkymander/Sharp-SMBExec"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3304-L3317"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3304-L3317"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d6938d7492904a202e80525ff8f1b95c19bd65b1450f2f7e4271ab01f2e25a50"
 		score = 75
 		quality = 85
@@ -304204,8 +304792,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Misctools : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/MiscTools"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3319-L3336"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3319-L3336"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ffa89aeac49c1652618def1b63506915ec6a364708eb805ef2d9abe710111edf"
 		score = 75
 		quality = 85
@@ -304231,8 +304819,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Memorymapper : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/jasondrawdy/MemoryMapper"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3338-L3351"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3338-L3351"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "691aae2ac0c6dec88c64fd1195f67e34235514037c54ebd1f1ac04d92aa3bbb1"
 		score = 75
 		quality = 85
@@ -304254,8 +304842,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Vanillarat : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/DannyTheSloth/VanillaRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3353-L3367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3353-L3367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7e3dd2e631b06201fa3065ebf10c1bb258839106443228af7f07706530a3070d"
 		score = 75
 		quality = 85
@@ -304278,8 +304866,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Unmanagedpowershell : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/leechristensen/UnmanagedPowerShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3369-L3382"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3369-L3382"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "027b0dcbbacaafe6709e18a29b0c001f17f14128648cb64afdcf946804aa8796"
 		score = 75
 		quality = 85
@@ -304301,8 +304889,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Quasar : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/quasar/Quasar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3384-L3398"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3384-L3398"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "51eed0545b985c20db7aae64251a0e7513cb352f2ff76f64d7697d2767f95db2"
 		score = 75
 		quality = 85
@@ -304325,8 +304913,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpadidnsdump : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/b4rtik/SharpAdidnsdump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3400-L3413"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3400-L3413"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "edda1bb7a0a1702941fa35b38120f7e9ae64b6188a47e63a0939a864980b6281"
 		score = 75
 		quality = 85
@@ -304348,8 +304936,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dotnettojscript : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/tyranid/DotNetToJScript"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3415-L3428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3415-L3428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "07f220695607b5aa6cda9045c3bc1e434828cb5835154710969666482dbe09c4"
 		score = 75
 		quality = 85
@@ -304371,8 +304959,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Inferno : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/LimerBoy/Inferno"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3430-L3443"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3430-L3443"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6e286b28bdc490d16892926ba95227d39aebb151067896e740d497024c526c0e"
 		score = 75
 		quality = 85
@@ -304394,8 +304982,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsearch : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/SharpSearch"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3445-L3458"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3445-L3458"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1a383fd8e4ec8fa9f1fbc01bdeb3d5b1e32ec825a24c1eaad6c42e86ac682530"
 		score = 75
 		quality = 85
@@ -304417,8 +305005,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsecdump : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/G0ldenGunSec/SharpSecDump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3460-L3473"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3460-L3473"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "749130efbcdbd068bf4711cc5e4960eb97a3ae2ddadde2beb0ff707429495484"
 		score = 75
 		quality = 85
@@ -304440,8 +305028,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Net_Gpppassword : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/outflanknl/Net-GPPPassword"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3475-L3488"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3475-L3488"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "46ae3156e5428c40278b124b7206b68922f955a297077df3288722c154d09fba"
 		score = 75
 		quality = 85
@@ -304463,8 +305051,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Filesearcher : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/NVISO-BE/FileSearcher"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3490-L3503"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3490-L3503"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b72d3a7104ca7718d3d490149483a5d2d30790fb6d2b00b10c69da43c491e577"
 		score = 75
 		quality = 85
@@ -304486,8 +305074,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Adfsdump : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/fireeye/ADFSDump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3505-L3518"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3505-L3518"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3735495d2c3a0b6f9de278014d5450f3d2e78dda9c04ede614550c75a05b43d2"
 		score = 75
 		quality = 85
@@ -304509,8 +305097,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharprdp : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xthirteen/SharpRDP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3520-L3533"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3520-L3533"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "96a5d82e8d03b6242d69cbd5bca2fcc3d4403e7a51099a37dcf9091a0bd53b6e"
 		score = 75
 		quality = 85
@@ -304532,8 +305120,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcall : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/jhalon/SharpCall"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3535-L3548"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3535-L3548"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4b4a8943e4fc07f41ce87d64266fd56af9912832b688f21769f4fe5a8152703b"
 		score = 75
 		quality = 85
@@ -304555,8 +305143,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ysoserial_Net : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/pwntester/ysoserial.net"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3550-L3564"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3550-L3564"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7d775864610e2e60faa3570746aa7a689bd719b02c3a47f43a2be097e4a81c5a"
 		score = 75
 		quality = 85
@@ -304579,8 +305167,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Managedinjection : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/malcomvetter/ManagedInjection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3566-L3581"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3566-L3581"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eac722f30fea497f98d75293514e0f6f4dd17263c7377211605b1ab2f13ddf2f"
 		score = 75
 		quality = 85
@@ -304604,8 +305192,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsocks : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/nettitude/SharpSocks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3583-L3597"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3583-L3597"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "477adf09ee9d04888ee5e352c11e95f855c433588771138ebb5970cae7aa044f"
 		score = 75
 		quality = 85
@@ -304628,8 +305216,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharp_Wmiexec : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/checkymander/Sharp-WMIExec"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3599-L3612"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3599-L3612"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "df683be102decfc65209195d0d2e640985dd7e7cf040fb074fb10c8749e98614"
 		score = 75
 		quality = 85
@@ -304651,8 +305239,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Keethief : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/KeeThief"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3614-L3632"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3614-L3632"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f91aeb1862b803ae44c398a71e6c6ed0017d28206deffa39e4e0bca8faae6701"
 		score = 75
 		quality = 85
@@ -304678,8 +305266,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Fakelogonscreen : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/bitsadmin/fakelogonscreen"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3634-L3647"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3634-L3647"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "93353997e52fda3cebb03c2c63afc16ea477d3d5d4a7cf8dee26940ccffecd7a"
 		score = 75
 		quality = 85
@@ -304701,8 +305289,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Poshsecframework : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/PoshSec/PoshSecFramework"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3649-L3663"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3649-L3663"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6af81da2f23a0ad87d918e4ecb5869e8113b03e175c114e553856c4eabfacb71"
 		score = 75
 		quality = 85
@@ -304725,8 +305313,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpattack : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/jaredhaight/SharpAttack"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3665-L3678"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3665-L3678"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eb2f706a8f91c0702472663d5c5672b0e0a9afa775668706377899b36bdb684c"
 		score = 75
 		quality = 85
@@ -304748,8 +305336,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Altman : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/keepwn/Altman"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3680-L3710"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3680-L3710"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4d7046ac7a0deebb33a33995f4c2b9c6b65d4821262d55aecd8e00379ba93b00"
 		score = 75
 		quality = 85
@@ -304788,8 +305376,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Browserpass : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/jabiel/BrowserPass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3712-L3725"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3712-L3725"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ce5f5eaa71fd7358d99743e56a8518c1a852faa39c4a7d1888e0a218e9e7a8ef"
 		score = 75
 		quality = 85
@@ -304811,8 +305399,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Mythic : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/its-a-feature/Mythic"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3727-L3741"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3727-L3741"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3d3b942e110bbf181ecbda5d4b3c2f7775e8e9b4860722238fe686c36422d456"
 		score = 75
 		quality = 85
@@ -304835,8 +305423,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Nuages : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/p3nt4/Nuages"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3743-L3756"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3743-L3756"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a0d7d89449a6a21bd118ace6a7062ff8d1fa356cf2421cc8c53f2da3719e52fb"
 		score = 75
 		quality = 85
@@ -304858,8 +305446,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsniper : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/HunnicCyber/SharpSniper"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3758-L3771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3758-L3771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "52ae4a89b9cca9bee19e904617ed8c78857a9cee58d691f337fd4a736798aa1e"
 		score = 75
 		quality = 85
@@ -304881,8 +305469,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharphound3 : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/BloodHoundAD/SharpHound3"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3773-L3786"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3773-L3786"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9de8457f59133adb09df0c40ece45331ac716fd56d58bd37a40ce7f1d0a53378"
 		score = 75
 		quality = 85
@@ -304904,8 +305492,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Blocketw : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/Soledge/BlockEtw"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3788-L3801"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3788-L3801"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8953751277594d4075907e8371764d02307209a732bb05d7cfec8141e23c7765"
 		score = 75
 		quality = 85
@@ -304927,8 +305515,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwifigrabber : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/r3nhat/SharpWifiGrabber"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3803-L3816"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3803-L3816"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6984510cbc43987fee53e5b164d973f56ecdd682d9263dc7cf560ab8728769d9"
 		score = 75
 		quality = 85
@@ -304950,8 +305538,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpmapexec : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/cube0x0/SharpMapExec"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3818-L3831"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3818-L3831"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cc155390b8c739b7c96f45b79a8a078128528d6c7d070161d67484880c51a714"
 		score = 75
 		quality = 85
@@ -304973,8 +305561,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_K8Fly : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/zzwlpx/k8fly"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3833-L3846"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3833-L3846"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "99fb07cefac5572180f5f66e9ebce39b8d17c3a2acc56dd8fea426452127be5a"
 		score = 75
 		quality = 85
@@ -304996,8 +305584,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Stealer : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/malwares/Stealer"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3848-L3863"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3848-L3863"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "37f829449b4f8a9524400d9409b985fab2ff70024a88fdd96ba391956a3398e3"
 		score = 75
 		quality = 85
@@ -305021,8 +305609,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Porttran : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/k8gege/PortTran"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3865-L3879"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3865-L3879"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f8417a677e88bd923236855d6734cbf3db864c7e3ea60a1e500554fc5946f76a"
 		score = 75
 		quality = 85
@@ -305045,8 +305633,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Gray_Keylogger_2 : FILE
 		date = "2020-12-30"
 		modified = "2025-08-15"
 		reference = "https://github.com/graysuit/gray-keylogger-2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3882-L3896"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3882-L3896"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "92ab6b703064beeab4ef6811732ee76d187958bf4b16f70fa062a7a71ecfb289"
 		score = 75
 		quality = 85
@@ -305069,8 +305657,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lime_Miner : FILE
 		date = "2020-12-30"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Lime-Miner"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3898-L3911"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3898-L3911"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4b7f810efd907477736f40b9537d1ad99896e28c89bd571244256c385c387bfa"
 		score = 75
 		quality = 85
@@ -305092,8 +305680,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Blacknet : FILE
 		date = "2020-12-30"
 		modified = "2025-08-15"
 		reference = "https://github.com/BlackHacker511/BlackNET"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3913-L3929"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3913-L3929"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5e3c6e6e50888c942d541ad893b34c65f784614de7576e9a752822c433753d55"
 		score = 75
 		quality = 85
@@ -305118,8 +305706,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Plasmarat : FILE
 		date = "2020-12-30"
 		modified = "2025-08-15"
 		reference = "https://github.com/mwsrc/PlasmaRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3931-L3945"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3931-L3945"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "78d0da86cdef86b06fca37fb378297df26ca792ab6069e87c19c7b075687b07d"
 		score = 75
 		quality = 85
@@ -305142,8 +305730,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lime_RAT : FILE
 		date = "2020-12-30"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Lime-RAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3947-L3980"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3947-L3980"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eee41a29dc6b336c14abedaad767b8a0a529917bbc9096829114f302ed93f53c"
 		score = 75
 		quality = 83
@@ -305185,8 +305773,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Njrat : FILE
 		date = "2020-12-30"
 		modified = "2025-08-15"
 		reference = "https://github.com/mwsrc/njRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L3982-L4000"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L3982-L4000"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fc54c34e2d908e617781ffe8b4c5538304830cfec317ed2eab4157f72bbbf059"
 		score = 75
 		quality = 85
@@ -305213,8 +305801,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Manager : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/TheWover/Manager"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4002-L4016"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4002-L4016"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3783108ecfa26ee1a8d0ecfced9e601a41a159777d56a237ae82ad7860b45d5f"
 		score = 75
 		quality = 85
@@ -305237,8 +305825,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Neo_Confuserex : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/XenocodeRCE/neo-ConfuserEx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4018-L4031"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4018-L4031"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c916b5443d5df0d58020aec6f3576e3d9cec50fa00b764d86ec7f3a49d0a8d93"
 		score = 75
 		quality = 85
@@ -305260,8 +305848,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpallowedtoact : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/pkb1s/SharpAllowedToAct"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4033-L4046"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4033-L4046"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "688c1e5944a96b3cc40deb3c3949da0391e9dbde8c78bcc05a1f48817ae7a0d4"
 		score = 75
 		quality = 85
@@ -305283,8 +305871,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Supersqlinjectionv1 : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/shack2/SuperSQLInjectionV1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4048-L4061"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4048-L4061"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cc4d7ac59d1092c357e0c1ac23eab1618a712cf846a65097c283ef62cfcb0c7d"
 		score = 75
 		quality = 85
@@ -305306,8 +305894,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Adsearch : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/tomcarver16/ADSearch"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4063-L4076"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4063-L4076"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d925d212b9474078cb3e8694048de22e56de94b33839647c187f3254149bf4ff"
 		score = 75
 		quality = 85
@@ -305329,8 +305917,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Privilege_Escalation_Awesome_Scripts_Suite : F
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4078-L4091"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4078-L4091"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1fdaa169213f31229973956cba064128ea6d256e339a8e3eb42cc9798ddf007f"
 		score = 75
 		quality = 85
@@ -305352,8 +305940,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2020_1206_POC : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/ZecOps/CVE-2020-1206-POC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4093-L4108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4093-L4108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "26511510a1075457c8f133001fac18c8b44c997bd368b9336751bca714ec6ec3"
 		score = 75
 		quality = 85
@@ -305377,8 +305965,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dinvoke : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/TheWover/DInvoke"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4110-L4123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4110-L4123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4e7479d36ce78332d2224f16bc2f3059baa418f3035bca8b1ae1e5053dd4d3c3"
 		score = 75
 		quality = 85
@@ -305400,8 +305988,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpchisel : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/shantanu561993/SharpChisel"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4125-L4138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4125-L4138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b2efa0f3757bf93a677d1faea14a71d2e63f45de99b7c9e55a951e6c401f6bd8"
 		score = 75
 		quality = 85
@@ -305423,8 +306011,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpscribbles : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/V1V1/SharpScribbles"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4140-L4154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4140-L4154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e4cff3fb3540fa1e189c71584889d07111ccc4a340c78011213819f206631446"
 		score = 75
 		quality = 85
@@ -305447,8 +306035,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpreg : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/jnqpblc/SharpReg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4156-L4169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4156-L4169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d483e590310d69df4a0267ae3091067deb8698526dd8069862a944a6b1faed05"
 		score = 75
 		quality = 85
@@ -305470,8 +306058,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Memevm : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/TobitoFatitoRE/MemeVM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4171-L4186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4171-L4186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "88f4b9d0b3050ad676a54a58ea8f6a02fb07041db404c9d84f25fdda6ff3df4a"
 		score = 75
 		quality = 85
@@ -305495,8 +306083,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpdir : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/jnqpblc/SharpDir"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4188-L4201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4188-L4201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a98ee516931d08d82fb28749130be7d8007a8ac2935fd6007bae27820e216a92"
 		score = 75
 		quality = 85
@@ -305518,8 +306106,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Atyourservice : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/mitchmoser/AtYourService"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4203-L4216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4203-L4216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c15c466ff048af2818cf9b59794786ba6d11f70d7dee5ef5ee5f050a9b547790"
 		score = 75
 		quality = 85
@@ -305541,8 +306129,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lockless : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/LockLess"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4218-L4231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4218-L4231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "57e09a929cc90c399068fb00ddd00c462df34d285d51273aedf27220a0647a38"
 		score = 75
 		quality = 85
@@ -305564,8 +306152,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Easynet : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/TheWover/EasyNet"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4233-L4248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4233-L4248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "75f69a226391fc6da86c6995295addbefe0a7e1a9ff972f211174a845816061f"
 		score = 75
 		quality = 85
@@ -305589,8 +306177,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpbyebear : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/S3cur3Th1sSh1t/SharpByeBear"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4250-L4264"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4250-L4264"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f39d756b6e0b8f9037d862bdfa9b14fc2eeddf0eafad805892b8b02410f78c63"
 		score = 75
 		quality = 85
@@ -305613,8 +306201,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharphide : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/outflanknl/SharpHide"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4266-L4279"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4266-L4279"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "62264aafeafe98ce23e7c03ce75be750ab95d77d3523c0748bdcb2f50d0c04cb"
 		score = 75
 		quality = 85
@@ -305636,8 +306224,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsvc : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/jnqpblc/SharpSvc"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4281-L4294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4281-L4294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cb91c4cd858a49f5cf437d3d1fb173afa7fe44442d41ea8533797007003c35d4"
 		score = 75
 		quality = 85
@@ -305659,8 +306247,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcrasheventlog : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/slyd0g/SharpCrashEventLog"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4296-L4309"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4296-L4309"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f53cfa44168a3ed81370ebb61153b6fab521801ffef33ace23aa8ed3376688eb"
 		score = 75
 		quality = 85
@@ -305682,8 +306270,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dotnettojscript_Languagemodebreakout : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/FuzzySecurity/DotNetToJScript-LanguageModeBreakout"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4311-L4324"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4311-L4324"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "de83b8138f49fe6aced5d9ebe77104f780496630f35550fbf0244429a2cb4917"
 		score = 75
 		quality = 85
@@ -305705,8 +306293,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpermission : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/mitchmoser/SharPermission"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4326-L4339"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4326-L4339"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "061a7ba9fb838b59a96e480356309af0c4b02d3ba3f2e83944c8dd98b739f6b6"
 		score = 75
 		quality = 85
@@ -305728,8 +306316,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Registrystrikesback : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/mdsecactivebreach/RegistryStrikesBack"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4341-L4354"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4341-L4354"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1e2aa9ddf6cbf35cb636e35c18159468ec98eb2c30078c2a1a2a635d14599959"
 		score = 75
 		quality = 85
@@ -305751,8 +306339,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Clonevault : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/mdsecactivebreach/CloneVault"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4356-L4369"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4356-L4369"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "830802635e6fc9e364ec574bc9f04b062100c46bfbed7029f437c0392ce983bc"
 		score = 75
 		quality = 85
@@ -305774,8 +306362,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Donut : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/TheWover/donut"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4371-L4387"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4371-L4387"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aae1ca872f60ddc6919938e55d98d27bf88fb382e8d47c06cfc3d3e795ce9f2a"
 		score = 75
 		quality = 85
@@ -305800,8 +306388,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharphandler : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/jfmaes/SharpHandler"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4389-L4403"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4389-L4403"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3aee0d00306603786fdcf828dc2b1a2faed6c8e651b56eb1985c1b640966da20"
 		score = 75
 		quality = 85
@@ -305824,8 +306412,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Driver_Template : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/FuzzySecurity/Driver-Template"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4405-L4418"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4405-L4418"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6d8e59b58b7d9d15b9bbafd70a2e303e2b275f9a81fc66ea60b1ffd4a4601207"
 		score = 75
 		quality = 85
@@ -305847,8 +306435,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Nashavm : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/Mrakovic-ORG/NashaVM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4420-L4433"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4420-L4433"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b472d072c39e35c476fa9f0fbca8bf0125ca9359f2e6aac7da58f66ea1b11ed6"
 		score = 75
 		quality = 85
@@ -305870,8 +306458,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsqlpwn : FILE
 		date = "2022-11-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/lefayjey/SharpSQLPwn.git"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4435-L4448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4435-L4448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e9210d12c7a8d5973e33aa7bb559ce1c744fd7a810979bec37f95d731c3b50ac"
 		score = 75
 		quality = 85
@@ -305893,8 +306481,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Group3R : FILE
 		date = "2022-11-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/Group3r/Group3r.git"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4450-L4464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4450-L4464"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "898569553257991c3776835ec10d5fae697e55bca9c14667ff72c079a095bbf1"
 		score = 75
 		quality = 85
@@ -305917,8 +306505,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Tokenstomp : FILE
 		date = "2022-11-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/MartinIngesen/TokenStomp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4466-L4479"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4466-L4479"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "931950e70ecfd3e87e535b32bd8af43d70b36670d5e0142e2fb95ed92c85fbd9"
 		score = 75
 		quality = 85
@@ -305940,8 +306528,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Krbrelay : FILE
 		date = "2022-11-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/cube0x0/KrbRelay"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4481-L4495"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4481-L4495"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b5f8a3f6ba7ba5fa59cdc52337f92256257ec0994ae16fce074d70ad5afa3bc6"
 		score = 75
 		quality = 85
@@ -305964,8 +306552,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sqlrecon : FILE
 		date = "2023-01-20"
 		modified = "2025-08-15"
 		reference = "https://github.com/skahwah/SQLRecon"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4497-L4510"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4497-L4510"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d1cf5a34a09ed323aeee69080e2f046b613f18294328529a4cca1c49c14da575"
 		score = 75
 		quality = 85
@@ -305987,8 +306575,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Certify : FILE
 		date = "2023-03-06"
 		modified = "2025-08-11"
 		reference = "https://github.com/GhostPack/Certify"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4512-L4527"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4512-L4527"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "da585a8d4985082873cb86204d546d3f53668e034c61e42d247b11e92b5e8fc3"
 		logic_hash = "cc31eb8f11f8c48d8c6d34c343c273ac085fdac214ffc7521d26b4a19edd0c4c"
 		score = 75
@@ -306012,8 +306600,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aladdin : FILE
 		date = "2023-03-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/nettitude/Aladdin"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4529-L4544"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4529-L4544"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e038ea5b2caed819df725e454ad31ba00b2b1b356875eecd73f2b8a0908c2e33"
 		score = 75
 		quality = 85
@@ -306037,8 +306625,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpldaprelayscan : FILE
 		date = "2023-03-15"
 		modified = "2025-08-15"
 		reference = "https://github.com/klezVirus/SharpLdapRelayScan"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4546-L4559"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4546-L4559"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d0b9573ee9893225c5621d02f99f67296193d93a42390125611fe0560bc95fa9"
 		score = 75
 		quality = 85
@@ -306060,8 +306648,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ldapsigncheck : FILE
 		date = "2023-03-15"
 		modified = "2025-08-15"
 		reference = "https://github.com/cube0x0/LdapSignCheck"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4561-L4574"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4561-L4574"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ffeee319b4161611e3e792aaec2e74c8e368d69c7f5ba9738105f536590099e8"
 		score = 75
 		quality = 85
@@ -306083,8 +306671,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsccm : FILE
 		date = "2023-03-15"
 		modified = "2025-08-15"
 		reference = "https://github.com/Mayyhem/SharpSCCM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4576-L4590"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4576-L4590"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a6650a1a2ad710b85363ea04d66f2467b835bc7bd1097404238f67e07cc3f719"
 		score = 75
 		quality = 85
@@ -306107,8 +306695,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Koh : FILE
 		date = "2023-03-18"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/Koh"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4592-L4605"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4592-L4605"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dbb36a1a8f559d10152d14459509408b14f3dc52a685d81f3a3d5e936f5e2a66"
 		score = 75
 		quality = 85
@@ -306130,8 +306718,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Forgecert : FILE
 		date = "2023-03-18"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/ForgeCert"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4607-L4620"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4607-L4620"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4cb79315afc5aae2b35a1d171e8cff34304534a8970b51831568d34135e5c5e6"
 		score = 75
 		quality = 85
@@ -306153,8 +306741,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Crassus : FILE
 		date = "2023-03-18"
 		modified = "2025-08-15"
 		reference = "https://github.com/vu-ls/Crassus"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4622-L4635"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4622-L4635"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c6442a8bd4737f0a874c388c74a632bea29c0c8b8c7cc132ad4f145d7a73446b"
 		score = 75
 		quality = 85
@@ -306176,8 +306764,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Restrictedadmin : FILE
 		date = "2023-03-18"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/RestrictedAdmin"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4637-L4650"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4637-L4650"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "876d0a89429c3e504696a63056b154acacdfa44fddba23298c2432accb71dfd2"
 		score = 75
 		quality = 85
@@ -306199,8 +306787,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_P2P : FILE
 		date = "2023-03-19"
 		modified = "2025-08-15"
 		reference = "https://github.com/miroslavpejic85/p2p"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4652-L4665"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4652-L4665"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5cdbf5555f4a0dbcbd206708e8678d69ed64f20f734425becd5809396fcfa4b4"
 		score = 75
 		quality = 85
@@ -306222,8 +306810,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwsus : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/nettitude/SharpWSUS"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4667-L4680"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4667-L4680"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e42a5341d03da8b7efedb6bb71b2d908881a7b0df9101e8ad56984a3372915fe"
 		score = 75
 		quality = 85
@@ -306245,8 +306833,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpimpersonation : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/S3cur3Th1sSh1t/SharpImpersonation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4682-L4695"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4682-L4695"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1fd989607bb22f903ad85905ae4fe9f84aa429f75cedd482a318d8cb6c37af19"
 		score = 75
 		quality = 85
@@ -306268,8 +306856,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcloud : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/chrismaddalena/SharpCloud"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4697-L4710"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4697-L4710"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b57f9577edcc15aef82f4fb7ceaf33bce73ae5e9d94b33152da49663a9a8f0c9"
 		score = 75
 		quality = 85
@@ -306291,8 +306879,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpssdp : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/rvrsh3ll/SharpSSDP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4712-L4725"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4712-L4725"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3bb849d481b4db321374e084c5bc83fef683fab5f70a429d79d72988f77d8403"
 		score = 75
 		quality = 85
@@ -306314,8 +306902,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Wiretap : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/WireTap"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4727-L4740"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4727-L4740"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8dfe01e827fca5b6a2abb847b1615bf71c9d98ea7213b02aa94bb8691d085ac5"
 		score = 75
 		quality = 85
@@ -306337,8 +306925,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Kittylitter : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/KittyLitter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4742-L4757"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4742-L4757"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e0cfb39be4d51d2a929712e4f82851b9cafb46643e1403cd4ea8414624a0a2b6"
 		score = 75
 		quality = 85
@@ -306362,8 +306950,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpview : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/tevora-threat/SharpView"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4759-L4772"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4759-L4772"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b87f7c5c4d72a5d9d0f493720388f4328dc519677cc8cc218c4f0f95cc970a1e"
 		score = 75
 		quality = 85
@@ -306385,8 +306973,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Farmer : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/mdsecactivebreach/Farmer"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4774-L4790"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4774-L4790"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3e8559dd84fdc698c47acdf19a3f28fe094c96a36d645422f69ad905df5b2263"
 		score = 75
 		quality = 85
@@ -306411,8 +306999,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aesshellcodeinjector : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/san3ncrypt3d/AESShellCodeInjector"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4792-L4805"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4792-L4805"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "38858c4e5f13eea32d47178a9221a35be92c9fbb408a542a712ce9b708591e42"
 		score = 75
 		quality = 85
@@ -306434,8 +307022,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpchromium : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/SharpChromium"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4807-L4820"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4807-L4820"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f675d60987e5791550dff9cccc00109a2e30971de12c7f4c77288cf34122f7f2"
 		score = 75
 		quality = 85
@@ -306457,8 +307045,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Get_RBCD_Threaded : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/FatRodzianko/Get-RBCD-Threaded"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4822-L4835"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4822-L4835"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a3cb7097f5fd5a2e5eac5ace774ea4e7f845989ee953f5aa140b0e05f3d04380"
 		score = 75
 		quality = 85
@@ -306480,8 +307068,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Whisker : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/eladshamir/Whisker"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4837-L4850"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4837-L4850"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2d0e0436f83b5e4c4e2e7ef7237d5769a901f35b0462d5396bb5e398a72176dd"
 		score = 75
 		quality = 85
@@ -306503,8 +307091,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Shadowspray : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/Dec0ne/ShadowSpray"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4852-L4865"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4852-L4865"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d45c8c20a782dbcb80db5c990ce02f6227e40a8b6d9875b1158735c5a53d4771"
 		score = 75
 		quality = 85
@@ -306526,8 +307114,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Malsccm : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/nettitude/MalSCCM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4867-L4880"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4867-L4880"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "064835e594c8e28903e5e18aa63c8bda53e74ddb3b8eda813ac62c7677b4e3fc"
 		score = 75
 		quality = 85
@@ -306549,8 +307137,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Spoolsample : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/leechristensen/SpoolSample"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4882-L4895"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4882-L4895"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8633b34f478b3d581f9403909d2ee20e7049d3ea02ecaf4fcb5dd61909681ba4"
 		score = 75
 		quality = 85
@@ -306572,8 +307160,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpoxidresolver : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/S3cur3Th1sSh1t/SharpOxidResolver"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4897-L4910"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4897-L4910"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "168d2d817fecdb9a457af26668f6e543556901151b025d322a4cfd63106cafed"
 		score = 75
 		quality = 85
@@ -306595,8 +307183,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcat : FILE
 		date = "2023-11-30"
 		modified = "2025-08-18"
 		reference = "https://github.com/theart42/Sharpcat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4912-L4924"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4912-L4924"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "143757610d66c5d7bbba96ef810d518f38ad8ea0e924be23aa59e8c514154fe0"
 		score = 75
 		quality = 83
@@ -306618,8 +307206,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpnamedpipepth : FILE
 		date = "2023-11-30"
 		modified = "2025-08-18"
 		reference = "https://github.com/S3cur3Th1sSh1t/SharpNamedPipePTH"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4926-L4938"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4926-L4938"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "437a8a41073174e86f642717537bdeeb5343cc8683c95477a52d6801a46aac21"
 		score = 75
 		quality = 83
@@ -306641,8 +307229,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharptokenfinder : FILE
 		date = "2023-12-06"
 		modified = "2025-08-18"
 		reference = "https://github.com/HuskyHacks/SharpTokenFinder"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4940-L4952"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4940-L4952"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f9681a13b094b6e05cab69f0684d52e3bb3b465cfcdb1c83a890c9c8fda79169"
 		score = 75
 		quality = 83
@@ -306664,8 +307252,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharprodc : FILE
 		date = "2023-12-06"
 		modified = "2025-08-18"
 		reference = "https://github.com/wh0amitz/SharpRODC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4954-L4966"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4954-L4966"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3d24237804509d2bf241f7310843591608a9d7e8abb38eb324aa5909995ebfaf"
 		score = 75
 		quality = 83
@@ -306687,8 +307275,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Gmsapasswordreader : FILE
 		date = "2023-12-06"
 		modified = "2025-08-18"
 		reference = "https://github.com/rvazarkar/GMSAPasswordReader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4968-L4980"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4968-L4980"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8db260b15b8b8158e5f66268b9086b456386af017e4351025ea27b9f994e5bf5"
 		score = 75
 		quality = 83
@@ -306710,8 +307298,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsharefinder : FILE
 		date = "2023-12-19"
 		modified = "2025-08-18"
 		reference = "https://github.com/mvelazc0/SharpShareFinder"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4982-L4994"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4982-L4994"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "72b2c6c9f4da68ba8e9656ff2d9da962f9d791f031c1d7fb74d74ddd17ba49de"
 		score = 75
 		quality = 83
@@ -306733,8 +307321,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Postdump : FILE
 		date = "2023-12-19"
 		modified = "2025-08-18"
 		reference = "https://github.com/YOLOP0wn/POSTDump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_guids.yar#L4997-L5009"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_guids.yar#L4997-L5009"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e5bbef2fe7122855d7e5300ebf78631149e60b08793a4a21a4ac8b337f4bee60"
 		score = 75
 		quality = 83
@@ -306756,8 +307344,8 @@ rule SIGNATURE_BASE_Mimipenguin_SH
 		date = "2017-04-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/huntergregal/mimipenguin"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimipenguin.yar#L8-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimipenguin.yar#L8-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5d9827e7adfe667a4a46e23854cac3b63949abcde5709045f0fe65e7b5704265"
 		score = 75
 		quality = 85
@@ -306781,8 +307369,8 @@ rule SIGNATURE_BASE_Mimipenguin_1 : FILE
 		date = "2017-07-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/huntergregal/mimipenguin"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimipenguin.yar#L34-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimipenguin.yar#L34-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "60a7b64eee9e2adfbc65fb5762f18e2abc4a35f9368ad704754870b5e8311391"
 		score = 75
 		quality = 85
@@ -306808,8 +307396,8 @@ rule SIGNATURE_BASE_Mimipenguin_2 : FILE
 		date = "2017-07-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/huntergregal/mimipenguin"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimipenguin.yar#L52-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimipenguin.yar#L52-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "53a1f47ef9c94ef6bffbc9d7b9f3a8e0a7fb132c0936ea27e6be775cf99792a0"
 		score = 75
 		quality = 85
@@ -306836,8 +307424,8 @@ rule SIGNATURE_BASE_Mal_Lockbit4_Rc4_Win_Feb24 : FILE
 		date = "2024-02-13"
 		modified = "2025-03-20"
 		reference = "https://0x0d4y.blog/lockbit4-0-evasion-tales/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lockbit4_rc4_win_feb24.yar#L1-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lockbit4_rc4_win_feb24.yar#L1-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "062311f136d83f64497fd81297360cd4"
 		logic_hash = "85e8087f875c45ce39b7014fc0737dc86f1e18d4643fdbb0a80d18feff774680"
 		score = 100
@@ -306863,8 +307451,8 @@ rule SIGNATURE_BASE_NTLM_Dump_Output
 		date = "2015-10-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/generic_dumps.yar#L17-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/generic_dumps.yar#L17-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "154de926d27d38b38a4ed2c14b9122213fd1deb4115ef3bb77366db0818c7572"
 		score = 75
 		quality = 85
@@ -306887,8 +307475,8 @@ rule SIGNATURE_BASE_Gsecdump_Password_Dump_File : FILE
 		date = "2018-03-06"
 		modified = "2023-12-05"
 		reference = "https://t.co/OLIj1yVJ4m"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/generic_dumps.yar#L32-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/generic_dumps.yar#L32-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "483ad5217cbc065bd2f791c473b9a2455fddc4e0123268a8d37c64d92dd78c43"
 		score = 65
 		quality = 85
@@ -306910,8 +307498,8 @@ rule SIGNATURE_BASE_SUSP_ZIP_Ntdsdit : T1003_003 FILE
 		date = "2020-08-10"
 		modified = "2023-12-05"
 		reference = "https://pentestlab.blog/2018/07/04/dumping-domain-password-hashes/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/generic_dumps.yar#L47-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/generic_dumps.yar#L47-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "371e30f50d96c884bd55ffc10d049d0ada881304746564a99dec0e8efad87602"
 		score = 50
 		quality = 85
@@ -306932,8 +307520,8 @@ rule SIGNATURE_BASE_Poseidongroup_Malware : FILE
 		date = "2016-02-09"
 		modified = "2023-01-27"
 		reference = "https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_poseidon_group.yar#L8-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_poseidon_group.yar#L8-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "315d540f2d2cb7b55e1a069cef8dd2eeceabcea4a428b33cf520a0f23d3819ea"
 		score = 85
 		quality = 85
@@ -306979,8 +307567,8 @@ rule SIGNATURE_BASE_Poseidongroup_Maldoc_1 : FILE
 		date = "2016-02-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_poseidon_group.yar#L50-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_poseidon_group.yar#L50-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0983526d7f0640e5765ded6be6c9e64869172a02c20023f8a006396ff358999b"
 		logic_hash = "0d8c255f56bb33b6a720c98727127c07a2d77245b18da381706a40339bebd20b"
 		score = 80
@@ -307003,8 +307591,8 @@ rule SIGNATURE_BASE_Poseidongroup_Maldoc_2 : FILE
 		date = "2016-02-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_poseidon_group.yar#L66-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_poseidon_group.yar#L66-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2c35077a4980336a2c50cade322861dc02f92f7617115420eebe7c882c2f620b"
 		score = 70
 		quality = 85
@@ -307036,8 +307624,8 @@ rule SIGNATURE_BASE_HKTL_EXPL_WIN_PS1_Badsuccessor_May25 : FILE
 		date = "2025-05-22"
 		modified = "2025-05-22"
 		reference = "https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/hktl_badsuccessor_helper_may25.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/hktl_badsuccessor_helper_may25.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a023bced4aec2b2c601088367766f42a3fcf36053c7eb92985cc7468c7cd6cb0"
 		score = 75
 		quality = 85
@@ -307060,8 +307648,8 @@ rule SIGNATURE_BASE_Invoke_Smbexec : FILE
 		date = "2017-06-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Kevin-Robertson/Invoke-TheHash"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_invoke_thehash.yar#L12-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_invoke_thehash.yar#L12-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cc9feb7d4eadfc470aabf18d82c884f454ebcdd37f3ca6b0ee4b3634cd9e33ae"
 		score = 75
 		quality = 85
@@ -307088,8 +307676,8 @@ rule SIGNATURE_BASE_Invoke_Wmiexec_Gen_1
 		date = "2017-06-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Kevin-Robertson/Invoke-TheHash"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_invoke_thehash.yar#L32-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_invoke_thehash.yar#L32-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "12aeba5255527a337c49f1c4d1dc506a13ea02da69a8fc509c77bcb07c2135c8"
 		score = 75
 		quality = 85
@@ -307118,8 +307706,8 @@ rule SIGNATURE_BASE_Invoke_Smbexec_Invoke_Wmiexec_1
 		date = "2017-06-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Kevin-Robertson/Invoke-TheHash"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_invoke_thehash.yar#L53-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_invoke_thehash.yar#L53-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "feb2973cd7e2c221cd91ec543f1d943cf1b5d5d18fe74c8f7e58341f76f95b51"
 		score = 75
 		quality = 85
@@ -307146,8 +307734,8 @@ rule SIGNATURE_BASE_Invoke_Wmiexec_Gen
 		date = "2017-06-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Kevin-Robertson/Invoke-TheHash"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_invoke_thehash.yar#L72-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_invoke_thehash.yar#L72-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1ee79b7ea576adb71bde903756cda7af22e55eee9c4c3964cc9edc8930083fa2"
 		score = 75
 		quality = 85
@@ -307175,8 +307763,8 @@ rule SIGNATURE_BASE_EXPL_LOG_Cacti_Commandinjection_CVE_2022_46169_Dec22_1 : CVE
 		date = "2022-12-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cve_2022_46169_cacti.yar#L1-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cve_2022_46169_cacti.yar#L1-L13"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6ccd3b830deb5c5d65519274c4c528203a2a14a177382334da87e288174e2cfe"
 		score = 70
 		quality = 60
@@ -307197,8 +307785,8 @@ rule SIGNATURE_BASE_APT_MAL_CISA_10365227_03_Clientuploader_Dec21 : FILE
 		date = "2021-12-23"
 		modified = "2021-12-24"
 		reference = "https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-277a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stealer_cisa_ar22_277a.yar#L4-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stealer_cisa_ar22_277a.yar#L4-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "76f552b2416ae2426b73a321485f34a611c2a3c1ca35791bc9f1834072dc28be"
 		score = 80
 		quality = 85
@@ -307225,8 +307813,8 @@ rule SIGNATURE_BASE_APT_MAL_CISA_10365227_01_APPSTORAGE_Dec21 : APPSTORAGE FILE
 		date = "2021-12-23"
 		modified = "2021-12-24"
 		reference = "https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-277a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stealer_cisa_ar22_277a.yar#L25-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stealer_cisa_ar22_277a.yar#L25-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6a46bc4efa1f22d9fc65d946dbaa7b94de6074e65c228373bb6001f152d5b603"
 		score = 80
 		quality = 85
@@ -307255,8 +307843,8 @@ rule SIGNATURE_BASE_APT_MAL_CISA_10365227_02_Clientuploader_Dec21 : FILE
 		date = "2021-12-23"
 		modified = "2021-12-24"
 		reference = "https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-277a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stealer_cisa_ar22_277a.yar#L48-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stealer_cisa_ar22_277a.yar#L48-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f9f82b4577568d0bd60bac0d3132ed7ffcb338f508a8689f3126f3d2440432ef"
 		score = 80
 		quality = 81
@@ -307283,8 +307871,8 @@ rule SIGNATURE_BASE_Cobaltgang_PDF_Metadata_Rev_A
 		date = "2018-10-25"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/10/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cobalt_gang_pdf.yar#L1-L12"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cobalt_gang_pdf.yar#L1-L12"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8020ccff761b49d98e18cd5cb3c0695956a88e86a0958bfba1a19b7e3e629bb9"
 		score = 75
 		quality = 85
@@ -307306,8 +307894,8 @@ rule SIGNATURE_BASE_Kaspermalware_Oct17_1 : FILE
 		date = "2017-10-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_kasper_oct17.yar#L13-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_kasper_oct17.yar#L13-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "15758407fb3039f1453f13d579d7df9525645e4717078f6b1fa482ab335e3a56"
 		score = 75
 		quality = 85
@@ -307331,8 +307919,8 @@ rule SIGNATURE_BASE_APT_MAL_DNS_Hijacking_Campaign_AA19_024A : FILE
 		date = "2019-01-25"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/AA19-024A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_aa19_024a.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_aa19_024a.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8e9ec132df6cf6a89f6694682292feec0f3a762c2df6b1dc8180d9ab68e7183b"
 		score = 75
 		quality = 85
@@ -307359,8 +307947,8 @@ rule SIGNATURE_BASE_SUSP_MAL_EXFIL_Stealer_Output_Characteristics_Sep22_1 : FILE
 		date = "2022-09-17"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1570965878480719873"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_stealer_exfil_zip.yar#L2-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_stealer_exfil_zip.yar#L2-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "197bb4b837cdd635f9340547b10a90c3a2a17f0113076c5ccbc0a91b7ae18eeb"
 		score = 70
 		quality = 85
@@ -307395,8 +307983,8 @@ rule SIGNATURE_BASE_MAL_XMR_Miner_May19_1 : HIGHVOL FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_nansh0u.yar#L15-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_nansh0u.yar#L15-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "85a65fd2355850b7f5261ad41091e181562938356ba3dae7d867f7ac8922a16e"
 		score = 85
 		quality = 85
@@ -307422,8 +308010,8 @@ rule SIGNATURE_BASE_HKTL_CN_Prochook_May19_1 : FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_nansh0u.yar#L38-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_nansh0u.yar#L38-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "de55990c130702a05e96ee769707a81ce0ec58a515d75a9a99b20265ce3db682"
 		score = 75
 		quality = 85
@@ -307442,8 +308030,8 @@ rule SIGNATURE_BASE_SUSP_PDB_CN_Threat_Actor_May19_1 : FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_nansh0u.yar#L52-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_nansh0u.yar#L52-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "adcfe3d4bc6fcaf6be4f70c91fb2150bfa2d61f1ba84f96a0bf0c39ed0380b6a"
 		score = 65
 		quality = 85
@@ -307466,8 +308054,8 @@ rule SIGNATURE_BASE_MAL_Ramnit_May19_1 : FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_nansh0u.yar#L67-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_nansh0u.yar#L67-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "51d574f457c37eba3c29f869e03244b9471be6f6c8319aa0ddfad34be748eb53"
 		score = 75
 		quality = 85
@@ -307486,8 +308074,8 @@ rule SIGNATURE_BASE_MAL_Parite_Malware_May19_1 : FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_nansh0u.yar#L80-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_nansh0u.yar#L80-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b458b05178f18be1e936c1b42bbd91c739f288570fca759b85f1bb143899f1a8"
 		score = 80
 		quality = 85
@@ -307516,8 +308104,8 @@ rule SIGNATURE_BASE_MAL_Parite_Malware_May19_2 : FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_nansh0u.yar#L102-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_nansh0u.yar#L102-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "060a26ed6679b7038f1a89385220ad9112d3102023ea9d141332077f79bbe728"
 		score = 75
 		quality = 85
@@ -307539,8 +308127,8 @@ rule SIGNATURE_BASE_EXPL_Strings_CVE_POC_May19_1 : FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_nansh0u.yar#L120-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_nansh0u.yar#L120-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b470e9f5716130d810e519abb8d4e1058b5a806d59ddae53a40cac5597fbb874"
 		score = 80
 		quality = 85
@@ -307565,8 +308153,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Oct16_A : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_malware_set_oct16.yar#L10-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_malware_set_oct16.yar#L10-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d71e6640be1b10790d49c084b9ba248e35a6a56dfe9c5a3f219a209024ebec27"
 		score = 80
 		quality = 85
@@ -307604,8 +308192,8 @@ rule SIGNATURE_BASE_Sality_Malware_Oct16 : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_malware_set_oct16.yar#L48-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_malware_set_oct16.yar#L48-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5bf14bbb0a7298a7bc896029c4b92ef9adf24307e4d05dcf86a518b266d1c2a8"
 		score = 80
 		quality = 85
@@ -307629,8 +308217,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Oct16_C : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_malware_set_oct16.yar#L65-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_malware_set_oct16.yar#L65-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1f212ef700e77c82954d997beef1157835da38330b583d02df418e10b6c182ee"
 		score = 80
 		quality = 85
@@ -307654,8 +308242,8 @@ rule SIGNATURE_BASE_Bladabindi_Malware_B64 : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_malware_set_oct16.yar#L91-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_malware_set_oct16.yar#L91-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "081a6361e29fc231f1467b837c51a39b8cccf8caa20844b22d469ce2bbd0c7fb"
 		score = 75
 		quality = 85
@@ -307682,8 +308270,8 @@ rule SIGNATURE_BASE_Dorkbot_Injector_Malware : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_malware_set_oct16.yar#L110-L129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_malware_set_oct16.yar#L110-L129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "36138520b0d39dc311b8e9355d1d1c215908a5fe1c01eec76c689f7e74a84303"
 		score = 75
 		quality = 85
@@ -307712,8 +308300,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Oct16_D : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_malware_set_oct16.yar#L131-L150"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_malware_set_oct16.yar#L131-L150"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "78cde422987d2aff64967b86b6cf9279c112a2bfb713a2ea40fe952379d2e326"
 		score = 75
 		quality = 85
@@ -307741,8 +308329,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Oct16_E : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_malware_set_oct16.yar#L152-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_malware_set_oct16.yar#L152-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2040a8cee840560a5aa6065df17206c0313d85b2d11ce482baab05c492360f35"
 		score = 75
 		quality = 85
@@ -307768,8 +308356,8 @@ rule SIGNATURE_BASE_Pupy_Backdoor : FILE
 		date = "2017-08-11"
 		modified = "2023-12-05"
 		reference = "https://github.com/n1nj4sec/pupy-binaries"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_pupy_rat.yar#L13-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_pupy_rat.yar#L13-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0b12376c9cddc71f584314b07fb29fac189349b526c6d5028f475fa3984401ae"
 		score = 75
 		quality = 85
@@ -307808,8 +308396,8 @@ rule SIGNATURE_BASE_Hkdoor_Backdoor_Dll : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hkdoor.yar#L11-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hkdoor.yar#L11-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "77901d1f2d6c53161c79b50ef20eeb424bf1b8b32906302ca10f3c4b82a58e2a"
 		score = 75
 		quality = 85
@@ -307834,8 +308422,8 @@ rule SIGNATURE_BASE_Hkdoor_Backdoor : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hkdoor.yar#L32-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hkdoor.yar#L32-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3fc71c971bf0908e044e3e0ec3f266b8dfaae33bcfbf1b10619375fc7b5e7f5e"
 		score = 75
 		quality = 85
@@ -307864,8 +308452,8 @@ rule SIGNATURE_BASE_Hkdoor_Dropper : FILE
 		date = "2018-01-01"
 		modified = "2023-01-07"
 		reference = "https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hkdoor.yar#L53-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hkdoor.yar#L53-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "521836ff95142d276152687f7c36e8f503f168f101976022431efd13a6adf7e4"
 		score = 75
 		quality = 85
@@ -307893,8 +308481,8 @@ rule SIGNATURE_BASE_Hkdoor_Driver : FILE
 		date = "2018-01-01"
 		modified = "2023-01-07"
 		reference = "https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hkdoor.yar#L81-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hkdoor.yar#L81-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "68ac505d67af5361f096529697e621c83a4628f21c213fcea6652905f87ebe00"
 		score = 75
 		quality = 83
@@ -307919,8 +308507,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Csharp
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e77fcd2ac0c21db54563b15466962a775a5e8ef73cedb3af5cd00d5b0d615e4c"
 		score = 75
 		quality = 85
@@ -307948,8 +308536,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Powershell_Dropper
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L24-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L24-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "19f56e69685ae8c13b9dd884f8322915835c16e2c6313f01f9fa447218419108"
 		score = 75
 		quality = 85
@@ -307972,8 +308560,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Powershell_B64Encoded
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L40-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L40-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bcf9a75dbbf90044db76c56ffd07971d4252b0e75d73abf402ca4fadbfb59767"
 		score = 75
 		quality = 85
@@ -307994,11 +308582,11 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Py
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L54-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L54-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9b6eba750c96501aae1d86eef458d3e80de665efc7ce9d5aff842bc44363bad2"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = ""
 
 	strings:
@@ -308025,8 +308613,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Py_B64Encoded
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L77-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L77-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "279fb27637d9b62b484283f778215d042de9fb83110a233e048452e921c540ee"
 		score = 75
 		quality = 85
@@ -308047,8 +308635,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Keylogger_Py
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L91-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L91-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2dc2ce153d559d795f302f5ca4a9ef9e6e5c54762472e38e6f4a26ef8a28a184"
 		score = 75
 		quality = 85
@@ -308073,8 +308661,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Keylogger_File
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L109-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L109-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6d2d677b69eaf31843e8352bfe040c9e5a8d423d17900e022b769d28789f2d98"
 		score = 75
 		quality = 85
@@ -308095,8 +308683,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Xserver_Csharp
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L123-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L123-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1201ee45df78cf3aec4b4bbb59cb7e4a70af6928895bb7c968ef02075a963405"
 		score = 75
 		quality = 85
@@ -308123,8 +308711,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Xserver_Powershell_B64Encoded
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L143-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L143-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "77315f0fc8387fa87892fc8fcea1f6e8a95560049aaa9a87519859020d0a7a3e"
 		score = 75
 		quality = 85
@@ -308146,8 +308734,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Xserver_Powershell_Dropper
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L157-L168"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L157-L168"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "640c9e52f3cf3df4e954177624e6fba4bab80a2c9442b718fe90e8577dafbbd6"
 		score = 75
 		quality = 85
@@ -308168,8 +308756,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Injector_Bin
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L170-L193"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L170-L193"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c8cd4e3c87c6d80b39069f7a94e512e3f7b739c21f6fd70c2a79829c5a04f32f"
 		score = 75
 		quality = 85
@@ -308201,8 +308789,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Timeliner_Bin
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L195-L213"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L195-L213"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c3a8cddc34134faaab93ee0df0086604e4a7b031530dd65e2e8dab705483305b"
 		score = 75
 		quality = 85
@@ -308229,8 +308817,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Checkadmin_Bin
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L215-L232"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L215-L232"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "784ec960ce2733aebc404ee5c09bb852eb45553ad167db292d05b82feedbd5a6"
 		score = 75
 		quality = 85
@@ -308256,8 +308844,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Getos_Py
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L234-L295"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L234-L295"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2535c01b703c0fcba43e771832db8cd969e4a4b112ef28e4ddfeac6491ba604c"
 		score = 75
 		quality = 85
@@ -308320,8 +308908,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Info_Vbs
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L297-L316"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L297-L316"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e37f8768c7920b8c3d9fdd6bb3a4e748c47a6c06a8aaed01655355ef3d8c3457"
 		score = 75
 		quality = 85
@@ -308349,8 +308937,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Webshell_Console_Jsp
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L318-L335"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L318-L335"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e70c15ef10b63a011edbcedc773a8e2917fd915c3ecc273c3bf2b78eb10fc570"
 		score = 75
 		quality = 85
@@ -308376,8 +308964,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Webshell_Index_Jsp
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L337-L353"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L337-L353"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "870dad9fb5456f8edbd9f3c2d0b8764cf1143399626ce4df53c93919bcb1a0cb"
 		score = 75
 		quality = 85
@@ -308402,8 +308990,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Webshell_Ver_Jsp
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L355-L372"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L355-L372"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ada6de4b07a76e79bb17793cda2b51f96554a35992a73f59c360487638ae3be3"
 		score = 75
 		quality = 85
@@ -308429,8 +309017,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Webshell_Webinfo
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_op_wocao.yar#L374-L394"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_op_wocao.yar#L374-L394"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "711737a56067f24f422cc7d5aeba4389741fe18a0e66f2715fce626c3b6aef19"
 		score = 75
 		quality = 85
@@ -308458,8 +309046,8 @@ rule SIGNATURE_BASE_Crunchrat : FILE
 		date = "2017-11-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/t3ntman/CrunchRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_crunchrat.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_crunchrat.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e29cfe6dd2ca69b1a8cd0cb36f7513dd9befd392906225196991dc62fcc80870"
 		score = 75
 		quality = 85
@@ -308489,8 +309077,8 @@ rule SIGNATURE_BASE_Win_Privesc_Gp3Finder_V4_0 : FILE
 		date = "2016-06-02"
 		modified = "2023-12-05"
 		reference = "http://grimhacker.com/2015/04/10/gp3finder-group-policy-preference-password-finder/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_win_privesc.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_win_privesc.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7d5618315ae5293ce1aea18d255d08bb007f39a466021fb636605684433da158"
 		score = 80
 		quality = 60
@@ -308515,8 +309103,8 @@ rule SIGNATURE_BASE_Win_Privesc_Folderperm
 		date = "2016-06-02"
 		modified = "2023-12-05"
 		reference = "http://www.greyhathacker.net/?p=738"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_win_privesc.yar#L28-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_win_privesc.yar#L28-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "899fda75e4c6d9f588767e5170dbd30241a492ba89f7cc1b0ad4adb2fcd173cb"
 		score = 80
 		quality = 85
@@ -308541,8 +309129,8 @@ rule SIGNATURE_BASE_Win_Privesc_Adaclscan4_3
 		date = "2016-06-02"
 		modified = "2023-12-05"
 		reference = "https://adaclscan.codeplex.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_win_privesc.yar#L46-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_win_privesc.yar#L46-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ca657e5c4172d240f46a890fc112ee89d5bdf9e35e7d412332ee11bdaf166215"
 		score = 60
 		quality = 85
@@ -308568,8 +309156,8 @@ rule SIGNATURE_BASE_APT_Darkhydrus_Jul18_1 : FILE
 		date = "2018-07-28"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_darkhydrus.yar#L13-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_darkhydrus.yar#L13-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2c39f2e6b37e6422984275f45a2917891c3b482d137dbbfd6293088c2f2dacc3"
 		score = 75
 		quality = 85
@@ -308592,8 +309180,8 @@ rule SIGNATURE_BASE_APT_Darkhydrus_Jul18_2 : FILE
 		date = "2018-07-28"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_darkhydrus.yar#L31-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_darkhydrus.yar#L31-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e967fec69ad1cbb46a63ee520594e7d6f2445a400510a9864dbd6d4c6e092737"
 		score = 75
 		quality = 85
@@ -308621,8 +309209,8 @@ rule SIGNATURE_BASE_APT_Darkhydrus_Jul18_3 : FILE
 		date = "2018-07-28"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_darkhydrus.yar#L50-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_darkhydrus.yar#L50-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0f3425322846e6064ec2576ad4e73061fbec3e4400de54d05fe07b8ad2a31f92"
 		score = 75
 		quality = 85
@@ -308647,8 +309235,8 @@ rule SIGNATURE_BASE_HKTL_Unlicensed_Cobaltstrike_EICAR_Jul18_5 : FILE
 		date = "2018-07-28"
 		modified = "2021-06-17"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_darkhydrus.yar#L69-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_darkhydrus.yar#L69-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d066f22e01f9ca3a33c669552046a5ab8dd9e579236974b1c468ba9644498951"
 		score = 75
 		quality = 85
@@ -308673,8 +309261,8 @@ rule SIGNATURE_BASE_Crime_Win64_Backdoor_Bazarbackdoor1 : FILE
 		date = "2020-04-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/pancak3lullz/status/1252303608747565057"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_bazarbackdoor.yar#L1-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_bazarbackdoor.yar#L1-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "becb6ebc3a1be061b4f602cc188b172f59bfb6342605af68d8b38009d589f57e"
 		score = 75
 		quality = 85
@@ -308698,8 +309286,8 @@ rule SIGNATURE_BASE_Ce_Enfal_Cmstar_Debug_Msg : FILE
 		date = "2015-05-10"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/JucrP9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_cmstar.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_cmstar.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9b9cc7e2a2481b0472721e6b87f1eba4faf2d419d1e2c115a91ab7e7e6fc7f7c"
 		logic_hash = "31251b7ce33eb561aeb7405514df83dc1e00fdf184e3deeaa48505407d9567a0"
 		score = 75
@@ -308727,8 +309315,8 @@ rule SIGNATURE_BASE_VULN_PHP_Hack_Backdoored_Zlib_Zerodium_Mar21_1 : FILE
 		date = "2021-03-29"
 		modified = "2023-12-05"
 		reference = "https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vul_php_zlib_backdoor.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vul_php_zlib_backdoor.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "74bfd9e12cb7671cde953d361a2adeb9388edd9b2aab0f9ce04dce0d433561dc"
 		score = 75
 		quality = 85
@@ -308750,8 +309338,8 @@ rule SIGNATURE_BASE_EXPL_CVE_2021_40444_Document_Rels_XML : CVE_2021_40444 FILE
 		date = "2021-09-10"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/AlteredBytes/status/1435811407249952772"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cve_2021_40444.yar#L6-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cve_2021_40444.yar#L6-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b05c3b33c3cab2c9109d808ed197758bc987f07beee77e1f61094715e0c1a1e7"
 		score = 75
 		quality = 85
@@ -308776,8 +309364,8 @@ rule SIGNATURE_BASE_EXPL_MAL_Maldoc_OBFUSCT_MHTML_Sep21_1 : CVE_2021_40444 FILE
 		date = "2021-09-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/decalage2/status/1438946225190014984?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cve_2021_40444.yar#L27-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cve_2021_40444.yar#L27-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "84674acffba5101c8ac518019a9afe2a78a675ef3525a44dceddeed8a0092c69"
 		logic_hash = "11a73572970d2d85d308330119a2c5243f2848ae78a861decdb0cdbde0d9d1c2"
 		score = 90
@@ -308800,13 +309388,13 @@ rule SIGNATURE_BASE_EXPL_XML_Encoded_CVE_2021_40444 : CVE_2021_40444 FILE
 		date = "2021-09-18"
 		modified = "2021-09-19"
 		reference = "https://twitter.com/sudosev/status/1439205606129377282"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cve_2021_40444.yar#L44-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cve_2021_40444.yar#L44-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "13de9f39b1ad232e704b5e0b5051800fcd844e9f661185ace8287a23e9b3868e"
 		hash = "84674acffba5101c8ac518019a9afe2a78a675ef3525a44dceddeed8a0092c69"
 		logic_hash = "feaeadd8e7e262f191ea0c2f85377531208262e5ac19d6706703e62cf8b4ec90"
 		score = 70
-		quality = 60
+		quality = 85
 		tags = "CVE-2021-40444, FILE"
 
 	strings:
@@ -308826,8 +309414,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_Indiators_XML_Officedoc_Sep21_1 : WINDOWS CVE FI
 		date = "2021-09-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/sudosev/status/1439205606129377282"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cve_2021_40444.yar#L64-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cve_2021_40444.yar#L64-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "13de9f39b1ad232e704b5e0b5051800fcd844e9f661185ace8287a23e9b3868e"
 		hash = "84674acffba5101c8ac518019a9afe2a78a675ef3525a44dceddeed8a0092c69"
 		logic_hash = "fc8f0dd02460ab8f8cc6717c66eba51e6ed74881a48e92fd0bf978467dfb40e3"
@@ -308852,8 +309440,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_Indiators_XML_Officedoc_Sep21_2 : WINDOWS CVE FI
 		date = "2021-09-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/sudosev/status/1439205606129377282"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cve_2021_40444.yar#L83-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cve_2021_40444.yar#L83-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "82c70e0f0b72a57302e5853cc53ae18dbb0bc8dabdfd27b473a7664b2fc5e874"
 		score = 65
 		quality = 85
@@ -308877,11 +309465,11 @@ rule SIGNATURE_BASE_Trojan_ISMRAT_Gen : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/february/ism-rat/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ism_rat.yar#L9-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ism_rat.yar#L9-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c4d26f79b8110e92a5e427de303eca6eaf79765a4c9cc437864dc5160ef2e343"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		hash1 = "146a112cb01cd4b8e06d36304f6bdf7b"
 		hash2 = "fa3dbe37108b752c38bf5870b5862ce5"
@@ -308905,8 +309493,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Notable_Strings : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_cyclops_blink.yar#L6-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_cyclops_blink.yar#L6-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fdd3a1de9d178370fcc66dbca4628d7bedfbc002bca9e463e11cb444302900ea"
 		score = 75
 		quality = 85
@@ -308940,8 +309528,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Module_Initialisation : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_cyclops_blink.yar#L39-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_cyclops_blink.yar#L39-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8bde37f642cf07e323beabaacd5c62f8422b451777fc1fc4a6bdf474db49de12"
 		score = 75
 		quality = 85
@@ -308965,8 +309553,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Modified_Install_Upgrade : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_cyclops_blink.yar#L57-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_cyclops_blink.yar#L57-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "69b89dbaf3e2661f376ff1be7c19e96c82bf84fd572fea422c109f8afdd1e5aa"
 		score = 75
 		quality = 85
@@ -308999,8 +309587,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Core_Command_Check : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_cyclops_blink.yar#L90-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_cyclops_blink.yar#L90-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "71c9da1f0e9e64be87293c985f2a4a59a6c87ffd127ce5104ebe95a0ccb316af"
 		score = 50
 		quality = 85
@@ -309023,8 +309611,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Config_Identifiers : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_cyclops_blink.yar#L106-L126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_cyclops_blink.yar#L106-L126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6fa39442d717a69dd6f31a4bb2e5865c3f16156ce24a2b419d95ed751bb0d8ee"
 		score = 75
 		quality = 85
@@ -309049,8 +309637,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Handle_Mod_0Xf_Command : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_cyclops_blink.yar#L128-L150"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_cyclops_blink.yar#L128-L150"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6e3eebe404c8cd24e1e16eb3c881b1eda78ba6b365bf89c2557329e6f89396ac"
 		score = 75
 		quality = 85
@@ -309077,8 +309665,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Default_Config_Values : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_cyclops_blink.yar#L152-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_cyclops_blink.yar#L152-L174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "180993057c110c0c0327b673c6d6e251534012de51cf6475838691e0942a1aa8"
 		score = 75
 		quality = 85
@@ -309105,8 +309693,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Handle_Mod_0X51_Command : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_cyclops_blink.yar#L176-L200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_cyclops_blink.yar#L176-L200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8a68f4a5f5b7a45819e9a198881aa41b75a65181b63788c8b824b339bfd6fc67"
 		score = 75
 		quality = 85
@@ -309135,11 +309723,11 @@ rule SIGNATURE_BASE_EXPL_CVE_2021_31166_Accept_Encoding_May21_1 : CVE_2021_31166
 		date = "2021-05-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/0vercl0k/CVE-2021-31166"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2021_31166.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2021_31166.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5bb5b4093a7abe9d4297a4c047803b92f7c08f56f15b0f7bd163203ae47e026d"
 		score = 70
-		quality = 60
+		quality = 85
 		tags = "CVE-2021-31166"
 
 	strings:
@@ -309157,8 +309745,8 @@ rule SIGNATURE_BASE_Whosthere_Alt : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passthehashtoolkit.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passthehashtoolkit.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9b4c3691872ca5adf6d312b04190c6e14dd9cbe10e94c0dd3ee874f82db897de"
 		logic_hash = "ef7bccb8f63034b885cfaec27663c9b038cd9b1811b4f25a9eae28640dac248b"
 		score = 80
@@ -309188,8 +309776,8 @@ rule SIGNATURE_BASE_Iam_Alt_Iam_Alt : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passthehashtoolkit.yar#L33-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passthehashtoolkit.yar#L33-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2ea662ef58142d9e340553ce50d95c1b7a405672acdfd476403a565bdd0cfb90"
 		logic_hash = "acd4dae57e8394d4ce2f3dfb44706ea35c3d684ab34fd0c707b6aeedd816280a"
 		score = 80
@@ -309219,8 +309807,8 @@ rule SIGNATURE_BASE_Genhash_Genhash : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passthehashtoolkit.yar#L56-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passthehashtoolkit.yar#L56-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "113df11063f8634f0d2a28e0b0e3c2b1f952ef95bad217fd46abff189be5373f"
 		logic_hash = "fe1ebe7ea94351610e0042eab020d155cbab26d790477909467c9b5a827fb6d6"
 		score = 80
@@ -309247,8 +309835,8 @@ rule SIGNATURE_BASE_Iam_Iamdll : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passthehashtoolkit.yar#L76-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passthehashtoolkit.yar#L76-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "892de92f71941f7b9e550de00a57767beb7abe1171562e29428b84988cee6602"
 		logic_hash = "ef7c66d2e1204a43921b6701812ea8a7bfa8e39e24d9396c95b725a4a4171010"
 		score = 80
@@ -309273,8 +309861,8 @@ rule SIGNATURE_BASE_Iam_Iam : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passthehashtoolkit.yar#L94-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passthehashtoolkit.yar#L94-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8a8fcce649259f1b670bb1d996f0d06f6649baa8eed60db79b2c16ad22d14231"
 		logic_hash = "f170f6f71b81a674a269ddd441c77a43afbbfe2870e1d0c4101abd2e58bff0b0"
 		score = 80
@@ -309303,8 +309891,8 @@ rule SIGNATURE_BASE_Whosthere_Alt_Pth : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passthehashtoolkit.yar#L116-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passthehashtoolkit.yar#L116-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fbfc8e1bc69348721f06e96ff76ae92f3551f33ed3868808efdb670430ae8bd0"
 		logic_hash = "137b0dae105f97b5d4352d16e52144e72306e61be57c5d93df77ad3f5808018e"
 		score = 80
@@ -309331,8 +309919,8 @@ rule SIGNATURE_BASE_Whosthere : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_passthehashtoolkit.yar#L136-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_passthehashtoolkit.yar#L136-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d7a82204d3e511cf5af58eabdd6e9757c5dd243f9aca3999dc0e5d1603b1fa37"
 		logic_hash = "a13c8a1fc66381b040d6449fe9655191d7a1762da0dc70789cd497fb68fb2a55"
 		score = 80
@@ -309360,8 +309948,8 @@ rule SIGNATURE_BASE_SUSP_PS1_Msdt_Execution_May22 : CVE_2022_30190 FILE
 		date = "2022-05-31"
 		modified = "2025-03-21"
 		reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_doc_follina.yar#L2-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_doc_follina.yar#L2-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9b8a061de4210d23e58b5190a300ee331273fc98f357156a0bb1d79f9f2b49b1"
 		score = 65
 		quality = 85
@@ -309395,8 +309983,8 @@ rule SIGNATURE_BASE_SUSP_Doc_Wordxmlrels_May22 : CVE_2022_30190 FILE
 		date = "2022-05-30"
 		modified = "2022-06-20"
 		reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_doc_follina.yar#L38-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_doc_follina.yar#L38-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "62f262d180a5a48f89be19369a8425bec596bc6a02ed23100424930791ae3df0"
 		logic_hash = "c9846f8c2c1724792de14ab4de0064f951a8faaf01cc27d873e600f29d59c842"
 		score = 70
@@ -309423,8 +310011,8 @@ rule SIGNATURE_BASE_SUSP_Doc_RTF_Externalresource_May22 : CVE_2022_30190 FILE
 		date = "2022-05-30"
 		modified = "2022-05-31"
 		reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_doc_follina.yar#L62-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_doc_follina.yar#L62-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c841e0c1ff78bf8dade5f573a7452b16a7f447cfc19417704b727684a8f3d3ff"
 		score = 70
 		quality = 85
@@ -309446,11 +310034,11 @@ rule SIGNATURE_BASE_EXPL_Follina_CVE_2022_30190_Msdt_Msprotocoluri_May22 : CVE_2
 		date = "2022-05-30"
 		modified = "2022-07-18"
 		reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_doc_follina.yar#L80-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_doc_follina.yar#L80-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d56820737951f97606749c74025589e6a8ecbe70cfff069492368b2ba8528a7d"
 		score = 80
-		quality = 60
+		quality = 85
 		tags = "CVE-2022-30190, FILE"
 		hash1 = "4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784"
 		hash2 = "778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07"
@@ -309471,8 +310059,8 @@ rule SIGNATURE_BASE_SUSP_Doc_RTF_Ole2Link_Jun22 : FILE
 		date = "2022-06-01"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_doc_follina.yar#L100-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_doc_follina.yar#L100-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4abc20e5130b59639e20bd6b8ad759af18eb284f46e99a5cc6b4f16f09456a68"
 		logic_hash = "36cb711399197c694ac4fa4fd49cd5d587a830e152a138c81851b8e16301803d"
 		score = 75
@@ -309504,8 +310092,8 @@ rule SIGNATURE_BASE_SUSP_Doc_RTF_Ole2Link_EMAIL_Jun22 : FILE
 		date = "2022-06-01"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_doc_follina.yar#L133-L192"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_doc_follina.yar#L133-L192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4abc20e5130b59639e20bd6b8ad759af18eb284f46e99a5cc6b4f16f09456a68"
 		logic_hash = "fcbb3e32762f8c67b5b226e8095b767d630f8c118521a82fc22f9a3cc272b794"
 		score = 75
@@ -309559,8 +310147,8 @@ rule SIGNATURE_BASE_SUSP_DOC_RTF_Externalresource_EMAIL_Jun22 : CVE_2022_30190 F
 		date = "2022-06-01"
 		modified = "2025-03-21"
 		reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_doc_follina.yar#L194-L220"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_doc_follina.yar#L194-L220"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "73e76bd80f77640c0d8d47ebb7903eb9cc23336fbe653e7d008cae6a0de7c45b"
 		score = 70
 		quality = 85
@@ -309589,8 +310177,8 @@ rule SIGNATURE_BASE_SUSP_Msdt_Artefact_Jun22_2 : CVE_2022_30190 FILE
 		date = "2022-06-01"
 		modified = "2022-07-29"
 		reference = "https://twitter.com/nas_bench/status/1531718490494844928"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_doc_follina.yar#L222-L241"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_doc_follina.yar#L222-L241"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e18f6405f0411128335336e65dda4ed2b6be6e9ad47b94646ececf0479fbe967"
 		score = 75
 		quality = 85
@@ -309614,8 +310202,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Follina_Jun22 : CVE_2022_30190 FILE
 		date = "2022-06-02"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/gossithedog/status/1531650897905950727"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_doc_follina.yar#L243-L261"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_doc_follina.yar#L243-L261"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0b63bb266b968987b2b5a83c9429e96acbd57e12178e4f5fd5894b23d1aaa237"
 		score = 75
 		quality = 85
@@ -309639,8 +310227,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Suspicious_Folders_Jan25 : FILE
 		date = "2025-01-24"
 		modified = "2025-03-20"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mixed_open_source_export.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mixed_open_source_export.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "776adb706e165389d0abdf8d6f719f6db1ec6d2f3d9d96e1c4a5f2b55e482c31"
 		score = 65
 		quality = 85
@@ -309662,8 +310250,8 @@ rule SIGNATURE_BASE_MAL_ME_Rawdisk_Agent_Jan20_1 : FILE
 		date = "2020-01-02"
 		modified = "2022-12-21"
 		reference = "Saudi National Cybersecurity Authority - Destructive Attack DUSTMAN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dustman.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dustman.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "90345b8358d72b6616c6277222fb1091cb3a88b844391ac3766e7d1ee1192fbe"
 		score = 65
 		quality = 85
@@ -309692,8 +310280,8 @@ rule SIGNATURE_BASE_MAL_ME_Rawdisk_Agent_Jan20_2 : FILE
 		date = "2020-01-02"
 		modified = "2022-12-21"
 		reference = "https://twitter.com/jfslowik/status/1212501454549741568?s=09"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dustman.yar#L26-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dustman.yar#L26-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "73e4a88b749e3b2654e9021290932d2e556c29cfa772785b23bebad9f3a3f90a"
 		score = 65
 		quality = 85
@@ -309723,8 +310311,8 @@ rule SIGNATURE_BASE_APT_MAL_RU_WIN_Snake_Malware_May23_1 : MEMORY
 		date = "2023-05-10"
 		modified = "2025-03-21"
 		reference = "https://media.defense.gov/2023/May/09/2003218554/-1/-1/0/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_mal_ru_snake_may23.yar#L17-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_mal_ru_snake_may23.yar#L17-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7cff7152259bb17a9b72b91f0fbef220aad2f35a1d2758d7225316a9896bf845"
 		score = 70
 		quality = 71
@@ -309754,8 +310342,8 @@ rule SIGNATURE_BASE_APT_MAL_RU_Snake_Indicators_May23_1
 		date = "2023-05-10"
 		modified = "2025-03-21"
 		reference = "https://media.defense.gov/2023/May/09/2003218554/-1/-1/0/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_mal_ru_snake_may23.yar#L45-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_mal_ru_snake_may23.yar#L45-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cb7a4ad2ee0868f17b6235f070e4c03e2394e3c252253f334b29ad26116b09e5"
 		score = 85
 		quality = 35
@@ -309799,8 +310387,8 @@ rule SIGNATURE_BASE_STUXSHOP_Config
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://medium.com/chronicle-blog/who-is-gossipgirl-3b4170f846c0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stuxshop.yar#L2-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stuxshop.yar#L2-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579"
 		logic_hash = "9dd57f8b4e25a53dcf54dc75a1bb26675c7dd04dbb4d96286bcc0a6527a21782"
 		score = 75
@@ -309833,8 +310421,8 @@ rule SIGNATURE_BASE_STUXSHOP_Oscheck
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stuxshop.yar#L32-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stuxshop.yar#L32-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579"
 		logic_hash = "3dca26e622289c2d244e3af035e892455a47daa67dbe0c6fad29d9f7403cbc6b"
 		score = 75
@@ -309861,8 +310449,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Metasploitpayload : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L10-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L10-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1399818f71544245a7b689a7eb4da794b10814590e4c5f545fc28237ffa3d0f6"
 		score = 75
 		quality = 85
@@ -309886,8 +310474,8 @@ rule SIGNATURE_BASE_Empire_Exploit_Jenkins : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L26-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L26-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "caf65814a1aeb0e14ec6430f7d5692b9c090bdc0d453566f0b0abd703f74bac7"
 		score = 75
 		quality = 85
@@ -309912,8 +310500,8 @@ rule SIGNATURE_BASE_Empire_Get_Securitypackages : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L43-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L43-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2d63fdcc6713d2f7645b16cf3e79a6e951c7751a10bfa0e2853def47ea9547d2"
 		score = 75
 		quality = 85
@@ -309937,8 +310525,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Powerdump : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L59-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L59-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e460d015be54a88d0eb5741a9c32cf6d7a410e0beb5356402af0dd19d1b4c6f2"
 		score = 75
 		quality = 85
@@ -309963,8 +310551,8 @@ rule SIGNATURE_BASE_Empire_Install_SSP : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L76-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L76-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bf0966d0141d4606983f267face635ef5fddbc73282f02f0a0ae6fcf89f2e6dc"
 		score = 75
 		quality = 85
@@ -309987,8 +310575,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Shellcodemsil : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L91-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L91-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eb556fb8b558145e7e981ab3c3ccfb2656512498b917c705e53bc5b9f3650155"
 		score = 75
 		quality = 85
@@ -310014,8 +310602,8 @@ rule SIGNATURE_BASE_HKTL_Empire_Powerup : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L109-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L109-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d55674866a1a14d4f4c2b5529e47e005ca4b433383bf112af6da41d7f84afdb7"
 		score = 75
 		quality = 85
@@ -310038,8 +310626,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Mimikatz_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L124-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L124-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a28297025b9b0178ab437996ffd3e0c28526f1edaf61db659093fe41a356cf40"
 		score = 75
 		quality = 85
@@ -310063,8 +310651,8 @@ rule SIGNATURE_BASE_Empire_Get_Gpppassword : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L140-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L140-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c879e50805e8b89fc8f3a7c7da2c8e906c89f210ab74194daca6b0ba2d312ba"
 		score = 75
 		quality = 85
@@ -310089,8 +310677,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Smbscanner : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L157-L171"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L157-L171"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5feb32dd0fc5271256dc4a088b9b02b591dbe584759db7ee4f5a6c99f42c3c0c"
 		score = 75
 		quality = 85
@@ -310114,8 +310702,8 @@ rule SIGNATURE_BASE_Empire_Exploit_Jboss : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L173-L190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L173-L190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a0eef14c3966745a0f2b7eb404eed122a11eea2fb82884ebd2087b3ab90bff93"
 		score = 75
 		quality = 85
@@ -310142,8 +310730,8 @@ rule SIGNATURE_BASE_Empire_Dumpcredstore : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L192-L207"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L192-L207"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7136920e531d7ab621e743c5c89c0d817fe453108878e3c808814ca48ad57fb3"
 		score = 75
 		quality = 85
@@ -310168,8 +310756,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Egresscheck : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L209-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L209-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "693564e0bd98ebd03cd433d8ba1003051a5cf6b1f0c05d3c5a4682e6d667327e"
 		score = 75
 		quality = 85
@@ -310192,8 +310780,8 @@ rule SIGNATURE_BASE_Empire_Reflectivepick_X64_Orig : FILE
 		date = "2016-11-05"
 		modified = "2022-12-21"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L224-L240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L224-L240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a87c5f1da9c490887cba5e9837ca40ac92b63d8c36b682f4be770ac061b5acdf"
 		score = 75
 		quality = 85
@@ -310217,8 +310805,8 @@ rule SIGNATURE_BASE_Empire_Out_Minidump : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L242-L256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L242-L256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7ce4ac95ac942a2ad758b1d9034e6ec50d25d195ba1c2ae95a90a7490708e485"
 		score = 75
 		quality = 85
@@ -310242,8 +310830,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Psexec : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L258-L273"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L258-L273"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "86af63a3be5b4940966932b129edbe4cca5ac1a31d120ba44fdca739e9c97ad4"
 		score = 75
 		quality = 85
@@ -310268,8 +310856,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Postexfil : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L275-L289"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L275-L289"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "74602d1c4986e6392df8845e0ed713499aa3b93c64e9d68e95f9dbaf60fe4299"
 		score = 75
 		quality = 85
@@ -310293,8 +310881,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Smbautobrute : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L291-L305"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L291-L305"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dd87a5d3a710017953c8c19862e4daee25de0e57175cab8246eea6d067fcb4d1"
 		score = 75
 		quality = 85
@@ -310318,8 +310906,8 @@ rule SIGNATURE_BASE_Empire_Get_Keystrokes : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L307-L320"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L307-L320"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "710e1bbf517c6683bd3082786e605cb8e6a52460f9c96609610e5ab38800dc79"
 		score = 75
 		quality = 85
@@ -310342,8 +310930,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Dllinjection : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L322-L335"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L322-L335"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "450ca96dd7c80275d7e4eaf07a7229e27530c373b8d79af5be8f4a741daef448"
 		score = 75
 		quality = 85
@@ -310366,8 +310954,8 @@ rule SIGNATURE_BASE_Empire_Keepassconfig : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L337-L350"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L337-L350"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "044c8a326ee6cc74a918e6c28100032bfd2fb396ddab8683ab11e00f9370ab2a"
 		score = 75
 		quality = 85
@@ -310390,8 +310978,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Sshcommand : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L352-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L352-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3749c3d58335cb08bff66fe3126fc4977261576a9fbedbd7da673e3921364850"
 		score = 75
 		quality = 85
@@ -310416,8 +311004,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen1 : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L371-L390"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L371-L390"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "074423d30c5ef419d1ca9433477d8a896086cec84eb939270ce51d3965b6b1a2"
 		score = 75
 		quality = 85
@@ -310446,8 +311034,8 @@ rule SIGNATURE_BASE_Empire_Powerup_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L392-L407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L392-L407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4086b057b46cac85bb871d2d4363d4ae4c99a160e5c9625e4d41e3df55fece2d"
 		score = 75
 		quality = 85
@@ -310472,8 +311060,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen2 : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L409-L428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L409-L428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e3cb63d0c3278ee4d04cb4b1d6ebe817fb3da97d25e2581f95bd43ecd5142b30"
 		score = 75
 		quality = 85
@@ -310502,8 +311090,8 @@ rule SIGNATURE_BASE_Empire_Agent_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L430-L447"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L430-L447"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ed8aee7ac6c1d93b21cc1aa5c3c18df1566692c63a010715a3aae65e18fffa60"
 		score = 75
 		quality = 85
@@ -310530,8 +311118,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen3 : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L449-L467"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L449-L467"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "933fe27c54e90806a21082b4d2e4cbb3491374e48834a64c0d6a520c537d145e"
 		score = 75
 		quality = 85
@@ -310559,8 +311147,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Inveighrelay_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L469-L484"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L469-L484"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "183a0afa9233e380471ddfa8f85e6c6555d69c785c9a4e8791e19432b6849558"
 		score = 75
 		quality = 85
@@ -310585,8 +311173,8 @@ rule SIGNATURE_BASE_Empire_Keepassconfig_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L486-L500"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L486-L500"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "986f299d2b6e2ec47acae09d8a25b6c45caf83c964208c594433308cd11ad264"
 		score = 75
 		quality = 85
@@ -310610,8 +311198,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Portscan_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L502-L517"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L502-L517"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "05e786dc42ee5ec56197803577d104595ad6554e028b7633b2f7fdf55a63e27c"
 		score = 75
 		quality = 85
@@ -310636,8 +311224,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen4 : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L519-L545"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L519-L545"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "314574a463f9cc772702d5e3358f5280b2805298fedb89c14786518a4832d63b"
 		score = 75
 		quality = 85
@@ -310673,8 +311261,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Credentialinjection_Invoke_Mimikatz_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L547-L563"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L547-L563"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3210b4407c3209a20d74c8c5af66077cc9b902912ae49253883b7acd87eef1f9"
 		score = 75
 		quality = 60
@@ -310700,8 +311288,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L565-L582"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L565-L582"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "11d00ea1f40d34cfd3417db337a01eca39b0e77049f74f0c591cd1d388a8d194"
 		score = 75
 		quality = 85
@@ -310728,8 +311316,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen5 : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_empire.yar#L584-L601"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_empire.yar#L584-L601"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "115fffabb09ed00ab46c6f980c3a7727070a303cafa900cc1ce04e3999b6b70e"
 		score = 75
 		quality = 85
@@ -310756,8 +311344,8 @@ rule SIGNATURE_BASE_WEBSHELL_PAS_Webshell : FILE
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_centreon.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_centreon.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "977ee0fdf0e92ccea6b71fea7b2c7aed2965c6966d8af86230ccb0f95b286694"
 		score = 70
 		quality = 85
@@ -310783,8 +311371,8 @@ rule SIGNATURE_BASE_WEBSHELL_PAS_Webshell_Ziparchivefile
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_centreon.yar#L30-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_centreon.yar#L30-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c15e7022f45ec211ba635d6cd31bab16f4fb0d3038fb19d5765e0f751c14a826"
 		score = 80
 		quality = 85
@@ -310805,8 +311393,8 @@ rule SIGNATURE_BASE_WEBSHELL_PAS_Webshell_Perlnetworkscript : FILE
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_centreon.yar#L44-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_centreon.yar#L44-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b170c07a005e737c8069f2cc63f869d4d3ff6593b3bfca5bcaf02d7808da6852"
 		score = 90
 		quality = 85
@@ -310831,8 +311419,8 @@ rule SIGNATURE_BASE_WEBSHELL_PAS_Webshell_Sqldumpfile
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_centreon.yar#L64-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_centreon.yar#L64-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c34abcada22fdf462fd66cc2da18ab9e54215defc6f7a7a95b5a80d1155a2ffe"
 		score = 90
 		quality = 85
@@ -310853,8 +311441,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Configuration_Key
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_centreon.yar#L78-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_centreon.yar#L78-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "056503a2c240a641cd2292a30ab1090e3a358cb4d57dca83b836ecb1bc62ed6b"
 		score = 80
 		quality = 85
@@ -310875,8 +311463,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Configuration_Name_Encrypted
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_centreon.yar#L92-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_centreon.yar#L92-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f65d59381403534a2c2f39d66c7c62bf1540eafc9aad1ad73de1809e91c42446"
 		score = 80
 		quality = 85
@@ -310897,8 +311485,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Configuration_File_Plaintext
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_centreon.yar#L106-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_centreon.yar#L106-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "536327d5216372a3fd2f4dad0a21be2778ce2930212daf0a8628ecbdab49b46e"
 		score = 80
 		quality = 60
@@ -310919,8 +311507,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Configuration_File_Ciphertext
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_centreon.yar#L120-L132"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_centreon.yar#L120-L132"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9dc7ee5b0a218a2b5be652e137fa090c944c3ddb0f699f521a72896668210813"
 		score = 80
 		quality = 85
@@ -310941,8 +311529,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Socket_Path
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_centreon.yar#L134-L146"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_centreon.yar#L134-L146"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8c049b5a7b508ca0f160d166f3c726e4a23a2c5b3105d075d7bf7a301a1c58f6"
 		score = 80
 		quality = 85
@@ -310963,8 +311551,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Task_Names
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_centreon.yar#L148-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_centreon.yar#L148-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "193482da1e2b9509fa9c65d46edc56057f7b5d44b7408d918d4a9cbb60736dab"
 		score = 80
 		quality = 85
@@ -310992,8 +311580,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Struct
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_centreon.yar#L169-L185"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_centreon.yar#L169-L185"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "312d0598fa85837f94023036468fcae50e8b2de532430a944befa8090afe79f6"
 		score = 80
 		quality = 85
@@ -311018,8 +311606,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Strings_Typo
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_centreon.yar#L187-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_centreon.yar#L187-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "65e6de743eb9fc742674c7e54eef8a376963a6fd4380bacd03fe6f92d4235920"
 		score = 80
 		quality = 85
@@ -311043,8 +311631,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Strings
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_centreon.yar#L204-L232"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_centreon.yar#L204-L232"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9d2790e60184ed973b2735263d0a997f32af0beacc9ea8ef65926fe6507011d5"
 		score = 80
 		quality = 85
@@ -311077,8 +311665,8 @@ rule SIGNATURE_BASE_MAL_WIPER_Unknown_Jun25 : FILE
 		date = "2025-06-19"
 		modified = "2025-07-01"
 		reference = "https://x.com/cyb3rops/status/1935707307805134975"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_wipers_jun25.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_wipers_jun25.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "64569f65814d63e55ea938e3dd9bd359da4597328887bdacf37bb5545ea32424"
 		score = 75
 		quality = 35
@@ -311102,8 +311690,8 @@ rule SIGNATURE_BASE_SUSP_LNX_SH_Disk_Wiper_Script_Jun25 : FILE
 		date = "2025-06-19"
 		modified = "2025-07-01"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_wipers_jun25.yar#L23-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_wipers_jun25.yar#L23-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "99a0a393c2a636c10195c7ad85f3b282a30ba05fbc0f0db7fc04b0f79fbc6760"
 		score = 65
 		quality = 85
@@ -311127,8 +311715,8 @@ rule SIGNATURE_BASE_SUSP_PY_Pyinstaller_Swiper_Jun25 : FILE
 		date = "2025-06-19"
 		modified = "2025-07-01"
 		reference = "https://x.com/cyb3rops/status/1935707307805134975"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_wipers_jun25.yar#L41-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_wipers_jun25.yar#L41-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "824bdda031336b2d9a60b09bfa36e68a2e03159b217c9c25dd708df454144e1e"
 		score = 65
 		quality = 85
@@ -311153,8 +311741,8 @@ rule SIGNATURE_BASE_APT_MAL_IR_Druidfly_Wiper_Jun25 : FILE
 		date = "2025-06-21"
 		modified = "2025-07-01"
 		reference = "https://x.com/threatintel/status/1936049254432231444"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_wipers_jun25.yar#L61-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_wipers_jun25.yar#L61-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9d3872506b03ea03a2c3cd7304c6b2d9dfafa04a29e19dc9be4924eaaa5db2d6"
 		score = 80
 		quality = 85
@@ -311182,8 +311770,8 @@ rule SIGNATURE_BASE_Goldeneye_Ransomware_XLS : FILE
 		date = "2016-12-06"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/jp2SkT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_goldeneye.yar#L10-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_goldeneye.yar#L10-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "827c1d1c0f9c3ebd77413de7e1db5e29d05f2ece6676c79a79f6c1ff2788f42b"
 		score = 75
 		quality = 85
@@ -311207,8 +311795,8 @@ rule SIGNATURE_BASE_Goldeneyeransomware_Dropper_Malformedzoomit : FILE
 		date = "2016-12-06"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/jp2SkT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_goldeneye.yar#L26-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_goldeneye.yar#L26-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c18405a272c9210973e3184b8267306919cba8795b12d5982a9e3e8f748f9782"
 		score = 75
 		quality = 85
@@ -311233,8 +311821,8 @@ rule SIGNATURE_BASE_APT_Donotteam_Ytyframework : APT DONOTTEAM WINDOWS FILE
 		date = "2018-08-03"
 		modified = "2023-12-05"
 		reference = "https://labs.bitdefender.com/2017/09/ehdevel-the-story-of-a-continuously-improving-advanced-threat-creation-toolkit/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_donotteam_ytyframework.yar#L3-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_donotteam_ytyframework.yar#L3-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1e0c1b97925e1ed90562d2c68971e038d8506b354dd6c1d2bcc252d2a48bc31c"
 		logic_hash = "8e2841fd4550f12d88fb451a893f1ba41f0d3c123d9c195fe97366202376ef61"
 		score = 75
@@ -311277,8 +311865,8 @@ rule SIGNATURE_BASE_VUL_Jquery_Fileupload_CVE_2018_9206 : CVE_2018_9206
 		date = "2018-10-19"
 		modified = "2023-12-05"
 		reference = "https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vul_jquery_fileupload_cve_2018_9206.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vul_jquery_fileupload_cve_2018_9206.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ef7cc13130c60ece346802cb6efec96065f84407fb84b89703628fdf32c0ee53"
 		score = 75
 		quality = 85
@@ -311301,8 +311889,8 @@ rule SIGNATURE_BASE_HKTL_FRP_Apr20_1
 		date = "2020-04-07"
 		modified = "2022-11-03"
 		reference = "https://github.com/fatedier/frp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_frp_proxy.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_frp_proxy.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "21f91fd99aed8b62d804504889c41ca77567fd345cf4ea0ef00161eefa9324a7"
 		score = 70
 		quality = 85
@@ -311329,8 +311917,8 @@ rule SIGNATURE_BASE_HKTL_FRP_INI_Apr20_1 : FILE
 		date = "2020-04-07"
 		modified = "2023-12-05"
 		reference = "Chinese Hacktools OpenDir"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_frp_proxy.yar#L24-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_frp_proxy.yar#L24-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cc997dc876d7a49292b62a0fb4ff12b34dacacfd8a1b90226d6a9aee303cacdf"
 		score = 60
 		quality = 85
@@ -311357,8 +311945,8 @@ rule SIGNATURE_BASE_Visualdiscovery_Lonovo_Superfish_SSL_Hijack : FILE
 		date = "2015-02-19"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/4nc4p/status/568325493558272000"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/threat_lenovo_superfish.yar#L4-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/threat_lenovo_superfish.yar#L4-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0f156a51dccafe32467b64251507928b1c7a1b04595063aa66aa69da6c4cc4fc"
 		score = 75
 		quality = 85
@@ -311386,8 +311974,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Cudacrt : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "www.kudelskisecurity.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sphinx_moth.yar#L9-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sphinx_moth.yar#L9-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ae7ff3d5ffd29de80ce5dcccde9af04d2537a279fe35f6e94257d59a462ba6a0"
 		score = 75
 		quality = 85
@@ -311413,8 +312001,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_H2T : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "www.kudelskisecurity.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sphinx_moth.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sphinx_moth.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7aca260d415de84cf432b18385db6a9768a036e3bd0a9aa8ded4a1bfcad26d0c"
 		score = 75
 		quality = 85
@@ -311440,8 +312028,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Iastor32 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "www.kudelskisecurity.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sphinx_moth.yar#L47-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sphinx_moth.yar#L47-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "056949677654a88fb430c988939006dacfefdabbe12824936a01e5aabbb73441"
 		score = 75
 		quality = 85
@@ -311463,8 +312051,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Kerberos32 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "www.kudelskisecurity.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sphinx_moth.yar#L61-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sphinx_moth.yar#L61-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5b672c9b9b0ffffd8f243832ea217bfc10b08026c71d297ee1047ca999fb829c"
 		score = 75
 		quality = 85
@@ -311497,8 +312085,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Kerberos64 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "www.kudelskisecurity.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sphinx_moth.yar#L87-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sphinx_moth.yar#L87-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "13aeb72fcd0f5fd6e73464a90787c756c50569f9eae48945e4ff90d8f9073585"
 		score = 75
 		quality = 85
@@ -311525,8 +312113,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Nvcplex : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "www.kudelskisecurity.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sphinx_moth.yar#L106-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sphinx_moth.yar#L106-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2f851c0ab8c4a426b00addfbe0da7ceebb08e93014efcb11d64247d14fec909b"
 		score = 75
 		quality = 85
@@ -311550,8 +312138,8 @@ rule SIGNATURE_BASE_HKTL_Sentinelone_Remotepotato0_Privesc : FILE
 		date = "2021-04-26"
 		modified = "2023-12-05"
 		reference = "https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_remote_potato0.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_remote_potato0.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f3a3a917908af6260f40b217f966750a095140abb6bf85cf3a728725bc16996f"
 		score = 75
 		quality = 79
@@ -311576,11 +312164,11 @@ rule SIGNATURE_BASE_Office_OLE_DDE : FILE
 		date = "2017-10-12"
 		modified = "2023-12-05"
 		reference = "https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_dde_in_office_docs.yar#L48-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_dde_in_office_docs.yar#L48-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2d2f7dce166dc8ef8aba7e8eaafaf4d1bb34cdc1ce97d34125a65147cf5e08ac"
 		score = 50
-		quality = 35
+		quality = 60
 		tags = "FILE"
 
 	strings:
@@ -311600,8 +312188,8 @@ rule SIGNATURE_BASE_APT_Malware_Commentcrew_Miniasp : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_miniasp.yar#L2-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_miniasp.yar#L2-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f382dd802f0332c99b1d33cf1dcd99ba7fad344a381152ebadfb69bc74c4e58f"
 		score = 75
 		quality = 85
@@ -311642,8 +312230,8 @@ rule SIGNATURE_BASE_VULN_Dell_BIOS_Update_Driver_Dbutil_May21 : CVE_2021_21551 F
 		date = "2021-05-05"
 		modified = "2023-12-05"
 		reference = "https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vul_dell_bios_upd_driver.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vul_dell_bios_upd_driver.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9cefb9fe28e818a3b0bc1c9ac570ddf2fac7ebf23408963656b7ec86d5bf3224"
 		score = 60
 		quality = 85
@@ -311669,8 +312257,8 @@ rule SIGNATURE_BASE_Gen_Excel_Xll_Addin_Suspicious : FILE
 		date = "2020-10-16"
 		modified = "2023-12-05"
 		reference = "https://gist.github.com/ryhanson/227229866af52e2d963cf941af135a52"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_excel_xll_addin_suspicious.yar#L3-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_excel_xll_addin_suspicious.yar#L3-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d8c3f00ef05b0b84e4c4d655d01eab6f6e67714619695fd1433726e5a940e530"
 		score = 65
 		quality = 85
@@ -311707,8 +312295,8 @@ rule SIGNATURE_BASE_Invoke_Osiris : FILE
 		date = "2017-03-27"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_ps_osiris.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_ps_osiris.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9a93308d6595de647a96716df0799ec690d91b2fb87e0b4a2f47e6b8b52eed97"
 		score = 70
 		quality = 85
@@ -311732,8 +312320,8 @@ rule SIGNATURE_BASE_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_tradingtech_apr23.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_tradingtech_apr23.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4fe1a1b09344cd84f981b193b480d23807893b59ad781868d82089a7306c042f"
 		score = 85
 		quality = 85
@@ -311757,8 +312345,8 @@ rule SIGNATURE_BASE_SUSP_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23
 		date = "2023-04-20"
 		modified = "2023-04-21"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_tradingtech_apr23.yar#L19-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_tradingtech_apr23.yar#L19-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ccb482a7634dc24fde03b5730bf28a9e028f8d5a9ad46ba9663d1b520264d8f4"
 		score = 75
 		quality = 85
@@ -311782,8 +312370,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_1 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_tradingtech_apr23.yar#L37-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_tradingtech_apr23.yar#L37-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "439a201e6a44a00a31fd13efc83a1acf858a52201e3ab48d5cf095bae1e48cf7"
 		score = 75
 		quality = 85
@@ -311810,8 +312398,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_2 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_tradingtech_apr23.yar#L57-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_tradingtech_apr23.yar#L57-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "62f74faa8f136f4dc63a4b703cffcb97b438cc4f180d5d127d1fc4b86d3cd1d1"
 		score = 75
 		quality = 85
@@ -311839,8 +312427,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_3 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_tradingtech_apr23.yar#L78-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_tradingtech_apr23.yar#L78-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c6441c961dcad0fe127514a918eaabd4"
 		logic_hash = "2109340edfb1891baef5bd92ba3c9da77f891341de9e8094060a649de62fade2"
 		score = 75
@@ -311867,8 +312455,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_4 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_tradingtech_apr23.yar#L98-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_tradingtech_apr23.yar#L98-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2a875c39a43ff054ed5a6cf2fa1f17c2adc189452582763db8ceddfa652abfbf"
 		score = 75
 		quality = 85
@@ -311897,8 +312485,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_5 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_tradingtech_apr23.yar#L120-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_tradingtech_apr23.yar#L120-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5d43b8198ad224bee8d290dd7031d73f76a7d957a2e3b44d89e7aaf5f2c94c65"
 		score = 75
 		quality = 85
@@ -311930,8 +312518,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_6 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_tradingtech_apr23.yar#L145-L164"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_tradingtech_apr23.yar#L145-L164"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d3b1e5f7a6b73fc4cdc5abe19a412130cde33c2d52c0ad78256b865e018e3794"
 		score = 75
 		quality = 85
@@ -311960,8 +312548,8 @@ rule SIGNATURE_BASE_SUSP_NK_MAL_M_Hunting_POOLRAT
 		modified = "2023-12-05"
 		old_rule_name = "APT_NK_MAL_M_Hunting_POOLRAT"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_tradingtech_apr23.yar#L166-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_tradingtech_apr23.yar#L166-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ac8db844a9c4ed961930417809afb706ea948c4509a4be1eaeed77f09c86069d"
 		score = 70
 		quality = 83
@@ -311988,8 +312576,8 @@ rule SIGNATURE_BASE_APT_NK_Tradingtech_Forensicartifacts_Apr23_1 : FILE
 		date = "2023-04-20"
 		modified = "2023-04-21"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_tradingtech_apr23.yar#L204-L225"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_tradingtech_apr23.yar#L204-L225"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "50329427e56b70335a12f0dde87a36ac95838377482eebab334d252332fe481b"
 		score = 60
 		quality = 85
@@ -312016,8 +312604,8 @@ rule SIGNATURE_BASE_SUSP_TH_APT_UNC4736_Tradingtech_Cert_Apr23_1
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_tradingtech_apr23.yar#L227-L242"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_tradingtech_apr23.yar#L227-L242"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "47941828b3c18ed39eddacbc73e147651a9bd48e1a0f7b9847ff1d4c6fea6afd"
 		score = 65
 		quality = 85
@@ -312040,8 +312628,8 @@ rule SIGNATURE_BASE_MAL_Ransomware_Germanwiper : FILE
 		date = "2019-08-05"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/r3c0nst/status/1158326526766657538"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_germanwiper.yar#L1-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_germanwiper.yar#L1-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dcb4f91006a893149a60e9708efb9de809f75c810bddfd2d90c8f6fffa0879ea"
 		score = 75
 		quality = 85
@@ -312073,8 +312661,8 @@ rule SIGNATURE_BASE_SUSP_Email_Suspicious_Onenote_Attachment_Jan23_1 : FILE
 		date = "2023-01-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_onenote_phish.yar#L2-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_onenote_phish.yar#L2-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c7c5fc86f1dbe54da2d3ff8f039c5e53c3d1f67c9271cb467b2318310f744f93"
 		score = 65
 		quality = 85
@@ -312112,8 +312700,8 @@ rule SIGNATURE_BASE_SUSP_Email_Suspicious_Onenote_Attachment_Jan23_2 : FILE
 		date = "2023-01-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_onenote_phish.yar#L41-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_onenote_phish.yar#L41-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eb6f992ce186022f04613af3bf4df629b00d85eac151f8bbd4b8ef96e6892eab"
 		score = 65
 		quality = 85
@@ -312138,8 +312726,8 @@ rule SIGNATURE_BASE_SUSP_Onenote_Embedded_Filedatastoreobject_Type_Jan23_1 : FIL
 		date = "2023-01-27"
 		modified = "2023-02-27"
 		reference = "https://blog.didierstevens.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_onenote_phish.yar#L63-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_onenote_phish.yar#L63-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d91ca297ea96f80534085f174d335ffe961c569534f043c5c2ae8d6a9f7ac083"
 		score = 65
 		quality = 85
@@ -312189,8 +312777,8 @@ rule SIGNATURE_BASE_SUSP_Onenote_Embedded_Filedatastoreobject_Type_Jan23_2 : FIL
 		date = "2023-01-27"
 		modified = "2023-12-05"
 		reference = "https://blog.didierstevens.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_onenote_phish.yar#L108-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_onenote_phish.yar#L108-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bc07598570b6d4ebc5d14cedfed146c1ad309b8890bc0b9ee5f9ad645c1352e2"
 		score = 65
 		quality = 85
@@ -312213,8 +312801,8 @@ rule SIGNATURE_BASE_MAL_Floxif_Generic : FILE
 		date = "2018-05-11"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_floxif_flystudio.yar#L3-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_floxif_flystudio.yar#L3-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1996f717100d9f1abc2ed3f1e9d0c55daec09654c0f99987ddaea9e9f0d17008"
 		score = 80
 		quality = 85
@@ -312235,8 +312823,8 @@ rule SIGNATURE_BASE_MAL_CN_Flystudio_May18_1 : FILE
 		date = "2018-05-11"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_floxif_flystudio.yar#L21-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_floxif_flystudio.yar#L21-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8d03f02a270d8664175b65398c01ec4f0ea182437b31847f9bf4181edb0c36bb"
 		score = 75
 		quality = 85
@@ -312261,8 +312849,8 @@ rule SIGNATURE_BASE_MAL_Ransomware_Wadhrama : FILE
 		date = "2019-04-07"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_mal_ransom_wadharma.yar#L3-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_mal_ransom_wadharma.yar#L3-L13"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5d78837ed7cb8914be0990859751cf64603ee5a5ad135541c60c6ae145046412"
 		score = 75
 		quality = 85
@@ -312281,8 +312869,8 @@ rule SIGNATURE_BASE_MAL_BACKORDER_LOADER_WIN_Go_Jan23 : LOADER GOLANG BACKORDER
 		date = "2025-01-23"
 		modified = "2025-03-20"
 		reference = "EclecticIQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_win_go_backorder_loader.yar#L1-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_win_go_backorder_loader.yar#L1-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "70c91ffdc866920a634b31bf4a070fb3c3f947fc9de22b783d6f47a097fec2d8"
 		logic_hash = "9e79ec9e58e02b7660383ff20957b95bc3c61ed3badc9af3d5829ebe5bf6bd7b"
 		score = 80
@@ -312312,8 +312900,8 @@ rule SIGNATURE_BASE_Cheshirecat_Sample2 : FILE
 		date = "2015-08-08"
 		modified = "2023-12-05"
 		reference = "https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cheshirecat.yar#L11-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cheshirecat.yar#L11-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dc18850d065ff6a8364421a9c8f9dd5fcce6c7567f4881466cee00e5cd0c7aa8"
 		logic_hash = "4dd299cfe36545dba5ccac22d2eedc405f548fe5f976514d1cfa8238b472782c"
 		score = 70
@@ -312341,8 +312929,8 @@ rule SIGNATURE_BASE_Cheshirecat_Gen1 : FILE
 		date = "2015-08-08"
 		modified = "2023-12-05"
 		reference = "https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cheshirecat.yar#L35-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cheshirecat.yar#L35-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d1bbda9340bc2d2fcefd6bf9a3c30fe0b99c66fb978b3a4583f17c521cfcf4b0"
 		score = 90
 		quality = 85
@@ -312387,8 +312975,8 @@ rule SIGNATURE_BASE_Cheshirecat_Gen2 : FILE
 		date = "2015-08-08"
 		modified = "2023-12-05"
 		reference = "https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cheshirecat.yar#L76-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cheshirecat.yar#L76-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c5d6ce6cc09c416d3449f7f5fc09139ce9271b69d743832b4b2548682e4ddf1"
 		score = 70
 		quality = 85
@@ -312428,8 +313016,8 @@ rule SIGNATURE_BASE_BKDR_Snarasite_Oct17 : FILE
 		date = "2017-10-07"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_snarasite.yar#L3-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_snarasite.yar#L3-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "79f49bce6de996d20b64476feb73987fdcd7555963ea1a596648d8702fbd2898"
 		score = 75
 		quality = 85
@@ -312449,8 +313037,8 @@ rule SIGNATURE_BASE_Powershell_Case_Anomaly : FILE
 		date = "2017-08-11"
 		modified = "2022-06-12"
 		reference = "https://twitter.com/danielhbohannon/status/905096106924761088"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_case_anomalies.yar#L11-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_case_anomalies.yar#L11-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cbef94b899a2d22930ee0e8b3eac03c505db629d19a62ddd8f56482403dfa595"
 		score = 70
 		quality = 77
@@ -312492,8 +313080,8 @@ rule SIGNATURE_BASE_Wscriptshell_Case_Anomaly : FILE
 		date = "2017-09-11"
 		modified = "2022-06-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_case_anomalies.yar#L62-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_case_anomalies.yar#L62-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5c64e124186ae2eb974639627287fb27fe27eb2855342703e4a27a9c0fd62a91"
 		score = 60
 		quality = 83
@@ -312520,8 +313108,8 @@ rule SIGNATURE_BASE_KR_Target_Malware_Aug17 : FILE
 		date = "2017-08-23"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/eyalsela/status/900250203097354240"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_kr_malware.yar#L11-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_kr_malware.yar#L11-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "47c3350b489b023687f05f55a09f0092456c87b4beeda563756a99ccd5091b09"
 		score = 75
 		quality = 85
@@ -312551,8 +313139,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Bypassuac : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_empire.yar#L9-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_empire.yar#L9-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ab0f900a6915b7497313977871a64c3658f3e6f73f11b03d2d33ca61305dc6a8"
 		logic_hash = "1697065405fa0e255cdd77fa39f53866118caf0bad6a3d72756590303610e7b6"
 		score = 70
@@ -312578,8 +313166,8 @@ rule SIGNATURE_BASE_Empire_Lib_Modules_Trollsploit_Message : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_empire.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_empire.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "71f2258177eb16eafabb110a9333faab30edacf67cb019d5eab3c12d095655d5"
 		logic_hash = "70b7d91395ae30131c1448511425abf32ddedf04632266454aa008330ff28222"
 		score = 70
@@ -312605,8 +313193,8 @@ rule SIGNATURE_BASE_Empire_Persistence : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_empire.yar#L47-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_empire.yar#L47-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ae8875f7fcb8b4de5cf9721a9f5a9f7782f7c436c86422060ecdc5181e31092f"
 		logic_hash = "3c398aa180b6f2225a25f9b1430e89991c7e391930e2be140e89c67da67b3614"
 		score = 70
@@ -312631,8 +313219,8 @@ rule SIGNATURE_BASE_Empire_Portscan : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_empire.yar#L65-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_empire.yar#L65-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b355efa1e7b3681b1402e22c58ce968795ef245fd08a0afb948d45c173e60b97"
 		logic_hash = "162ac4ccc8629a2d017831cdc6d1bf8d7a62b844bf68a0d61956b2f41a5e004b"
 		score = 70
@@ -312656,8 +313244,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Shellcode : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_empire.yar#L82-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_empire.yar#L82-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fa75cfd57269fbe3ad6bdc545ee57eb19335b0048629c93f1dc1fe1059f60438"
 		logic_hash = "968a140f75aa17bd9aac243483cade931dc047854b65b2f61146492c2cf01ea5"
 		score = 70
@@ -312682,8 +313270,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Mimikatz : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_empire.yar#L100-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_empire.yar#L100-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c5481864b757837ecbc75997fa24978ffde3672b8a144a55478ba9a864a19466"
 		logic_hash = "3e16bed3dd7b36920cdf01507f35e38d004e3ce2f3301911a8ee4aedbae6c5c3"
 		score = 70
@@ -312708,8 +313296,8 @@ rule SIGNATURE_BASE_Empire_Lib_Modules_Credentials_Mimikatz_Pth : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_empire.yar#L118-L133"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_empire.yar#L118-L133"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6dee1cf931e02c5f3dc6889e879cc193325b39e18409dcdaf987b8bf7c459211"
 		logic_hash = "6989c2e50ce642e0300e1293f46cd36e5141274d1e7172a8312595bb515bede2"
 		score = 70
@@ -312733,8 +313321,8 @@ rule SIGNATURE_BASE_Empire_Write_Hijackdll : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_empire.yar#L135-L151"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_empire.yar#L135-L151"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "155fa7168e28f15bb34f67344f47234a866e2c63b3303422ff977540623c70bf"
 		logic_hash = "e01157fe4adaf647474292bfbbb8196c0b7e89433da52a386a8d9573ae543679"
 		score = 70
@@ -312759,8 +313347,8 @@ rule SIGNATURE_BASE_Empire_Skeleton_Key : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_empire.yar#L153-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_empire.yar#L153-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3d02f16dcc38faaf5e97e4c5dbddf761f2816004775e6af8826cde9e29bb750f"
 		logic_hash = "910451b2b2ed7cb5f7891d97d15e49da24b182adc903926f539fc4bfe589f2d5"
 		score = 70
@@ -312786,8 +313374,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Wmi : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_empire.yar#L172-L188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_empire.yar#L172-L188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a914cb227f652734a91d3d39745ceeacaef7a8b5e89c1beedfd6d5f9b4615a1d"
 		logic_hash = "7179a22eec8eb9e59bf590e671e6849d5b960c58eb8fa591bc3b340d64f1d076"
 		score = 70
@@ -312812,11 +313400,11 @@ rule SIGNATURE_BASE_EXPL_Log4J_Callbackdomain_Iocs_Dec21_1 : CVE_2021_44228
 		date = "2021-12-12"
 		modified = "2025-03-29"
 		reference = "https://gist.github.com/superducktoes/9b742f7b44c71b4a0d19790228ce85d8"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_log4j_cve_2021_44228.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_log4j_cve_2021_44228.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8d5e60f91b715242c6f8ee806ab81d3e296ce1467cf2d065b053f33e3ae00f14"
 		score = 60
-		quality = 60
+		quality = 85
 		tags = "CVE-2021-44228"
 
 	strings:
@@ -312834,8 +313422,8 @@ rule SIGNATURE_BASE_EXPL_JNDI_Exploit_Patterns_Dec21_1
 		date = "2021-12-12"
 		modified = "2025-03-29"
 		reference = "https://github.com/pimps/JNDI-Exploit-Kit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_log4j_cve_2021_44228.yar#L16-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_log4j_cve_2021_44228.yar#L16-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9442c8c4eee76539892752361657c86e80acc7990876e787317b042a4637f669"
 		score = 60
 		quality = 85
@@ -312876,8 +313464,8 @@ rule SIGNATURE_BASE_EXPL_Log4J_CVE_2021_44228_JAVA_Exception_Dec21_1 : CVE_2021_
 		date = "2021-12-12"
 		modified = "2025-03-29"
 		reference = "https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_log4j_cve_2021_44228.yar#L51-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_log4j_cve_2021_44228.yar#L51-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "98eabec4ad2f5c4d22db9c3bebdc82c8dc6723599748360875fc7b613b1019ab"
 		score = 60
 		quality = 85
@@ -312900,8 +313488,8 @@ rule SIGNATURE_BASE_EXPL_Log4J_CVE_2021_44228_Dec21_Soft : FILE CVE_2021_44228
 		date = "2021-12-10"
 		modified = "2025-03-24"
 		reference = "https://twitter.com/h113sdx/status/1469010902183661568?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_log4j_cve_2021_44228.yar#L68-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_log4j_cve_2021_44228.yar#L68-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "61a005060e2041afa5a9aa0b2a5e26cfc9a53cbafa78b15e4dd2c3b38127373a"
 		score = 50
 		quality = 85
@@ -312932,8 +313520,8 @@ rule SIGNATURE_BASE_EXPL_Log4J_CVE_2021_44228_Dec21_OBFUSC : CVE_2021_44228
 		date = "2021-12-12"
 		modified = "2021-12-13"
 		reference = "https://twitter.com/h113sdx/status/1469010902183661568?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_log4j_cve_2021_44228.yar#L94-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_log4j_cve_2021_44228.yar#L94-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "00231db2ae83a89c187dbde1f2bc67fdaedcf1cbdf872afdcc374d2d0abee515"
 		score = 60
 		quality = 85
@@ -312962,11 +313550,11 @@ rule SIGNATURE_BASE_EXPL_Log4J_CVE_2021_44228_Dec21_Hard : FILE CVE_2021_44228
 		date = "2021-12-10"
 		modified = "2025-03-20"
 		reference = "https://twitter.com/h113sdx/status/1469010902183661568?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_log4j_cve_2021_44228.yar#L118-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_log4j_cve_2021_44228.yar#L118-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9a4fc285dd1680ebc8a1042eeb5fbba73b9e2df70678adf3163122d84405325e"
 		score = 65
-		quality = 60
+		quality = 85
 		tags = "FILE, CVE-2021-44228"
 
 	strings:
@@ -312991,8 +313579,8 @@ rule SIGNATURE_BASE_SUSP_Base64_Encoded_Exploit_Indicators_Dec21 : CVE_2021_4422
 		date = "2021-12-10"
 		modified = "2021-12-13"
 		reference = "https://twitter.com/Reelix/status/1469327487243071493"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_log4j_cve_2021_44228.yar#L142-L165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_log4j_cve_2021_44228.yar#L142-L165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "703a83916c7279bcdc3cd61602472c2a3815140235be169f5b2063a547438c61"
 		score = 70
 		quality = 85
@@ -313019,11 +313607,11 @@ rule SIGNATURE_BASE_SUSP_Jdniexploit_Indicators_Dec21 : FILE
 		date = "2021-12-10"
 		modified = "2021-12-12"
 		reference = "https://github.com/flypig5211/JNDIExploit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_log4j_cve_2021_44228.yar#L167-L180"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_log4j_cve_2021_44228.yar#L167-L180"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7886a67672001f0db72575d96d3a12341bfcdc49a9951e3d5e2a88ab46bf5a5d"
 		score = 70
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -313041,8 +313629,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_OBFUSC_Dec21_1 : CVE_2021_44228 FILE
 		date = "2021-12-11"
 		modified = "2022-11-08"
 		reference = "https://twitter.com/testanull/status/1469549425521348609"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_log4j_cve_2021_44228.yar#L182-L211"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_log4j_cve_2021_44228.yar#L182-L211"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d6ffb70da82fe16e7a76feb31c01aa3e0cfc5625cc0e2b237ec851c646550839"
 		score = 60
 		quality = 85
@@ -313071,8 +313659,8 @@ rule SIGNATURE_BASE_SUSP_Jdniexploit_Error_Indicators_Dec21_1
 		date = "2021-12-10"
 		modified = "2023-06-23"
 		reference = "https://twitter.com/marcioalm/status/1470361495405875200?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_log4j_cve_2021_44228.yar#L213-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_log4j_cve_2021_44228.yar#L213-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2ab98814b2ed66b0bda875fecc0b09db82035d7edcdb0af65f815817ec8c6cc8"
 		score = 70
 		quality = 85
@@ -313093,8 +313681,8 @@ rule SIGNATURE_BASE_HKTL_Solarwinds_Credential_Stealer : FILE
 		date = "2021-01-20"
 		modified = "2023-12-05"
 		reference = "https://github.com/mubix/solarflare"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_solarwinds_credential_stealer.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_solarwinds_credential_stealer.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1b2e5186464ed0bdd38fcd9f4ab294a7ba28bd829bf296584cbc32e2889037e4"
 		hash = "4adb69d4222c80d97f8d64e4d48b574908a518f8d504f24ce93a18b90bd506dc"
 		logic_hash = "ccf55ba7b66ff8d0f926999f3d68dc3b2fdc1c9ce15e1f08b75d003c62393312"
@@ -313128,8 +313716,8 @@ rule SIGNATURE_BASE_HKTL_EDR_Freeze_Sep25_2 : FILE
 		date = "2025-09-30"
 		modified = "2025-09-30"
 		reference = "https://github.com/TwoSevenOneT/EDR-Freeze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/hktl_edr_freeze_sep25.yar#L1-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/hktl_edr_freeze_sep25.yar#L1-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "735d56839f17ca98a0022e6044b8d0bc43201b48e3a64c7b671c417f62749643"
 		score = 80
 		quality = 85
@@ -313166,8 +313754,8 @@ rule SIGNATURE_BASE_Brc4_Shellcode
 		date = "2022-11-19"
 		modified = "2023-12-05"
 		reference = "https://github.com/paranoidninja/Brute-Ratel-C4-Community-Kit/blob/main/deprecated/brc4.yara"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/hktl_bruteratel_c4.yar#L263-L290"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/hktl_bruteratel_c4.yar#L263-L290"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a2816eb0316cebc96569847c17eae3bc50b988b07aa471176a09695fcefc21ec"
 		score = 75
 		quality = 83
@@ -313202,8 +313790,8 @@ rule SIGNATURE_BASE_Crime_Win32_Parallax_Loader_1 : FILE
 		date = "2020-02-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1227976106227224578"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_parallax_rat.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_parallax_rat.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1331e7b69fd9b14b5d2dae45b452b385e48018290d91de33a4f4a5ebcce4805b"
 		score = 75
 		quality = 85
@@ -313226,8 +313814,8 @@ rule SIGNATURE_BASE_Crime_Win32_Parallax_Payload_1 : FILE
 		date = "2020-02-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1227976106227224578"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_parallax_rat.yar#L20-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_parallax_rat.yar#L20-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3a1718d7caea5bd6741dd39fc16f955e1d3c73a282d51eda5b63c3352404529e"
 		score = 75
 		quality = 85
@@ -313251,8 +313839,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Confluence_RCE_CVE_2021_26084_Sep21 : LOG CVE_2021_
 		date = "2021-09-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cve_2021_26084_confluence_log.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cve_2021_26084_confluence_log.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "04542570b4814efde3d96ba5be8b5f9fd6e3c51be09f0e8a1c4eba45bfd8f5ff"
 		score = 55
 		quality = 60
@@ -313282,8 +313870,8 @@ rule SIGNATURE_BASE_Rehashed_RAT_1 : FILE
 		date = "2017-09-08"
 		modified = "2023-12-05"
 		reference = "https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rehashed_rat.yar#L13-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rehashed_rat.yar#L13-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "06a98e87d931bdea697a2cf3de604f03654f9aa2b3f2346e78ba92e492c0fc7c"
 		score = 75
 		quality = 85
@@ -313314,8 +313902,8 @@ rule SIGNATURE_BASE_Rehashed_RAT_2 : FILE
 		date = "2017-09-08"
 		modified = "2023-12-05"
 		reference = "https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rehashed_rat.yar#L41-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rehashed_rat.yar#L41-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "96c4582981792eb5f8180c06a5fe824fd439cfa0ede294eccff3afa7d318a6e9"
 		score = 75
 		quality = 85
@@ -313344,8 +313932,8 @@ rule SIGNATURE_BASE_Rehashed_RAT_3 : FILE
 		date = "2017-09-08"
 		modified = "2022-12-21"
 		reference = "https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rehashed_rat.yar#L69-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rehashed_rat.yar#L69-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "46f21f11959f863c85a1cfac74a28ba86d5b9789fea5a428168d157c13cce022"
 		score = 75
 		quality = 85
@@ -313370,8 +313958,8 @@ rule SIGNATURE_BASE_Streamex_Shellcrew
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_shellcrew_streamex.yar#L11-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_shellcrew_streamex.yar#L11-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a82ff51c1dcd1ebe3d7acc96b46b0b79dcead9146204f060f5413c4c7b5286d3"
 		score = 80
 		quality = 85
@@ -313398,8 +313986,8 @@ rule SIGNATURE_BASE_Shellcrew_Streamex_1 : FILE
 		date = "2017-02-10"
 		modified = "2022-12-21"
 		reference = "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_shellcrew_streamex.yar#L40-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_shellcrew_streamex.yar#L40-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4da0b8843de87e53243af40700afaab77120531af28dc311d9100bce6721650b"
 		score = 75
 		quality = 85
@@ -313427,8 +314015,8 @@ rule SIGNATURE_BASE_Shellcrew_Streamex_1_Msi : FILE
 		date = "2017-02-10"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_shellcrew_streamex.yar#L61-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_shellcrew_streamex.yar#L61-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa853dac58c067a88f1784ac4017fd558151e54ed10ceb32ab90c99e970460fe"
 		score = 75
 		quality = 85
@@ -313456,8 +314044,8 @@ rule SIGNATURE_BASE_Shellcrew_Streamex_1_Msi_Dll : FILE
 		date = "2017-02-10"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_shellcrew_streamex.yar#L82-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_shellcrew_streamex.yar#L82-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "087ac07a2bf822f7838ef46296150381cfc9af9b12b4023654023a779efc1db1"
 		score = 75
 		quality = 85
@@ -313483,8 +314071,8 @@ rule SIGNATURE_BASE_GRIZZLY_STEPPE_Malware_1 : FILE
 		date = "2016-12-29"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/WVflzO"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d4a06fbf875ba2dbe64abcc21fab4eea1fe1b092498a09d9a310214562c1869e"
 		score = 75
 		quality = 85
@@ -313512,8 +314100,8 @@ rule SIGNATURE_BASE_GRIZZLY_STEPPE_Malware_2 : FILE
 		date = "2016-12-29"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/WVflzO"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L30-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L30-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "134a76129ef2169ac60f21541ef51a223720badfad02f0822acc7fd6d49cf7e7"
 		score = 75
 		quality = 85
@@ -313542,8 +314130,8 @@ rule SIGNATURE_BASE_PAS_TOOL_PHP_WEB_KIT_Mod : FILE
 		date = "2016-12-29"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L52-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L52-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fab894d9609c1fca4a85457e6799d082dfd3eb9ca0564abc04a1a0dd07a7b546"
 		score = 75
 		quality = 85
@@ -313570,8 +314158,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Web_Kit_V3 : FILE
 		date = "2016-01-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/wordfence/grizzly"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L76-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L76-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "21bf0afcd3f8de813ddfe41ef32e45806e9f9d7d3b08ae7ce65017c35e32a868"
 		score = 75
 		quality = 85
@@ -313597,8 +314185,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Web_Kit_V4 : FILE
 		date = "2016-01-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/wordfence/grizzly"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L97-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L97-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e2eaa0abd14f4dd08815c44797df707a08df1ea4e04ae69ba67d128a0fe4eff5"
 		score = 75
 		quality = 85
@@ -313623,8 +314211,8 @@ rule SIGNATURE_BASE_APT_APT29_Wellmess_Dotnet_Unique_Strings : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L120-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L120-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2285a264ffab59ab5a1eb4e2b9bcab9baf26750b6c551ee3094af56a4442ac41"
 		logic_hash = "90e8480aa50e18202007bcffdc8348290ad0ac0588c924b4f75ea425a6cae32d"
 		score = 75
@@ -313651,8 +314239,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Encryption_Key_Schedule : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L138-L153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L138-L153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "d4f7ec82e51f1063b4d61302e5ff9268dd3233bb44269fc32cb57fb9240f96e2"
 		score = 75
@@ -313678,8 +314266,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Encryption_Key_2B62 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L155-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L155-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "39ad6de70883fbe0377379c3cab15962372793043ebbf4054efb7cee3aff9104"
 		score = 75
@@ -313701,8 +314289,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Directory_Enumeration_Output_Strings : FI
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L169-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L169-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "8f029269f5a383737f38af04b05a16a71af5453bffe83e04ac53191eaa49d3e7"
 		score = 75
@@ -313726,8 +314314,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Command_Elem_Cookie_Ga_Boundary_String :
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L185-L199"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L185-L199"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "65b31a12d8abb88fbb99fcc6b2707bec90e4edc35d0cf21903213eda5cacec88"
 		score = 75
@@ -313751,8 +314339,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Encryption_Round_Function : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L201-L214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L201-L214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "c4979b7ec31581b43b6975be5d4b1bfa5562e5fe25bbb51bb7c388550ed80ac6"
 		score = 75
@@ -313775,8 +314363,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Add_Random_Commas_Spaces : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L216-L229"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L216-L229"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "046e222aabc9e596d9536702521b4729d990e1f327ded004ca984b73a8511a83"
 		score = 75
@@ -313799,8 +314387,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Modify_Alphabet_Custom_Encode : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L231-L243"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L231-L243"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "f0f5bcad52b0b15dc74a51973ef2752234bd12d677c846b2f96fe569d906ea3b"
 		score = 75
@@ -313823,8 +314411,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Custom_Encode_Decode : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L245-L274"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L245-L274"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "536147bda9603d68748010f9db260af732fe0865a601ae1104538933b19c519b"
 		score = 75
@@ -313863,8 +314451,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Remove_Chars_Comma_Space_Dot : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L276-L289"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L276-L289"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "652607e0cfe6f5ad6ede169e28f63e8262fc37cbc7baa2525e52e79572d9a468"
 		score = 75
@@ -313888,8 +314476,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Disk_Enumeration_Strings : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_grizzly_steppe.yar#L291-L310"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_grizzly_steppe.yar#L291-L310"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a4b790ddffb3d2e6691dcacae08fb0bfa1ae56b6c73d70688b097ffa831af064"
 		logic_hash = "4a225b767dc922625c333aea866638bc5e239137592e46c17563b9cc380b0eea"
 		score = 75
@@ -313918,8 +314506,8 @@ rule SIGNATURE_BASE_Gen_Macro_Shellexecute_Action : FILE
 		date = "2019-01-08"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ItsReallyNick/status/1091170625698316288"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_macro_ShellExecute_action.yar#L1-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_macro_ShellExecute_action.yar#L1-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "da40175579f7d76d10ad0188851f111ba5d875ce990b2940166dd28eac2a742d"
 		score = 75
 		quality = 85
@@ -313954,8 +314542,8 @@ rule SIGNATURE_BASE_MAL_WIN_Ralordv1_Apr25 : FILE
 		date = "2025-04-01"
 		modified = "2025-04-18"
 		reference = "https://ish.com.br/wp-content/uploads/2025/04/RALord-Novo-grupo-de-Ransomware-as-a-Service-1.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_ralordv1_win_ap25.yar#L1-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_ralordv1_win_ap25.yar#L1-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "be15f62d14d1cbe2aecce8396f4c6289"
 		logic_hash = "75d20cca5eb48109bbb3b0ab0ce2efb4f2d89bc1984df8c4fddf1f859d069750"
 		score = 80
@@ -313988,8 +314576,8 @@ rule SIGNATURE_BASE_MAL_Sharpshooter_Excel4 : FILE
 		date = "2020-03-27"
 		modified = "2023-12-05"
 		reference = "https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-xls/00b5dd7d-51ca-4938-b7b7-483fe0e5933b"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_Excel4Macro_Sharpshooter.yar#L1-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_Excel4Macro_Sharpshooter.yar#L1-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ccef64586d25ffcb2b28affc1f64319b936175c4911e7841a0e28ee6d6d4a02d"
 		logic_hash = "4aec8bb7ec8ce7ebd8228416133ea7eec995864aeec78c11548387d832b5fa65"
 		score = 70
@@ -314016,8 +314604,8 @@ rule SIGNATURE_BASE_SUSP_Excel4Macro_Autoopen : FILE
 		date = "2020-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_Excel4Macro_Sharpshooter.yar#L27-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_Excel4Macro_Sharpshooter.yar#L27-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f"
 		logic_hash = "074aab8e1d3b66e34e8e8d8e8489e1dfee1091df0424b22cd1bfd3cf904754e1"
 		score = 50
@@ -314044,8 +314632,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Customlokitools : FILE
 		date = "2017-03-15"
 		modified = "2017-03-22"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_moonlightmaze.yar#L11-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_moonlightmaze.yar#L11-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "14cce7e641d308c3a177a8abb5457019"
 		hash = "a3164d2bbc45fb1eef5fde7eb8b245ea"
 		hash = "dabee9a7ea0ddaf900ef1e3e166ffe8a"
@@ -314082,8 +314670,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Customsniffer
 		date = "2017-03-15"
 		modified = "2023-12-05"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_moonlightmaze.yar#L50-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_moonlightmaze.yar#L50-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7b86f40e861705d59f5206c482e1f2a5"
 		hash = "927426b558888ad680829bd34b0ad0e7"
 		logic_hash = "5ccf9035adc16393db4b3d461f7a20f86f538275d7806280a15508c15d9c805c"
@@ -314113,8 +314701,8 @@ rule SIGNATURE_BASE_Loki2Crypto
 		date = "2017-03-21"
 		modified = "2023-12-05"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_moonlightmaze.yar#L82-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_moonlightmaze.yar#L82-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "19fbd8cbfb12482e8020a887d6427315"
 		hash = "ea06b213d5924de65407e8931b1e4326"
 		hash = "14ecd5e6fc8e501037b54ca263896a11"
@@ -314141,8 +314729,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_De_Tool
 		date = "2017-03-27"
 		modified = "2017-03-27"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_moonlightmaze.yar#L111-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_moonlightmaze.yar#L111-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4bc7ed168fb78f0dc688ee2be20c9703"
 		hash = "8b56e8552a74133da4bc5939b5f74243"
 		logic_hash = "f658e1aa2ddb84fe3c1de7c7c00f2148d232cf2b3381c298420abfc382c02986"
@@ -314168,8 +314756,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Cle_Tool
 		date = "2017-03-27"
 		modified = "2017-03-27"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_moonlightmaze.yar#L140-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_moonlightmaze.yar#L140-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "647d7b711f7b4434145ea30d0ef207b0"
 		logic_hash = "a4bbd7be617b944a656fa58ca9ec6384f624c95250de6b8a6ba63e7c3387484c"
 		score = 75
@@ -314197,8 +314785,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Xk_Keylogger
 		date = "2017-03-27"
 		modified = "2017-03-27"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_moonlightmaze.yar#L170-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_moonlightmaze.yar#L170-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b2acdef9c8e545f4ab217f529a7e4a3e74723b27ec89896f98639fd40792bcc8"
 		score = 75
 		quality = 35
@@ -314231,8 +314819,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Encrypted_Keylog : FILE
 		date = "2017-03-27"
 		modified = "2017-03-27"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_moonlightmaze.yar#L204-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_moonlightmaze.yar#L204-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "593f6f2148ddb52e2beee72a48135cd83f126edfdb263b471432d17273e536db"
 		score = 75
 		quality = 85
@@ -314254,8 +314842,8 @@ rule SIGNATURE_BASE_Ping_Command_In_EXE : FILE
 		date = "2016-11-03"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1ea24774471eade7b7c50f0eae520e2b30dbec693e162b83ab0074465f179372"
 		score = 60
 		quality = 85
@@ -314277,8 +314865,8 @@ rule SIGNATURE_BASE_Googlebot_Useragent : FILE
 		date = "2017-01-27"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L17-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L17-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa6cc3625d3740b91d7f1193cea0bdb621ae9445e42300123b01e322f715b976"
 		score = 65
 		quality = 85
@@ -314301,11 +314889,11 @@ rule SIGNATURE_BASE_Gen_Net_Localgroup_Administrators_Add_Command : FILE
 		date = "2017-07-08"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L34-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L34-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "af4d7c8586022583e2019bbdc3638704e1d237b25e3c214f3bc2db64c58c8bd3"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 
@@ -314324,8 +314912,8 @@ rule SIGNATURE_BASE_Suspicious_Script_Running_From_HTTP
 		date = "2017-08-20"
 		modified = "2025-03-21"
 		reference = "https://www.hybrid-analysis.com/sample/a112274e109c5819d54aa8de89b0e707b243f4929a83e77439e3ff01ed218a35?environmentId=100"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L48-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L48-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "49ead238b9153886ddbcfe37939628fd848283373e2807797d0849559ebecf6c"
 		score = 50
 		quality = 85
@@ -314350,8 +314938,8 @@ rule SIGNATURE_BASE_Reconcommands_In_File : FILE
 		date = "2017-12-11"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/haroonmeer/status/939099379834658817"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L66-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L66-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "73b4bcf76f42a6bf9c3d9dfe3f4e754ce2856e03a47cfd35388d47290209e65d"
 		score = 40
 		quality = 85
@@ -314380,8 +314968,8 @@ rule SIGNATURE_BASE_VBS_Dropper_Script_Dec17_1 : FILE
 		date = "2018-01-01"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L88-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L88-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f3c55bd6bf382891263887e46a794329c78bff87b7685088911261fc3b3b133d"
 		score = 80
 		quality = 85
@@ -314408,8 +314996,8 @@ rule SIGNATURE_BASE_SUSP_PDB_Strings_Keylogger_Backdoor : HIGHVOL FILE
 		date = "2018-03-23"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L109-L130"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L109-L130"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9a842ff8cd8be98a2e37a81706a9c594e8bf1bcc6bd3cedfe4747cd52f6044f5"
 		score = 65
 		quality = 85
@@ -314438,8 +315026,8 @@ rule SIGNATURE_BASE_SUSP_Microsoft_Copyright_String_Anomaly_2 : FILE
 		date = "2018-05-11"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L132-L146"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L132-L146"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "60bc5d8d0853f474b81d2274a65977a12a481e4b669b38ae47a325eeb60d2735"
 		score = 60
 		quality = 85
@@ -314462,8 +315050,8 @@ rule SIGNATURE_BASE_SUSP_LNK_File_Appdata_Roaming : FILE
 		date = "2018-05-16"
 		modified = "2025-03-21"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L148-L168"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L148-L168"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5e5c78d3fe3fcdbfb097f833fbb1e15ad1f79e63b330eaba754d8b5296b5165a"
 		score = 50
 		quality = 85
@@ -314488,8 +315076,8 @@ rule SIGNATURE_BASE_SUSP_LNK_File_Pathtraversal : FILE
 		date = "2018-05-16"
 		modified = "2025-03-21"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L170-L186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L170-L186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9935c454518abe7fd4ec4f09e36e4200ec7c9f3b3ad004e9b49d60c08f508236"
 		score = 40
 		quality = 85
@@ -314511,8 +315099,8 @@ rule SIGNATURE_BASE_SUSP_Script_Obfuscation_Char_Concat
 		date = "2018-10-04"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/JaromirHorejsi/status/1047084277920411648"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L188-L200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L188-L200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "28b648e0e1c22fefa49a937f40bd4ed09c5d3894ff059979bad69e8bc98fcac2"
 		score = 65
 		quality = 85
@@ -314534,8 +315122,8 @@ rule SIGNATURE_BASE_SUSP_Powershell_IEX_Download_Combo
 		date = "2018-10-04"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/JaromirHorejsi/status/1047084277920411648"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L202-L218"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L202-L218"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0a1507859354e0e0d9284befcf777c4d3883496eb96524a246a1df4f3a247aa9"
 		score = 65
 		quality = 85
@@ -314560,8 +315148,8 @@ rule SIGNATURE_BASE_SUSP_Win32Dll_String : FILE
 		date = "2018-10-24"
 		modified = "2025-03-21"
 		reference = "https://medium.com/@Sebdraven/apt-sidewinder-changes-theirs-ttps-to-install-their-backdoor-f92604a2739"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L220-L232"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L220-L232"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "514596e078483920cedf0091cd769d8462acfd39956c3ed3e12d630b02ebb7cc"
 		score = 65
 		quality = 85
@@ -314583,8 +315171,8 @@ rule SIGNATURE_BASE_SUSP_Modified_Systemexefilename_In_File : FILE
 		date = "2018-12-11"
 		modified = "2025-03-21"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L234-L248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L234-L248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "45c01024c4e6a3563cd27d8a78e2236d49aa795d24f322774a14b4c7289830c4"
 		score = 65
 		quality = 85
@@ -314607,8 +315195,8 @@ rule SIGNATURE_BASE_SUSP_JAVA_Class_With_VBS_Content : FILE
 		date = "2019-01-03"
 		modified = "2025-03-20"
 		reference = "https://www.menlosecurity.com/blog/a-jar-full-of-problems-for-financial-services-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L250-L275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L250-L275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bf325bbb6a448f977e4e661e4296c4145de9a809c79cee8538d660ecaff76e94"
 		score = 70
 		quality = 83
@@ -314635,8 +315223,8 @@ rule SIGNATURE_BASE_SUSP_RAR_With_PDF_Script_Obfuscation : FILE
 		date = "2019-04-06"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L277-L293"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L277-L293"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "05e9fd7620a70a490548d4562c80497bcf888e493b8e1188e0a0e0c274e2a7e5"
 		score = 65
 		quality = 85
@@ -314662,8 +315250,8 @@ rule SIGNATURE_BASE_SUSP_Netsh_Portproxy_Command
 		date = "2019-04-20"
 		modified = "2025-03-21"
 		reference = "https://docs.microsoft.com/en-us/windows-server/networking/technologies/netsh/netsh-interface-portproxy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L295-L308"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L295-L308"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dbf82a908e77886af1c31c51f5f6684015cbcb22bf28876c2e1b0dd1ea5bd2b4"
 		score = 65
 		quality = 85
@@ -314685,8 +315273,8 @@ rule SIGNATURE_BASE_SUSP_Dropperbackdoor_Keywords : FILE
 		date = "2019-04-24"
 		modified = "2025-03-21"
 		reference = "https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L310-L322"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L310-L322"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e83fa95bb2b9ac821d0a00af23834495066ad2cad38ef4f4dcc81aee75415d74"
 		score = 65
 		quality = 85
@@ -314708,11 +315296,11 @@ rule SIGNATURE_BASE_SUSP_SFX_Cmd : FILE
 		date = "2018-09-27"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L324-L336"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L324-L336"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "592de6a2165396c4ae8f494e26e56d0a759903b51167b1531b791897dce66868"
 		score = 65
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		hash1 = "965129e5d0c439df97624347534bc24168935e7a71b9ff950c86faae3baec403"
 
@@ -314731,8 +315319,8 @@ rule SIGNATURE_BASE_SUSP_XMRIG_Reference : FILE
 		date = "2019-06-20"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/itaitevet/status/1141677424045953024"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L338-L350"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L338-L350"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c1e6f5fc390a8ada0688885bba7ed90372915deba5a5e7e5b0cd17ec450ce240"
 		score = 70
 		quality = 85
@@ -314753,8 +315341,8 @@ rule SIGNATURE_BASE_SUSP_Just_EICAR : FILE
 		date = "2019-03-24"
 		modified = "2025-03-21"
 		reference = "http://2016.eicar.org/85-0-Download.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L352-L365"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L352-L365"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a48fc3542fb07131fe0a2e25277009d21b9ca7c9e112873249e5b9c31511af79"
 		score = 40
 		quality = 85
@@ -314776,8 +315364,8 @@ rule SIGNATURE_BASE_SUSP_PDB_Path_Keywords : FILE
 		date = "2019-10-04"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/stvemillertime/status/1179832666285326337?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L367-L393"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L367-L393"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "274b4b40190b8f7e3d123fad63e2bb6b2114a3dbef062791d442109cac149b08"
 		score = 65
 		quality = 85
@@ -314813,8 +315401,8 @@ rule SIGNATURE_BASE_SUSP_Disable_ETW_Jun20_1
 		date = "2020-06-06"
 		modified = "2025-03-21"
 		reference = "https://gist.github.com/Cyb3rWard0g/a4a115fd3ab518a0e593525a379adee3"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L395-L413"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L395-L413"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "182ad2512bcfbcd92d13380113b32982eb367e458019f07038a12f494dfbebb6"
 		score = 65
 		quality = 85
@@ -314841,8 +315429,8 @@ rule SIGNATURE_BASE_SUSP_PE_Discord_Attachment_Oct21_1 : FILE
 		date = "2021-10-12"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L415-L429"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L415-L429"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4d84ec50738f4c7aca8e77c3aabdcd77f3071733a2245a58283f070f2b220599"
 		score = 70
 		quality = 85
@@ -314863,8 +315451,8 @@ rule SIGNATURE_BASE_SUSP_Encoded_Discord_Attachment_Oct21_1 : FILE
 		date = "2021-10-12"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_suspicious_strings.yar#L431-L456"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_suspicious_strings.yar#L431-L456"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1ea5a83e91b5c5b4b8a1d507c365bc1583394c97a28b7d7a576f085854676769"
 		score = 70
 		quality = 85
@@ -314893,8 +315481,8 @@ rule SIGNATURE_BASE_MAL_Qakbotloader_Export_Section_Feb23 : FILE
 		date = "2023-02-17"
 		modified = "2023-12-05"
 		reference = "https://github.com/kevoreilly/CAPEv2/blob/master/LICENSE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_qbot_feb23.yar#L22-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_qbot_feb23.yar#L22-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a"
 		logic_hash = "0e40cd6acdbfb17670b414bd6f2ecdf1ae26ddd6a5d85931973b98963a43aba8"
 		score = 75
@@ -314918,8 +315506,8 @@ rule SIGNATURE_BASE_MAL_Payload_F5_BIG_IP_Exploitations_Jul20_1 : CVE_2020_5902
 		date = "2020-06-07"
 		modified = "2023-12-05"
 		reference = "https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_f5_bigip_expl_payloads.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_f5_bigip_expl_payloads.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a3651081bb09452d80cba9f673a7b61c8ee2f47a12fb64d975eb63867688ee3b"
 		score = 75
 		quality = 85
@@ -314947,8 +315535,8 @@ rule SIGNATURE_BASE_APT_Area1_SSF_Plugx
 		date = "2018-12-19"
 		modified = "2023-12-05"
 		reference = "https://cdn.area1security.com/reports/Area-1-Security-PhishingDiplomacy.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_area1_phishing_diplomacy.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_area1_phishing_diplomacy.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a71f124f0c89c4b020f21d029d0d2997b2bea71526e83bcadffb67acc9cca8f7"
 		score = 75
 		quality = 85
@@ -314983,8 +315571,8 @@ rule SIGNATURE_BASE_APT_Area1_SSF_Googlesend_Strings : FILE
 		date = "2018-12-19"
 		modified = "2023-12-05"
 		reference = "https://cdn.area1security.com/reports/Area-1-Security-PhishingDiplomacy.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_area1_phishing_diplomacy.yar#L29-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_area1_phishing_diplomacy.yar#L29-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3a373ed63494b67883515c133bf5b0af3ab874397c7cb45c8399f12e35212be4"
 		score = 75
 		quality = 85
@@ -315011,8 +315599,8 @@ rule SIGNATURE_BASE_Neuron_Common_Strings : FILE
 		date = "2017-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/turla-group-malware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_neuron.yar#L9-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_neuron.yar#L9-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d1d7a96fcadc137e80ad866c838502713db9cdfe59939342b8e3beacf9c7fe29"
 		logic_hash = "5f7a704fa0b6892b40868689c876e2f8252bb7319424212454408cbdf66f0b9f"
 		score = 75
@@ -315044,8 +315632,8 @@ rule SIGNATURE_BASE_Nautilus_Forensic_Artificats
 		date = "2017-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/turla-group-malware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_neuron.yar#L98-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_neuron.yar#L98-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "17ae559a4640636f1285c7078a4366954d5a41c098419db32315e354f0ae619d"
 		score = 60
 		quality = 85
@@ -315081,8 +315669,8 @@ rule SIGNATURE_BASE_HTA_With_Wscript_Shell
 		date = "2017-06-21"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/msftmmpc/status/877396932758560768"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_hta_anomalies.yar#L11-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_hta_anomalies.yar#L11-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7ce2728fbd3023a6b96291cdb63f30dc9b71e5fc506f8b00ad97e3062b103478"
 		score = 80
 		quality = 85
@@ -315106,8 +315694,8 @@ rule SIGNATURE_BASE_HTA_Embedded
 		date = "2017-06-21"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/msftmmpc/status/877396932758560768"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_hta_anomalies.yar#L28-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_hta_anomalies.yar#L28-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "843f0ad5e39e5492db8ff7372f6d2038e7dbb7823ec9b33f863ab891a108b1ec"
 		score = 50
 		quality = 85
@@ -315130,8 +315718,8 @@ rule SIGNATURE_BASE_Base64_PS1_Shellcode
 		date = "2018-11-14"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ItsReallyNick/status/1062601684566843392"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_ps1_shellcode.yar#L1-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_ps1_shellcode.yar#L1-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fac6f41965eb2209f1552763800d6a2b172f28cd29bb7586d180654aab1e6d56"
 		score = 65
 		quality = 85
@@ -315154,8 +315742,8 @@ rule SIGNATURE_BASE_MAL_Xbash_PY_Sep18 : FILE
 		date = "2018-09-18"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_xbash.yar#L13-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_xbash.yar#L13-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d686c42e6bf440507735f846463f2df5fbf4f7bd5f5656883655a5278a1fc252"
 		score = 75
 		quality = 85
@@ -315177,8 +315765,8 @@ rule SIGNATURE_BASE_MAL_Xbash_SH_Sep18 : FILE
 		date = "2018-09-18"
 		modified = "2023-01-06"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_xbash.yar#L27-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_xbash.yar#L27-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b48cbd64002025d861e2fd381be5a68efd7f6fc5fd239850c940f887e2b01673"
 		score = 75
 		quality = 85
@@ -315208,8 +315796,8 @@ rule SIGNATURE_BASE_MAL_Xbash_JS_Sep18 : FILE
 		date = "2018-09-18"
 		modified = "2023-01-06"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_xbash.yar#L50-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_xbash.yar#L50-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cf2f9006e0ab07f6ff1a0ce4946af34468f7c74143c853c5d77c6db725bb590a"
 		score = 75
 		quality = 85
@@ -315234,8 +315822,8 @@ rule SIGNATURE_BASE_APT_HKTL_Wiper_Whispergate_Jan22_1 : FILE
 		date = "2022-01-16"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ua_wiper_whispergate.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ua_wiper_whispergate.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "72eb50a70b3f2fbb232134ef4706dbb15bdb5893fe06d899bff3b7aacdfadd30"
 		score = 85
 		quality = 85
@@ -315262,8 +315850,8 @@ rule SIGNATURE_BASE_APT_HKTL_Wiper_Whispergate_Jan22_2 : FILE
 		date = "2022-01-16"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ua_wiper_whispergate.yar#L25-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ua_wiper_whispergate.yar#L25-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "87a03e95bc1c33d1b3343ec7369c516bb15791943fbb122de11867ad4bddd565"
 		score = 90
 		quality = 85
@@ -315298,8 +315886,8 @@ rule SIGNATURE_BASE_APT_HKTL_Wiper_Whispergate_Stage3_Jan22 : FILE
 		date = "2022-01-16"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/juanandres_gs/status/1482827018404257792"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ua_wiper_whispergate.yar#L59-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ua_wiper_whispergate.yar#L59-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b06536b6a6eebd5fb398ba2617bf68a5b2c4b0035766b3cd0fc03d95019891ec"
 		score = 75
 		quality = 85
@@ -315322,8 +315910,8 @@ rule SIGNATURE_BASE_MAL_OBFUSC_Unknown_Jan22_1 : FILE
 		date = "2022-01-16"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/juanandres_gs/status/1482827018404257792"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ua_wiper_whispergate.yar#L76-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ua_wiper_whispergate.yar#L76-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "26a295d3b78c3a33d776a648aa0f410ac7cb5021ad9d3b294ff9629d6ba7132a"
 		score = 75
 		quality = 85
@@ -315355,8 +315943,8 @@ rule SIGNATURE_BASE_MAL_Unknown_Discord_Characteristics_Jan22_1 : FILE
 		date = "2022-01-16"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ua_wiper_whispergate.yar#L103-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ua_wiper_whispergate.yar#L103-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f9cf4a15be0ab35a0d0f0c9b1a191f623f905c8fc9da651872de7c025a27a806"
 		score = 75
 		quality = 85
@@ -315380,8 +315968,8 @@ rule SIGNATURE_BASE_MAL_Cryprat_Jan19_1 : FILE
 		date = "2019-01-07"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_cryp_rat.yar#L3-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_cryp_rat.yar#L3-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "69f8a581bae1a2c411e09e8fe01a979645ef897038af868d8e9f2a2ce9188080"
 		score = 90
 		quality = 85
@@ -315403,8 +315991,8 @@ rule SIGNATURE_BASE_XMRIG_Monero_Miner : HIGHVOL FILE
 		date = "2018-01-04"
 		modified = "2022-11-10"
 		reference = "https://github.com/xmrig/xmrig/releases"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/pua_xmrig_monero_miner.yar#L11-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/pua_xmrig_monero_miner.yar#L11-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "532e602dfc8e44326e381d0e2a189b60bc4d4f2b310169767b2326e01606a542"
 		score = 75
 		quality = 85
@@ -315434,8 +316022,8 @@ rule SIGNATURE_BASE_XMRIG_Monero_Miner_Config : FILE
 		date = "2018-01-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/xmrig/xmrig/releases"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/pua_xmrig_monero_miner.yar#L35-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/pua_xmrig_monero_miner.yar#L35-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5df14af366cdb0a5bf6fd88b50876fd78abfe0b795cf10af8fab0d23a54f700f"
 		score = 75
 		quality = 85
@@ -315461,8 +316049,8 @@ rule SIGNATURE_BASE_PUA_LNX_XMRIG_Cryptominer : FILE
 		date = "2018-06-28"
 		modified = "2023-01-06"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/pua_xmrig_monero_miner.yar#L53-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/pua_xmrig_monero_miner.yar#L53-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "501bc5b2d38882f48d1ef972dbbd379afb89f2e7c9bf69192c7bee2e19384816"
 		score = 75
 		quality = 85
@@ -315488,8 +316076,8 @@ rule SIGNATURE_BASE_SUSP_XMRIG_String : FILE
 		date = "2018-12-28"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/pua_xmrig_monero_miner.yar#L72-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/pua_xmrig_monero_miner.yar#L72-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d2c3145c50939e7f407125f7b9312161724b7b1a6fcbf7e27d049e49e982c7e9"
 		score = 65
 		quality = 85
@@ -315511,8 +316099,8 @@ rule SIGNATURE_BASE_Dropper_Deploysmalwareviasideloading
 		date = "2024-04-17"
 		modified = "2024-04-17"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_uscert_ta17-1117a.yar#L9-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_uscert_ta17-1117a.yar#L9-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "51d8a0785bc25cf02460b9b7490ccba3d67806c953e6aa3d3882341ce11857fa"
 		score = 75
 		quality = 85
@@ -315535,8 +316123,8 @@ rule SIGNATURE_BASE_REDLEAVES_Droppedfile_Implantloader_Starburn
 		date = "2024-04-17"
 		modified = "2024-04-17"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_uscert_ta17-1117a.yar#L23-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_uscert_ta17-1117a.yar#L23-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2ebfdaf363ac80bc9bace3056ff86efd9c1b246c6f60373a82df4a0db901a6e3"
 		score = 75
 		quality = 85
@@ -315558,8 +316146,8 @@ rule SIGNATURE_BASE_REDLEAVES_Droppedfile_Obfuscatedshellcodeandrat_Handkerchief
 		date = "2024-04-17"
 		modified = "2024-04-17"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_uscert_ta17-1117a.yar#L36-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_uscert_ta17-1117a.yar#L36-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f91bd1ddd6691a0a5b6ebc6a28d35bb5b2e6c00754f07e58ffb01e06ad590ae3"
 		score = 75
 		quality = 83
@@ -315581,8 +316169,8 @@ rule SIGNATURE_BASE_REDLEAVES_Coreimplant_Uniquestrings : FILE
 		date = "2018-12-20"
 		modified = "2024-04-17"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_uscert_ta17-1117a.yar#L49-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_uscert_ta17-1117a.yar#L49-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ce6ab0f4007f3ea3c31442cab702ad3579faa6835d5ee9b4c03516ce0499bf3e"
 		score = 75
 		quality = 81
@@ -315606,8 +316194,8 @@ rule SIGNATURE_BASE_PLUGX_Redleaves
 		date = "2017-04-03"
 		modified = "2024-04-17"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_uscert_ta17-1117a.yar#L66-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_uscert_ta17-1117a.yar#L66-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0c52110eb18dcdb7a0d4b8c42f22368acdd1bce44a192abcd71a20bee2705475"
 		score = 75
 		quality = 85
@@ -315643,8 +316231,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Local_URL : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_url_persitence.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_url_persitence.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e95e5e97760d9b565184c588fdafe8408cdab61959aee5221485df53ef5f51d6"
 		score = 50
 		quality = 85
@@ -315667,12 +316255,12 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_SMB_URL : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_url_persitence.yar#L21-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_url_persitence.yar#L21-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e0bef7497fcb284edb0c65b59d511830"
 		logic_hash = "4903c8f4bb08e799f6787ad29cf7688f354f97a065bcd24c58d3ccd3778a6a15"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -315692,8 +316280,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Iconremote_Smborlocal : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ItsReallyNick/status/1176241449148588032"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_url_persitence.yar#L61-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_url_persitence.yar#L61-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8c49908c7f52ebcd512ff2dc8c40392767769130b9d39abb9d5fc9e130edb65c"
 		score = 50
 		quality = 85
@@ -315716,11 +316304,11 @@ rule SIGNATURE_BASE_Methodology_Shortcut_Hotkey : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_url_persitence.yar#L80-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_url_persitence.yar#L80-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a48f7c1125218ee89f58f1517e81150038a5d71889d847e7690b13c818b32fb5"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -315740,8 +316328,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Baseurlsyntax : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_url_persitence.yar#L99-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_url_persitence.yar#L99-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4aa29bedb5689fe16c067f5ea933e56804085712c7469b138d8b658a30a7eb67"
 		score = 50
 		quality = 85
@@ -315765,8 +316353,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Iconnotfromexeordllorico : F
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ItsReallyNick/status/1176229087196696577"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_url_persitence.yar#L161-L179"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_url_persitence.yar#L161-L179"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "957fe9f24d08033cf6e29d7e202e04bfb579577d3850a99e97da6b70924ae88e"
 		score = 50
 		quality = 85
@@ -315790,11 +316378,11 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Evasion : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DissectMalware/status/1176736510856634368"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_url_persitence.yar#L181-L198"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_url_persitence.yar#L181-L198"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c4fafae6af3ed5cc2e83e30427107d1c42cc4bc86d5c6a60e26953a11847029f"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -315814,11 +316402,11 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Lolcommand : FILE
 		date = "2019-09-27"
 		modified = "2021-02-14"
 		reference = "https://twitter.com/ItsReallyNick/status/1176601500069576704"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_url_persitence.yar#L201-L219"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_url_persitence.yar#L201-L219"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4ac9a555e61303a173443de2a189536c8ea0fc32ee73c589dd104275c7967c57"
 		score = 50
-		quality = 85
+		quality = 60
 		tags = "FILE"
 
 	strings:
@@ -315838,8 +316426,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Webdav : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176243536754282497"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_url_persitence.yar#L222-L239"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_url_persitence.yar#L222-L239"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4fec084392140245eeb25bb512f3a4631ec6be08c197ec130a907fc118161197"
 		score = 50
 		quality = 60
@@ -315862,11 +316450,11 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Scripturl : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_url_persitence.yar#L241-L259"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_url_persitence.yar#L241-L259"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ece0013dbc9836fa800f99a10ab46c1eb081e1c04fe45fe17be26ffac1d464e9"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -315886,8 +316474,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Workingdirremote_HTTP : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_url_persitence.yar#L261-L278"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_url_persitence.yar#L261-L278"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c7c23c1253bf089519dec5f141f486425c6804640d9bffac9ce4c986ce25d323"
 		score = 50
 		quality = 85
@@ -315910,8 +316498,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Workingdirremote_SMB : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_url_persitence.yar#L280-L297"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_url_persitence.yar#L280-L297"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5d9caa64ac730d34a2dcfb3368f8302849275b6ee16fe31f20978d72382b0d73"
 		score = 50
 		quality = 85
@@ -315934,8 +316522,8 @@ rule SIGNATURE_BASE_Regin_APT_Kerneldriver_Generic_A : FILE
 		date = "2014-11-23"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_regin_fiveeyes.yar#L14-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_regin_fiveeyes.yar#L14-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1cc367dff184f2b458a2b7c0c88a44095714525ca6bb115d03e6331cf1f22116"
 		score = 75
 		quality = 85
@@ -315970,8 +316558,8 @@ rule SIGNATURE_BASE_Regin_APT_Kerneldriver_Generic_B : FILE
 		date = "2014-11-23"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_regin_fiveeyes.yar#L43-L94"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_regin_fiveeyes.yar#L43-L94"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c2dee4f94f9eefb1c11f6e86144c6bfafc0845768200f5a839ffe3dd5d38294d"
 		score = 75
 		quality = 83
@@ -316025,8 +316613,8 @@ rule SIGNATURE_BASE_Regin_APT_Kerneldriver_Generic_C : FILE
 		date = "2014-11-23"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_regin_fiveeyes.yar#L96-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_regin_fiveeyes.yar#L96-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9454eb8b45a720fbe517caa2221fb0ceedf561902d94cabe513e921cc52fe035"
 		score = 75
 		quality = 85
@@ -316057,8 +316645,8 @@ rule SIGNATURE_BASE_Regin_Sig_Svcsstat : FILE
 		date = "2014-11-26"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_regin_fiveeyes.yar#L126-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_regin_fiveeyes.yar#L126-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5164edc1d54f10b7cb00a266a1b52c623ab005e2"
 		logic_hash = "2b1fdc2cc8c0aedaf749ee0e87a8853b91735a4e215c65df221a930d4b1d02f7"
 		score = 75
@@ -316086,8 +316674,8 @@ rule SIGNATURE_BASE_Regin_Sample_1 : FILE
 		date = "2014-11-25"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_regin_fiveeyes.yar#L145-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_regin_fiveeyes.yar#L145-L174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "773d7fab06807b5b1bc2d74fa80343e83593caf2"
 		logic_hash = "e8291b4a68924dccdd825ee2cc8930acb794e92e0302598872ec78eb0bf8504f"
 		score = 70
@@ -316125,8 +316713,8 @@ rule SIGNATURE_BASE_Regin_Sample_2 : FILE
 		date = "2014-11-26"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_regin_fiveeyes.yar#L176-L203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_regin_fiveeyes.yar#L176-L203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a7b285d4b896b66fce0ebfcd15db53b3a74a0400"
 		logic_hash = "a11d03d10661c1fc094450b250056196e5d8d16bd171eba9e37c7524aa2301d2"
 		score = 75
@@ -316164,8 +316752,8 @@ rule SIGNATURE_BASE_Regin_Sample_3 : FILE
 		date = "2014-11-27"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_regin_fiveeyes.yar#L205-L230"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_regin_fiveeyes.yar#L205-L230"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fe1419e9dde6d479bd7cda27edd39fafdab2668d498931931a2769b370727129"
 		logic_hash = "5a0f77f203765f7737c00c3df760ea7f3ed354559aad07f3053173ff09e1ce1a"
 		score = 75
@@ -316200,8 +316788,8 @@ rule SIGNATURE_BASE_Regin_Sample_Set_2 : FILE
 		date = "2014-11-26"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_regin_fiveeyes.yar#L232-L264"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_regin_fiveeyes.yar#L232-L264"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "26125cea704532cbc22df46af228299ae810bce60938bee7b067ed273158d76f"
 		score = 75
 		quality = 83
@@ -316244,8 +316832,8 @@ rule SIGNATURE_BASE_Regin_Sample_Set_1 : FILE
 		date = "2014-11-27"
 		modified = "2023-01-06"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_regin_fiveeyes.yar#L266-L296"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_regin_fiveeyes.yar#L266-L296"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7402f409e7dd3180d8e6fe017af19d0a1d0dd86f85279191db1bc8f6c94951ac"
 		score = 75
 		quality = 85
@@ -316284,8 +316872,8 @@ rule SIGNATURE_BASE_Apt_Regin_Legspin : FILE
 		date = "2023-01-27"
 		modified = "2024-04-24"
 		reference = "https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_regin_fiveeyes.yar#L298-L319"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_regin_fiveeyes.yar#L298-L319"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "29105f46e4d33f66fee346cfd099d1cc"
 		logic_hash = "1b026f475fdbb3c97f33895520844fa4944eb2fffc0883502a6cb79162bbd388"
 		score = 75
@@ -316316,8 +316904,8 @@ rule SIGNATURE_BASE_Apt_Regin_Hopscotch : FILE
 		date = "2023-01-27"
 		modified = "2024-04-24"
 		reference = "https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_regin_fiveeyes.yar#L321-L342"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_regin_fiveeyes.yar#L321-L342"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6c34031d7a5fc2b091b623981a8ae61c"
 		logic_hash = "33b5fa61aaa802a60f3d42d59eb474222841a8a557b06b23a9e325e922e2cec1"
 		score = 75
@@ -316347,8 +316935,8 @@ rule SIGNATURE_BASE_Regin_Related_Malware
 		date = "2015-06-03"
 		modified = "2024-04-24"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/spy_regin_fiveeyes.yar#L344-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/spy_regin_fiveeyes.yar#L344-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "76c355bfeb859a347e38da89e3d30a6ff1f94229"
 		logic_hash = "61ce7a69ab357740158e355455362a4f5fddc67ee60af120733f509e7407216f"
 		score = 70
@@ -316379,8 +316967,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Embedded_Mar21_1 : FILE
 		date = "2021-03-05"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4a8b4cea6f53dad9771cb694ec55f305f04dfdbd8e663154cad672ca414c138c"
 		score = 85
 		quality = 85
@@ -316403,8 +316991,8 @@ rule SIGNATURE_BASE_APT_WEBSHELL_HAFNIUM_Secchecker_Mar21_1 : FILE
 		date = "2021-03-05"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/markus_neis/status/1367794681237667840"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L18-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L18-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e0e4df860bdde7d5c277f596535c493d926095be6f46f6ba41b6177afbfc5cd9"
 		score = 75
 		quality = 85
@@ -316427,8 +317015,8 @@ rule SIGNATURE_BASE_APT_HAFNIUM_Forensic_Artefacts_Mar21_1
 		date = "2021-03-02"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L35-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L35-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eb86595956092506c2e29373faaf39a3987f9feed36a53b191bedd498db05cbb"
 		score = 75
 		quality = 85
@@ -316451,8 +317039,8 @@ rule SIGNATURE_BASE_APT_WEBSHELL_HAFNIUM_Chopper_Webshell : APT HAFNIUM WEBSHELL
 		date = "2021-03-05"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L50-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L50-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c185a8da2a18fa59a8eeb36dbd95ba12c9c61717efc5f2d19d2d5b27ee243f2b"
 		score = 75
 		quality = 85
@@ -316476,8 +317064,8 @@ rule SIGNATURE_BASE_APT_WEBSHELL_Tiny_Webshell : APT HAFNIUM WEBSHELL FILE
 		date = "2021-03-05"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L67-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L67-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "099c8625c58b315b6c11f5baeb859f4c"
 		logic_hash = "9309f9b57353b6fe292048d00794699a8637a3e6e429c562fb36c7e459003a3b"
 		score = 75
@@ -316501,8 +317089,8 @@ rule SIGNATURE_BASE_HKTL_PS1_Powercat_Mar21 : FILE
 		date = "2021-03-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/besimorhino/powercat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L84-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L84-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cbd5c6f7c5b4ed713482588ee4490a2326fe11cfaacfb3bfc6a6d94130a8bc83"
 		score = 75
 		quality = 85
@@ -316528,8 +317116,8 @@ rule SIGNATURE_BASE_HKTL_Nishang_PS1_Invoke_Powershelltcponeline
 		date = "2021-03-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellTcpOneLine.ps1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L105-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L105-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "59622bff95de1077d26ee4547f37cd1045c0c1fc6817df40ff2564b33a962a07"
 		score = 75
 		quality = 85
@@ -316553,8 +317141,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Simpleseesharp : WEBSHELL UNCLASSIFIED FILE
 		date = "2021-03-01"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L121-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L121-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "893cd3583b49cb706b3e55ecb2ed0757b977a21f5c72e041392d1256f31166e2"
 		logic_hash = "6f62249a68bae94e5cbdb4319ea5cde9dc071ec7a4760df3aafe78bc1e072c30"
 		score = 75
@@ -316577,8 +317165,8 @@ rule SIGNATURE_BASE_WEBSHELL_CVE_2021_27065_Webshells : CVE_2021_27065 FILE
 		date = "2021-03-05"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L182-L200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L182-L200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "71795ba67bc8a4cea06b93da34b6291029ff74b200e37eb66f6ac51a6ff194cd"
 		score = 75
 		quality = 61
@@ -316606,8 +317194,8 @@ rule SIGNATURE_BASE_APT_MAL_ASPX_HAFNIUM_Chopper_Mar21_3 : FILE
 		date = "2021-03-07"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L202-L216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L202-L216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "391b366d78c2f24dc006a5365ec232a9a3c2fe0ea514b18897701ceeffcc81ca"
 		score = 85
 		quality = 85
@@ -316629,8 +317217,8 @@ rule SIGNATURE_BASE_APT_MAL_ASPX_HAFNIUM_Chopper_Mar21_4 : FILE
 		date = "2021-03-07"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L218-L233"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L218-L233"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "933ab74a0e30e2a728444d491c9eb0ff134db05d905aeb48efe3ba65674a3730"
 		score = 85
 		quality = 79
@@ -316653,8 +317241,8 @@ rule SIGNATURE_BASE_APT_HAFNIUM_Forensicartefacts_WER_Mar21_1 : CVE_2021_26857 F
 		date = "2021-03-07"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1368471533048446976"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L235-L250"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L235-L250"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2e135cb47f9fb5ca19ee1058fa6b4f39c098d2dfbab69bc19e80412ab695f126"
 		score = 40
 		quality = 85
@@ -316676,8 +317264,8 @@ rule SIGNATURE_BASE_APT_HAFNIUM_Forensicartefacts_Cab_Recon_Mar21_1 : FILE
 		date = "2021-03-11"
 		modified = "2023-12-05"
 		reference = "https://discuss.elastic.co/t/detection-and-response-for-hafnium-activity/266289/3?u=dstepanic"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L252-L273"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L252-L273"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "de3acb2d01ad14d73263af9e62ef7c715cde259e3f2fbbcbbb41d55589c3f0ab"
 		score = 70
 		quality = 85
@@ -316701,8 +317289,8 @@ rule SIGNATURE_BASE_WEBSHELL_Compiled_Webshell_Mar2021_1 : FILE
 		date = "2021-03-05"
 		modified = "2021-03-12"
 		reference = "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Vorfaelle/Exchange-Schwachstellen-2021/MSExchange_Schwachstelle_Detektion_Reaktion.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L275-L295"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L275-L295"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d2e5f91f7bb50984c491eb9632d3863febc986760e4d03c8255872887ce4dc4a"
 		score = 75
 		quality = 56
@@ -316731,8 +317319,8 @@ rule SIGNATURE_BASE_APT_MAL_ASP_DLL_HAFNIUM_Mar21_1 : FILE
 		date = "2021-03-05"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L297-L325"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L297-L325"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a4a3f9c7029e67647823a13079655b24648f5e4a7e238439b7a933b19477c20c"
 		score = 65
 		quality = 85
@@ -316765,8 +317353,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Fileexplorer_Mar21_1 : FILE
 		date = "2021-03-31"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L363-L397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L363-L397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7b4ffd222b38e76455fff2650b72bdcaff281323103f342b427013cd3fffdc21"
 		score = 80
 		quality = 85
@@ -316806,8 +317394,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Chopper_Like_Mar21_1 : FILE
 		date = "2021-03-31"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hafnium.yar#L399-L416"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hafnium.yar#L399-L416"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "baa9eb1e3c4ac5ce49d27b1c3f75c8b6590567e25d98761a8b704478f2cee970"
 		score = 85
 		quality = 85
@@ -316833,8 +317421,8 @@ rule SIGNATURE_BASE_Silence_Malware_1 : FILE
 		date = "2017-11-01"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/the-silence/83009/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_silence.yar#L13-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_silence.yar#L13-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b88795268c080fe19f7e185d1542b520616fe6c00bae23a99981aa1ee8abacb3"
 		score = 75
 		quality = 85
@@ -316865,8 +317453,8 @@ rule SIGNATURE_BASE_Silence_Malware_2 : FILE
 		date = "2017-11-01"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/the-silence/83009/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_silence.yar#L40-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_silence.yar#L40-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8cb6320eac984b7a332c1c84582a7ca7e90d409e518106c4e7655948f6863889"
 		score = 75
 		quality = 85
@@ -316896,11 +317484,11 @@ rule SIGNATURE_BASE_SUSP_ENV_Folder_Root_File_Jan23_1 : SCRIPT FILE
 		date = "2023-01-11"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_indicators.yar#L3-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_indicators.yar#L3-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5355ae567e6255e22f566bae9fe50f4995bafba07c261461d37d5b8ba200d33a"
 		score = 70
-		quality = 58
+		quality = 83
 		tags = "SCRIPT, FILE"
 
 	strings:
@@ -316922,8 +317510,8 @@ rule SIGNATURE_BASE_ATM_Malware_XFSADM_1 : FILE
 		date = "2019-06-21"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/r3c0nst/status/1149043362244308992"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_atm_xfsadm.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_atm_xfsadm.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f2c1761407c5e499be43e546badd27428821f828a470fd3e3dcddd08db04aaa5"
 		score = 75
 		quality = 85
@@ -316955,8 +317543,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Kobalos : FILE
 		date = "2020-11-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lnx_kobalos.yar#L32-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lnx_kobalos.yar#L32-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "48aec47b70633d4c8cb55d90a2e168f3c2027ef27cfe1cd5d30dcdc08a2ff717"
 		score = 75
 		quality = 85
@@ -316987,8 +317575,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Kobalos_SSH_Credential_Stealer : FILE
 		date = "2020-11-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lnx_kobalos.yar#L59-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lnx_kobalos.yar#L59-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fdabaea0c838e43b8716bcd102bdeebf2f08fc041b0b909333e3d9d6f94391fc"
 		score = 75
 		quality = 85
@@ -317012,8 +317600,8 @@ rule SIGNATURE_BASE_MAL_Neshta_Generic : HIGHVOL FILE
 		date = "2018-01-15"
 		modified = "2021-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_netsha.yar#L3-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_netsha.yar#L3-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "acac6f81900c60a0aacea6345a7c03a0b77dd86d5ca7ca3d102668c49595bb6b"
 		score = 75
 		quality = 85
@@ -317046,8 +317634,8 @@ rule SIGNATURE_BASE_HKTL_Buckeye_Osinfo : FILE
 		date = "2016-09-05"
 		modified = "2025-03-19"
 		reference = "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_buckeye.yar#L10-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_buckeye.yar#L10-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "782ae4293db0839190a9533d2c45baff92527867bfcd048ccae82611f165601b"
 		score = 70
 		quality = 85
@@ -317075,8 +317663,8 @@ rule SIGNATURE_BASE_HKTL_Remotecmd : FILE
 		date = "2016-09-08"
 		modified = "2022-12-21"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_buckeye.yar#L31-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_buckeye.yar#L31-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "873cc02674e386577e86cb9b702265c25dd24b1f203741e8628e30c191dc99e0"
 		score = 70
 		quality = 85
@@ -317104,8 +317692,8 @@ rule SIGNATURE_BASE_HKTL_Chromepass : FILE
 		date = "2016-09-08"
 		modified = "2025-03-10"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_buckeye.yar#L53-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_buckeye.yar#L53-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bda90d2718be5cf9ddb95b88171c937c5fad5729aa1717a13a34a8b48dd1865c"
 		score = 75
 		quality = 85
@@ -317136,8 +317724,8 @@ rule SIGNATURE_BASE_Waterbear_1_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbear.yar#L11-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbear.yar#L11-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f1d5bd0c9f85dd90217bdbd7e44100bcfbf77839f83416ad17121713c189b9fd"
 		score = 75
 		quality = 85
@@ -317161,8 +317749,8 @@ rule SIGNATURE_BASE_Waterbear_2_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbear.yar#L27-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbear.yar#L27-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ec0b8d7313f925adafb7f03c8b7fd12c0176b75c74c642eeee900e911e0662a7"
 		score = 75
 		quality = 85
@@ -317188,8 +317776,8 @@ rule SIGNATURE_BASE_Waterbear_4_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbear.yar#L45-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbear.yar#L45-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "46c43dbdcbc183995a8cd00c9888afcdd3adb9f3caf38ed42a0af1e7df39715f"
 		score = 75
 		quality = 85
@@ -317221,8 +317809,8 @@ rule SIGNATURE_BASE_Waterbear_5_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbear.yar#L70-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbear.yar#L70-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a1572db08242fffadedbfb89f3652b2eb93c910f3b61f9db0622bc18d069827c"
 		score = 75
 		quality = 85
@@ -317250,8 +317838,8 @@ rule SIGNATURE_BASE_Waterbear_6_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbear.yar#L92-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbear.yar#L92-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "af5c2a29e0a62c54e706492ae85b9786a6d9e5f42fe4d9c43693576e1a63b825"
 		score = 75
 		quality = 85
@@ -317275,8 +317863,8 @@ rule SIGNATURE_BASE_Waterbear_7_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbear.yar#L108-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbear.yar#L108-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6a760abca78e799b194864ad56457ccb0b05123307da6bfcad0c66da47f485a1"
 		score = 75
 		quality = 85
@@ -317303,8 +317891,8 @@ rule SIGNATURE_BASE_Waterbear_8_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbear.yar#L127-L145"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbear.yar#L127-L145"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3b1dfe486ea141342f253963ce6cc1e73d063ce880cf2fcee1aaa6aa6e919349"
 		score = 75
 		quality = 85
@@ -317331,8 +317919,8 @@ rule SIGNATURE_BASE_Waterbear_9_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbear.yar#L147-L166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbear.yar#L147-L166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b54f3032b31c5a48e879e49bd97adf3222db46a7789afc4ea2f5eca32536a2e4"
 		score = 75
 		quality = 85
@@ -317359,8 +317947,8 @@ rule SIGNATURE_BASE_Waterbear_10_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbear.yar#L168-L182"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbear.yar#L168-L182"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1e71a317f782b73c876f0cb5fee25b69d8f1c45c20c58e4f204b7aeb7484cf14"
 		score = 75
 		quality = 85
@@ -317384,8 +317972,8 @@ rule SIGNATURE_BASE_Waterbear_11_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbear.yar#L185-L201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbear.yar#L185-L201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ea61c348847614ad2872bfd385f433c5a30c7f6b5f5a2f135a7d83c553157ccd"
 		score = 75
 		quality = 85
@@ -317411,8 +317999,8 @@ rule SIGNATURE_BASE_Waterbear_12_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbear.yar#L203-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbear.yar#L203-L217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "343e6f36190372cd5599a84834edc3935d27a1e01aeab53c5765598b5b4071fe"
 		score = 75
 		quality = 85
@@ -317436,8 +318024,8 @@ rule SIGNATURE_BASE_Waterbear_13_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbear.yar#L219-L243"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbear.yar#L219-L243"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b34c3d643309b8bbaa122a753e7f58dd9340cfa33962dbab1454c8080afd1664"
 		score = 75
 		quality = 85
@@ -317471,8 +318059,8 @@ rule SIGNATURE_BASE_Waterbear_14_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_waterbear.yar#L245-L261"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_waterbear.yar#L245-L261"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9ebe46590556e8eba2eef1c007549f6141c917bab97d46a0d58eca56257e24e2"
 		score = 75
 		quality = 85
@@ -317498,8 +318086,8 @@ rule SIGNATURE_BASE_APT_MAL_HP_Ilo_Firmware_Dec21_1 : FILE
 		date = "2021-12-28"
 		modified = "2023-12-05"
 		reference = "https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_mal_ilo_board_elf.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_mal_ilo_board_elf.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7e959d07d864a485b8cc7765f9e12869ff34747ab552e26244eb28f510d1051f"
 		score = 80
 		quality = 85
@@ -317523,8 +318111,8 @@ rule SIGNATURE_BASE_Scanbox_Malware_Generic
 		date = "2015-02-28"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/WXUQcP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_scanbox_deeppanda.yar#L2-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_scanbox_deeppanda.yar#L2-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5f521d3f000fb39e5e3b08657e75219e93fb3bb8ffbbdbd70f471928a56bef27"
 		score = 75
 		quality = 85
@@ -317557,8 +318145,8 @@ rule SIGNATURE_BASE_Apt_Win32_Dll_Rat_1A53B0Cp32E46G0Qio7 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_inocnation.yar#L1-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_inocnation.yar#L1-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "824997d8c8845838420f226b60de544f33a50327fa67aea472de6eaf1b6b4492"
 		score = 75
 		quality = 85
@@ -317590,8 +318178,8 @@ rule SIGNATURE_BASE_Oilrig_Strings_Oct17 : FILE
 		date = "2017-10-18"
 		modified = "2022-12-21"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-documents-new-injector-trojan/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig_oct17.yar#L11-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig_oct17.yar#L11-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3987fa1ccb215edeb0d36c947fd6d7a24847ea854d3f355d1aef4b000f55e710"
 		score = 75
 		quality = 85
@@ -317617,8 +318205,8 @@ rule SIGNATURE_BASE_Oilrig_Ismagent_Campaign_Samples1 : FILE
 		date = "2017-10-18"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JQVfFP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig_oct17.yar#L42-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig_oct17.yar#L42-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d7e659440e3abc7355f2e21ea8f63cfb7b17b5715e4575bdccf9d646ed47db20"
 		score = 75
 		quality = 85
@@ -317647,8 +318235,8 @@ rule SIGNATURE_BASE_Oilrig_Ismagent_Campaign_Samples2 : FILE
 		date = "2017-10-18"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JQVfFP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig_oct17.yar#L63-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig_oct17.yar#L63-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ad00c7293f61f1b5528c3eea0dc32c10d40aeacc194be84a7f64d19b069f1add"
 		score = 75
 		quality = 85
@@ -317677,8 +318265,8 @@ rule SIGNATURE_BASE_Oilrig_Ismagent_Campaign_Samples3 : FILE
 		date = "2017-10-18"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JQVfFP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig_oct17.yar#L84-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig_oct17.yar#L84-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a4984cf33e7b0e0dae264ed11caae6cfab9db2a6047a46ec41c28b5637b4589b"
 		score = 75
 		quality = 81
@@ -317715,8 +318303,8 @@ rule SIGNATURE_BASE_Shellcode_Apihashing_FIN8_1
 		date = "2021-03-16"
 		modified = "2023-12-05"
 		reference = "https://www.bitdefender.com/files/News/CaseStudies/study/394/Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en-EN.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin8.yar#L1-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin8.yar#L1-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5d47119a588aa69b3e241618d6dbb9df6117a6751bbff39a1f95340bc26611a7"
 		score = 75
 		quality = 85
@@ -317741,8 +318329,8 @@ rule SIGNATURE_BASE_PUP_Installrex_Antifwb : FILE
 		date = "2015-05-13"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_antifw_installrex.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_antifw_installrex.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bb5607cd2ee51f039f60e32cf7edc4e21a2d95cd"
 		logic_hash = "04f25497ee9a9af20179b81679d993315d6bb3d7bf7d8e9cbb01374395019610"
 		score = 55
@@ -317769,8 +318357,8 @@ rule SIGNATURE_BASE_MAL_Katz_Stealer_May25 : FILE
 		date = "2025-05-16"
 		modified = "2025-05-22"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_katz_stealer.yar#L1-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_katz_stealer.yar#L1-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fdc86a5b3d7df37a72c3272836f743747c47bfbc538f05af9ecf78547fa2e789"
 		hash = "d92bb6e47cb0a0bdbb51403528ccfe643a9329476af53b5a729f04a4d2139647"
 		logic_hash = "73364c2291dc792f46858dda057f08805db55fe1f1e54d6b0dee0a0c8a412259"
@@ -317798,8 +318386,8 @@ rule SIGNATURE_BASE_MAL_DLL_Chrome_App_Bound_Encryption_Decryption_May25 : FILE
 		date = "2025-05-19"
 		modified = "2025-05-22"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_katz_stealer.yar#L23-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_katz_stealer.yar#L23-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6dc8e99da68b703e86fa90a8794add87614f254f804a8d5d65927e0676107a9d"
 		logic_hash = "d5488728a3ee8f2f59ed9798b80d516f7f131e39b3d5099ad5168ffc8ff22718"
 		score = 80
@@ -317824,8 +318412,8 @@ rule SIGNATURE_BASE_SUSP_Katz_Log_May25 : FILE
 		date = "2025-05-20"
 		modified = "2025-05-22"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_katz_stealer.yar#L43-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_katz_stealer.yar#L43-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1ac196ac6393d786618c944a7ab77fb189a6b4ba00af5c0f987c3dc65876c060"
 		hash = "ad76e2727469525dec7e56977589dd250ca57a29b8b0d42cd5c42e536c285241"
 		hash = "e1a0d6929662bcbc9e5e0827cb8b6d7818088e996cf971d2a4a1c1ca4208e533"
@@ -317854,8 +318442,8 @@ rule SIGNATURE_BASE_MAL_NET_Katz_Stealer_Loader_May25
 		date = "2025-05-21"
 		modified = "2025-05-22"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_katz_stealer.yar#L65-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_katz_stealer.yar#L65-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0df13fd42fb4a4374981474ea87895a3830eddcc7f3bd494e76acd604c4004f7"
 		logic_hash = "1922520d8c34660a0afff2f552ef0d1c6ec093fb10a00816e0216f574b686221"
 		score = 80
@@ -317883,8 +318471,8 @@ rule SIGNATURE_BASE_MAL_NET_UAC_Bypass_May25 : FILE
 		date = "2025-05-21"
 		modified = "2025-05-22"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_katz_stealer.yar#L86-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_katz_stealer.yar#L86-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4f12c5dca2099492d0c0cd22edef841cbe8360af9be2d8e9b57c2f83d401c1a7"
 		hash = "fcad234dc2ad5e2d8215bcf6caac29aef62666c34564e723fa6d2eee8b6468ed"
 		logic_hash = "4a3f6e90af6f9a8a4dfa8e336eb8c714e5f02625ca2bf5bf8b1bca9cbda6a99e"
@@ -317909,8 +318497,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_COVID19_Apr20_1 : FILE
 		date = "2020-04-15"
 		modified = "2023-12-05"
 		reference = "https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_covid_ransom.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_covid_ransom.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9b32ce1dff9d27c5f7541de97cd1198b0d837a69ee260b327c66a22ca6f30091"
 		score = 75
 		quality = 85
@@ -317935,8 +318523,8 @@ rule SIGNATURE_BASE_MAL_CRIME_Suspicious_Hex_String_Jun21_1 : CRIME PE FILE
 		date = "2021-06-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_crime_unknown.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_crime_unknown.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "73144b14f3aa1a1d82df7710fa47049426bfbddeef75e85c8a0a559ad6ed05a3"
 		score = 65
 		quality = 85
@@ -317962,8 +318550,8 @@ rule SIGNATURE_BASE_MAL_CRIME_Unknown_LNK_Jun21_1 : LNK POWERSHELL FILE
 		date = "2021-06-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_crime_unknown.yar#L18-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_crime_unknown.yar#L18-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "460e764cbd9fbfa1a2156059d0042a0bea5a939d501050a733a789d236015d37"
 		score = 75
 		quality = 85
@@ -317989,8 +318577,8 @@ rule SIGNATURE_BASE_MAL_CRIME_Unknown_ISO_Jun21_1 : ISO POWERSHELL LNK FILE
 		date = "2021-06-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_crime_unknown.yar#L35-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_crime_unknown.yar#L35-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "49b61f498d3f4ee249d9687277e581a39e08ebb4e1a293170058fb5f770bde1f"
 		score = 75
 		quality = 85
@@ -318016,8 +318604,8 @@ rule SIGNATURE_BASE_ATM_Malware_Xfscashncr_1 : FILE
 		date = "2019-08-28"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/r3c0nst/status/1166773324548063232"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_atm_xfscashncr.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_atm_xfscashncr.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "014d07115543c6e041649a1c57206a75fd555bf0458c7578a33c81b473c72751"
 		score = 75
 		quality = 85
@@ -318046,8 +318634,8 @@ rule SIGNATURE_BASE_Apt_Sofacy_Xtunnel : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_xtunnel_bundestag.yar#L3-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_xtunnel_bundestag.yar#L3-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2478d9d8996bf4a142e39eac0e2d6af718d364be080a89530812615595777efd"
 		score = 75
 		quality = 85
@@ -318083,8 +318671,8 @@ rule SIGNATURE_BASE_Winexe_Remoteexec : FILE
 		date = "2015-06-19"
 		modified = "2021-02-11"
 		reference = "http://dokumente.linksfraktion.de/inhalt/report-orig.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_xtunnel_bundestag.yar#L26-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_xtunnel_bundestag.yar#L26-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9e944f07b43b934346c0e88685014c05ff81561ac2f7c3374b55b9c4523b98c1"
 		score = 70
 		quality = 85
@@ -318111,8 +318699,8 @@ rule SIGNATURE_BASE_Sofacy_Mal2 : FILE
 		date = "2015-06-19"
 		modified = "2023-12-05"
 		reference = "http://dokumente.linksfraktion.de/inhalt/report-orig.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_xtunnel_bundestag.yar#L50-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_xtunnel_bundestag.yar#L50-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092"
 		logic_hash = "c325ed815b7de3338363d064f4097edf0596644d4ef8d642fda3664a2a16c2eb"
 		score = 70
@@ -318137,8 +318725,8 @@ rule SIGNATURE_BASE_Sofacy_Mal3 : FILE
 		date = "2015-06-19"
 		modified = "2023-01-06"
 		reference = "http://dokumente.linksfraktion.de/inhalt/report-orig.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_xtunnel_bundestag.yar#L69-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_xtunnel_bundestag.yar#L69-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5f6b2a0d1d966fc4f1ed292b46240767f4acb06c13512b0061b434ae2a692fa1"
 		logic_hash = "80c433cf5b3d042e46b5441a1b027c5ecf571f30571064904a33e92677633e66"
 		score = 70
@@ -318172,8 +318760,8 @@ rule SIGNATURE_BASE_Sofacy_Bundestag_Batch : FILE
 		date = "2015-06-19"
 		modified = "2023-12-05"
 		reference = "http://dokumente.linksfraktion.de/inhalt/report-orig.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_xtunnel_bundestag.yar#L101-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_xtunnel_bundestag.yar#L101-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "05d6df161042a65f9eeec4be4046001a03fa61747a9ea123f13e6e75d6664ac7"
 		score = 70
 		quality = 85
@@ -318197,8 +318785,8 @@ rule SIGNATURE_BASE_COZY_FANCY_BEAR_Hunt : FILE
 		date = "2016-06-14"
 		modified = "2023-12-05"
 		reference = "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fancybear_dnc.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fancybear_dnc.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9009f181eeecce0ae322ba24335426399cf4484dfc9b7ea6905fb163b4bf0a25"
 		score = 75
 		quality = 85
@@ -318226,8 +318814,8 @@ rule SIGNATURE_BASE_COZY_FANCY_BEAR_Pagemgr_Hunt : FILE
 		date = "2016-06-14"
 		modified = "2023-12-05"
 		reference = "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fancybear_dnc.yar#L30-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fancybear_dnc.yar#L30-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c6055b7cd04b994c80395276e83bec664b7dd32f8093411bfde0850cca39e9f7"
 		score = 75
 		quality = 85
@@ -318249,8 +318837,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_INC_Aug24 : FILE
 		date = "2024-08-08"
 		modified = "2024-12-12"
 		reference = "https://twitter.com/rivitna2/status/1701739812733014313"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_inc_ransomware.yar#L1-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_inc_ransomware.yar#L1-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "335b92027c551d074015b830d137cf2fdee81d792cd7360f2499c83cc895fbbb"
 		score = 80
 		quality = 85
@@ -318282,8 +318870,8 @@ rule SIGNATURE_BASE_Sofacy_Oct17_1 : FILE
 		date = "2017-10-23"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_oct17_camp.yar#L13-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_oct17_camp.yar#L13-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c3620d0b347e6cc54af9e046f6b3b6515bfa23dd11225ce2720e09838708a42e"
 		score = 75
 		quality = 85
@@ -318319,8 +318907,8 @@ rule SIGNATURE_BASE_Sofacy_Oct17_2 : FILE
 		date = "2017-10-23"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_oct17_camp.yar#L49-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_oct17_camp.yar#L49-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c2736cf9efbb022590f4c23986531e645ac412a5b98a950b143f2d75a33e8063"
 		score = 75
 		quality = 85
@@ -318347,8 +318935,8 @@ rule SIGNATURE_BASE_MAL_RTF_Embedded_OLE_PE : FILE
 		date = "2018-01-22"
 		modified = "2023-11-25"
 		reference = "https://www.nextron-systems.com/2018/01/22/creating-yara-rules-detect-embedded-exe-files-ole-objects/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_strings_in_ole.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_strings_in_ole.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "054abb34ae84e02469d726809a6d8aa582ebad65dd8385de7800d3f5db7ee31c"
 		score = 65
 		quality = 85
@@ -318375,8 +318963,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Auct_Dez16_Strings : FILE
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L11-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L11-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c632d90c5b26b840b267647faf453f85496b78c900910ad22896698c553c949"
 		score = 60
 		quality = 60
@@ -318443,8 +319031,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Violetspirit
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L73-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L73-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "01a45feb5c9f9cfe8834306993c53b1e53d79b89b07106ffec0c81cdebb8b71c"
 		score = 75
 		quality = 85
@@ -318467,8 +319055,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gr_Gr
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L88-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L88-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "facce45a335d7ca799d68fc26ee2bf5682cec0914502482189cd6aa496cba489"
 		score = 75
 		quality = 85
@@ -318491,8 +319079,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Yellowspirit
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L103-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L103-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "698b23cc4cc6f319ddef7a93cf7ddc83ffae1d2c2b0a9545011b51e381f8cd0c"
 		score = 75
 		quality = 85
@@ -318516,8 +319104,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Eleganteagle_Opscript_1_0_0
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L119-L132"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L119-L132"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3df5ba1a497ffe5306ed7966f25f69c30a5191e935c5638869a62b3cb2324f70"
 		score = 75
 		quality = 85
@@ -318540,8 +319128,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Opscript
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L134-L147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L134-L147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "23dd6d537a8639bd84ede141cca577dc91328bd293f96f865c7dedd9ef693ee3"
 		score = 75
 		quality = 85
@@ -318564,8 +319152,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Shentysdelight
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L149-L162"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L149-L162"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1acfb6aea7e208b7fd52325258219c162482deb4fa7ee87ddc4de0774e3e74f4"
 		score = 75
 		quality = 85
@@ -318588,8 +319176,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Epichero
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L164-L178"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L164-L178"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "36dc38f2dd630f22b87e8d9130de7d40ee3cdba45597b2b667a1a9536d990aad"
 		score = 75
 		quality = 85
@@ -318613,8 +319201,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L180-L193"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L180-L193"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8135c07b8c217e81f7618d58c9c3da6585cdb9b8f7afab85bb6556c5b846ba64"
 		score = 75
 		quality = 85
@@ -318637,8 +319225,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Dubmoat
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L195-L209"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L195-L209"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "368c0a6a1db0003e3a2e4ec5e42a5b5563ea1c2cb89db1751226891e1f7181d8"
 		score = 75
 		quality = 85
@@ -318662,8 +319250,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Strifeworld
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L211-L225"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L211-L225"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2b113b042fd62109ee3ee39515fbd22f3898abf320d75f1288ea88e40b3444c0"
 		score = 75
 		quality = 85
@@ -318687,8 +319275,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Pork
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L227-L242"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L227-L242"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c3f9f90f83f3672b101e52f36012c485c29840cf0b2ced00087fb27725fd1545"
 		score = 75
 		quality = 85
@@ -318713,8 +319301,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Ebbisland
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L244-L258"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L244-L258"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0a45ea3cd6aeea9299ef67ae82c9f4bf929a961695e7cce344aa1737fa4c07b0"
 		score = 75
 		quality = 85
@@ -318738,8 +319326,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Stoicsurgeon
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L260-L273"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L260-L273"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "322599ba7d5536b7f0856980a6caab86de66c02da75bf55e97bf129d08c43031"
 		score = 75
 		quality = 85
@@ -318762,8 +319350,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Elgingamble
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L275-L288"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L275-L288"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2f4dd668c59244e92ebfe0e2fc2859b2376cf1dd6fc6522e8f452787aa96365f"
 		score = 75
 		quality = 85
@@ -318786,8 +319374,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_README_Cup
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L290-L304"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L290-L304"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bd05a23ce29be88c1a459358c984e1317cf56d21e5b378624af644fb2b41931d"
 		score = 75
 		quality = 85
@@ -318811,8 +319399,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Nopen_Oneshot
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L306-L319"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L306-L319"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "19aa32aafaaccc6697bbaff642d996554eccf2261d23071cfb8599ea0eea628b"
 		score = 75
 		quality = 85
@@ -318835,8 +319423,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Earlyshovel
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L321-L334"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L321-L334"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "396810b439ac53f393ad37a8acbd7236f8325730c75c1a6339e4c6343ecade7a"
 		score = 75
 		quality = 85
@@ -318859,8 +319447,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Envisioncollision
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L336-L352"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L336-L352"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "36b2a20ef3a6540a686d7f52c8c885842fd84ba7c7daa74c21e241e25826030e"
 		score = 75
 		quality = 85
@@ -318886,8 +319474,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gen_Readme1
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L356-L372"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L356-L372"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "171d3df191e5c9ae4a4afc3a878cc25548238046b8c4c52dbb9ca4431aae45b0"
 		score = 75
 		quality = 85
@@ -318913,8 +319501,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gen_Readme2
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L374-L389"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L374-L389"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eb68c415d64d1db3d4bb0f4ad994bd050cb2287e4dc7b3ac57549f818a7914d8"
 		score = 75
 		quality = 85
@@ -318939,8 +319527,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gen_Readme3
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L391-L411"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L391-L411"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "968ec80f26750ac734ad9e296b5afb35867f6c53de1e88f7c8af78daeac24b61"
 		score = 75
 		quality = 85
@@ -318970,8 +319558,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gen_Readme4
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fvey_shadowbroker_dec16.yar#L413-L429"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fvey_shadowbroker_dec16.yar#L413-L429"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c19c77d7e7e26e01a9a50fd67cc0a7fd05069def878bf18726c3e115df307cb2"
 		score = 75
 		quality = 85
@@ -318997,8 +319585,8 @@ rule SIGNATURE_BASE_HKTL_NFS_Fuse_NFS
 		date = "2024-10-22"
 		modified = "2025-03-20"
 		reference = "https://github.com/hvs-consulting/nfs-security-tooling"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/hktl_HvS_nfs_security_tooling.yar#L1-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/hktl_HvS_nfs_security_tooling.yar#L1-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0bd3714b865d77660404e5f3ed1e9c7b55aadc6f58d16761111be57597784686"
 		score = 75
 		quality = 85
@@ -319027,8 +319615,8 @@ rule SIGNATURE_BASE_HKTL_NFS_NFS_Analyze
 		date = "2024-10-22"
 		modified = "2025-03-20"
 		reference = "https://github.com/hvs-consulting/nfs-security-tooling"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/hktl_HvS_nfs_security_tooling.yar#L26-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/hktl_HvS_nfs_security_tooling.yar#L26-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "83a9e5b5b404bf28b0334611fe4f38227212783cecea3c9996d23cb00cad42ed"
 		score = 75
 		quality = 85
@@ -319061,8 +319649,8 @@ rule SIGNATURE_BASE_FIN7_Dropper_Aug17 : FILE
 		date = "2017-08-04"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7_backdoor.yar#L12-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7_backdoor.yar#L12-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "610b7288e08d36858de88abac3a86dcb6ebba1c019e17fb716f5c26aa964903b"
 		score = 75
 		quality = 60
@@ -319091,8 +319679,8 @@ rule SIGNATURE_BASE_FIN7_Backdoor_Aug17 : FILE
 		date = "2017-08-04"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fin7_backdoor.yar#L34-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fin7_backdoor.yar#L34-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "76818317c543c1464898463741ddaf8c6368d0f5004c088a323c4323db49060c"
 		score = 75
 		quality = 85
@@ -319131,8 +319719,8 @@ rule SIGNATURE_BASE_Aptgroupx_Plugxtrojanloader_Stringdecode
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://t.co/4xQ8G2mNap"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_plugx.yar#L2-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_plugx.yar#L2-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e5ab15b035bb0169864e687e5c26732dd5b8f5f184473a33e685f53699ce4acc"
 		score = 80
 		quality = 85
@@ -319176,8 +319764,8 @@ rule SIGNATURE_BASE_Powershell_Suite_Hacktools_Gen_Strings : FILE
 		date = "2017-12-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/FuzzySecurity/PowerShell-Suite"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_suite.yar#L2-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_suite.yar#L2-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0f14a0665c60e85c0cf508f46130b09e467a16270fcd1aa8d0319e17778d4d75"
 		score = 75
 		quality = 83
@@ -319231,8 +319819,8 @@ rule SIGNATURE_BASE_Powershell_Suite_Eidolon : FILE
 		date = "2017-12-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/FuzzySecurity/PowerShell-Suite"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_suite.yar#L48-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_suite.yar#L48-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "587a9a8569801e2aa96a6f171705fdc1db5632734b54e5a9eb8282502e1efc63"
 		score = 75
 		quality = 85
@@ -319258,8 +319846,8 @@ rule SIGNATURE_BASE_WEBSHELL_Z_Webshell_2 : FILE
 		modified = "2023-12-05"
 		old_rule_name = "z_webshell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta18_074A.yar#L9-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta18_074A.yar#L9-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2c9095c965a55efc46e16b86f9b7d6c6"
 		logic_hash = "d41aa107e54af5d45531a46d24b24f9f14635dbcb50ed26f7c787883854f961f"
 		score = 75
@@ -319282,8 +319870,8 @@ rule SIGNATURE_BASE_TA18_074A_Screen : FILE
 		date = "2018-03-16"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA18-074A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta18_074A.yar#L34-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta18_074A.yar#L34-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e96f70e3d9c7ff5812724111788365c47e2b478a35b39771c12a3d3636a6a020"
 		score = 75
 		quality = 85
@@ -319310,8 +319898,8 @@ rule SIGNATURE_BASE_TA18_074A_Scripts : FILE
 		date = "2018-03-16"
 		modified = "2022-08-18"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA18-074A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta18_074A.yar#L53-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta18_074A.yar#L53-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "888ddd59b388033604474fc008f830159a9a104683fb052e7497b83118cbb8aa"
 		score = 75
 		quality = 85
@@ -319334,8 +319922,8 @@ rule SIGNATURE_BASE_Git_CVE_2017_9800_Poc : CVE_2017_9800 FILE
 		date = "2017-08-11"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/mzbat/status/895811803325898753"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2017_9800.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2017_9800.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1cfd0c5cb255d3ca63917c41c092df70d68b04f5d210a66abd5e35e509ff4beb"
 		score = 60
 		quality = 85
@@ -319359,8 +319947,8 @@ rule SIGNATURE_BASE_APT6_Malware_Sample_Gen : FILE
 		date = "2016-04-09"
 		modified = "2023-01-06"
 		reference = "https://otx.alienvault.com/pulse/56c4d1664637f26ad04e5b73/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt6_malware.yar#L8-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt6_malware.yar#L8-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "614a6673579630fc254d3c546161647e619df5a03ee6f21434d6cc50be1ed187"
 		score = 80
 		quality = 83
@@ -319406,8 +319994,8 @@ rule SIGNATURE_BASE_VULN_LNX_OMI_RCE_CVE_2021_386471_Sep21 : CVE_2021_38647 FILE
 		date = "2021-09-16"
 		modified = "2023-12-05"
 		reference = "https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vul_cve_2021_386471_omi.yar#L1-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vul_cve_2021_386471_omi.yar#L1-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "99fddcf763f41a08a8ef8240d544ef67b840a1b5ae709bd7efbcbcad8268e8a5"
 		score = 50
 		quality = 85
@@ -319447,8 +320035,8 @@ rule SIGNATURE_BASE_Line_Dancer
 		date = "2024-04-24"
 		modified = "2024-04-29"
 		reference = "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-dancer.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cisco_asa_line_dancer_apr24.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cisco_asa_line_dancer_apr24.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "179e58274a792bc4a16787d251f5ad25de1271084323e62e153fa6d461e3c07e"
 		score = 75
 		quality = 85
@@ -319471,8 +320059,8 @@ rule SIGNATURE_BASE_APT_UNC4841_ESG_Barracuda_CVE_2023_2868_Forensic_Artifacts_J
 		date = "2023-06-15"
 		modified = "2023-06-16"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_barracuda_esg_unc4841_jun23.yar#L2-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_barracuda_esg_unc4841_jun23.yar#L2-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa7cac1e0f6cb6fa3ac271c1fff0039ff182b6859920b4eca25541457654acde"
 		score = 75
 		quality = 85
@@ -319504,8 +320092,8 @@ rule SIGNATURE_BASE_APT_MAL_UNC4841_SEASPY_Jun23_1 : CVE_2023_2868 FILE
 		date = "2023-06-16"
 		modified = "2023-12-05"
 		reference = "https://blog.talosintelligence.com/alchimist-offensive-framework/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_barracuda_esg_unc4841_jun23.yar#L30-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_barracuda_esg_unc4841_jun23.yar#L30-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c1dcb841fb872f0d5e661bfd90fca3075f5efc95b1f9dfff72fa318ed131e9d1"
 		score = 85
 		quality = 85
@@ -319535,8 +320123,8 @@ rule SIGNATURE_BASE_APT_MAL_UNC4841_SEASPY_LUA_Jun23_1 : FILE
 		date = "2023-06-16"
 		modified = "2023-12-05"
 		reference = "https://blog.talosintelligence.com/alchimist-offensive-framework/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_barracuda_esg_unc4841_jun23.yar#L57-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_barracuda_esg_unc4841_jun23.yar#L57-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f78823a4ba9e025ba4833a2d5234c7baba33c1167c0247f13b8b2baa430aa4e5"
 		score = 90
 		quality = 85
@@ -319561,8 +320149,8 @@ rule SIGNATURE_BASE_APT_HKTL_Proxy_Tool_Jun23_1 : FILE
 		date = "2023-06-16"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_barracuda_esg_unc4841_jun23.yar#L76-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_barracuda_esg_unc4841_jun23.yar#L76-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7e2152e1aa74e1842519e2eecd2acd3ef8eb8d517f3c0ef9f05c983616f223c3"
 		score = 75
 		quality = 85
@@ -319587,8 +320175,8 @@ rule SIGNATURE_BASE_SUSP_Fscan_Port_Scanner_Output_Jun23 : SCRIPT FILE
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_barracuda_esg_unc4841_jun23.yar#L103-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_barracuda_esg_unc4841_jun23.yar#L103-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "49b5055c96d7b7446ee5ae8667a5aa3645f0f98d8b5f2bffcd6ef3b20bc64e05"
 		score = 70
 		quality = 85
@@ -319611,8 +320199,8 @@ rule SIGNATURE_BASE_SUSP_PY_Shell_Spawn_Jun23_1 : SCRIPT
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_barracuda_esg_unc4841_jun23.yar#L119-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_barracuda_esg_unc4841_jun23.yar#L119-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "63e94447930d5a00399de753076facbfb2bf18dd8c815f01aaefd14678aea034"
 		score = 70
 		quality = 85
@@ -319633,8 +320221,8 @@ rule SIGNATURE_BASE_APT_MAL_Hunting_LUA_SEASIDE_1 : FILE
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_barracuda_esg_unc4841_jun23.yar#L136-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_barracuda_esg_unc4841_jun23.yar#L136-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cd2813f0260d63ad5adf0446253c2172"
 		logic_hash = "82b61325a78bf8ab09d426cfadceb614a256dfcafb2e1f75595de63593ed2574"
 		score = 70
@@ -319659,8 +320247,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Hunting_Linux_WHIRLPOOL_1 : FILE
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_barracuda_esg_unc4841_jun23.yar#L154-L173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_barracuda_esg_unc4841_jun23.yar#L154-L173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "177add288b289d43236d2dba33e65956"
 		logic_hash = "d03c0e292b9b97bbf76585fc74208e4263d753807b8e4a445be80d41264d5432"
 		score = 70
@@ -319688,8 +320276,8 @@ rule SIGNATURE_BASE_APT_MAL_LUA_Hunting_SKIPJACK_1
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_barracuda_esg_unc4841_jun23.yar#L175-L193"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_barracuda_esg_unc4841_jun23.yar#L175-L193"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e4e86c273a2b67a605f5d4686783e0cc"
 		logic_hash = "8890cd9ab8190f12997e0653e43c89816df03c7bd41842e5ad21b1986819843e"
 		score = 70
@@ -319716,8 +320304,8 @@ rule SIGNATURE_BASE_APT_MAL_LUA_Hunting_Lua_SKIPJACK_2
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_barracuda_esg_unc4841_jun23.yar#L195-L212"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_barracuda_esg_unc4841_jun23.yar#L195-L212"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "87847445f9524671022d70f2a812728f"
 		logic_hash = "093e8857c410bd30a076f87ef63d7e1e66f50e3dce75b4add67161782386ee24"
 		score = 70
@@ -319743,8 +320331,8 @@ rule SIGNATURE_BASE_APT_MAL_LUA_Hunting_Lua_SEASPRAY_1
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_barracuda_esg_unc4841_jun23.yar#L213-L228"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_barracuda_esg_unc4841_jun23.yar#L213-L228"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "35cf6faf442d325961935f660e2ab5a0"
 		logic_hash = "856bfb47557b60f69aa1141477d6ce446ea13ebbe899022d7996ceef08bdefbb"
 		score = 70
@@ -319768,8 +320356,8 @@ rule SIGNATURE_BASE_SUSP_WER_Critical_Heapcorruption : FILE
 		date = "2019-10-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1185459425710092288"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_wer_files.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_wer_files.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "efa84e375f31ca37b9dd9c7a74251929ac957b9bd530e92f74b8836f56048fea"
 		score = 45
 		quality = 85
@@ -319792,8 +320380,8 @@ rule SIGNATURE_BASE_SUSP_WER_Suspicious_Crash_Directory : FILE
 		date = "2019-10-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1185585050059976705"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_wer_files.yar#L20-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_wer_files.yar#L20-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a197feeafca38ffe33428fa807e2b80e3071ab8960926fc2f328748bda299910"
 		score = 45
 		quality = 60
@@ -319824,8 +320412,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_1 : FILE
 		date = "2018-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_mosquito.yar#L13-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_mosquito.yar#L13-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "22d799531986c30da19943f1dda305e61a305083478549e93c0ecddeade77b39"
 		score = 75
 		quality = 85
@@ -319850,8 +320438,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_2 : FILE
 		date = "2018-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_mosquito.yar#L32-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_mosquito.yar#L32-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f1f93d3bc1c4bd55fc7558716a0a1eb7a6c4c2381a4532d37f4e3559f7c809ea"
 		score = 75
 		quality = 85
@@ -319879,8 +320467,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_3 : FILE
 		date = "2018-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_mosquito.yar#L54-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_mosquito.yar#L54-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0f59c130b500625466da0c8b5bfd84051ee59a3b6261ee3d990d4c355b10672b"
 		score = 75
 		quality = 85
@@ -319908,8 +320496,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_4 : FILE
 		date = "2018-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_mosquito.yar#L79-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_mosquito.yar#L79-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4765b912258491f38c03513204d9af8bc62c37df2fe583e371cbbeff6fc12298"
 		score = 75
 		quality = 85
@@ -319930,8 +320518,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_5 : FILE
 		date = "2018-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_mosquito.yar#L92-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_mosquito.yar#L92-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5b0366194410f36c47dd41f6a36c45edbce75e3ddad19520b17bed59513e1dbc"
 		score = 75
 		quality = 85
@@ -319951,8 +320539,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_6 : FILE
 		date = "2018-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_mosquito.yar#L105-L127"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_mosquito.yar#L105-L127"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9ca6ae4313ad8f009b17188aa7184ff01a4b7e35926f3f68dc3aea12bffb9bb1"
 		score = 75
 		quality = 85
@@ -319981,8 +320569,8 @@ rule SIGNATURE_BASE_APT_Turlamosquito_MAL_Oct22_1 : FILE
 		date = "2022-10-25"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_mosquito.yar#L129-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_mosquito.yar#L129-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fbaca774d6398aac7c171a5d87aa456a1921c1b80449d06f392b088db33ee845"
 		score = 80
 		quality = 85
@@ -320012,8 +320600,8 @@ rule SIGNATURE_BASE_Dridex_Trojan_XML
 		date = "2015-03-08"
 		modified = "2023-12-05"
 		reference = "https://threatpost.com/dridex-banking-trojan-spreading-via-macros-in-xml-files/111503"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_dridex_xml.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_dridex_xml.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "25b6340d782ee20723b2f17f3434a0b27b1561ab22d5a8f859e97e0ac126f651"
 		score = 75
 		quality = 85
@@ -320044,8 +320632,8 @@ rule SIGNATURE_BASE_Gen_Python_Encoded_Adware : FILE
 		date = "2018-03-07"
 		modified = "2023-01-06"
 		reference = "https://twitter.com/JohnLaTwC/status/949048002466914304"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_python_encoded_adware.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_python_encoded_adware.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5d7239be779367e69d2e63ffd9dc6e2a1f79c4e5c6c725e8c5e59a44c0ab2fff"
 		logic_hash = "256b289cfe83384c02aacf9c7e790898ba34988c9be149b39e63791c319bfc4a"
 		score = 75
@@ -320069,8 +320657,8 @@ rule SIGNATURE_BASE_MAL_Prolock_Malware : FILE
 		date = "2020-05-17"
 		modified = "2023-12-05"
 		reference = "https://raw.githubusercontent.com/fboldewin/YARA-rules/master/Prolock.Malware.yar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_prolock.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_prolock.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "da8a0ec683475019daddd4acdd00d4c36eedacad3deef2be4220b86cbf5f9df0"
 		score = 75
 		quality = 85
@@ -320097,8 +320685,8 @@ rule SIGNATURE_BASE_SUSP_PS1_JAB_Pattern_Jun22_1 : FILE
 		date = "2022-06-10"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_ps_jab.yar#L2-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_ps_jab.yar#L2-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9ad61dca5c945ed87642668e3b834b12c813af244437903a5abb5c69459b9456"
 		score = 70
 		quality = 85
@@ -320122,8 +320710,8 @@ rule SIGNATURE_BASE_APT_Artradownloader2_Aug19_1 : FILE
 		date = "2019-08-27"
 		modified = "2023-12-05"
 		reference = "https://unit42.paloaltonetworks.com/multiple-artradownloader-variants-used-by-bitter-to-target-pakistan/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_patchwork.yar#L2-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_patchwork.yar#L2-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c365c3d678c881eeb626b5d26e6164b473990387619337459ccdd8d9f0633b49"
 		score = 75
 		quality = 85
@@ -320161,8 +320749,8 @@ rule SIGNATURE_BASE_EXPL_LNX_CUPS_CVE_2024_47177_Sep24 : CVE_2024_47177 FILE
 		date = "2024-09-27"
 		modified = "2024-12-12"
 		reference = "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cups_sep24.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cups_sep24.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "633314dea5e3cbdf3cef6e4f18c2efca261dfc600bb9c11d0834fdae102ac9e6"
 		score = 75
 		quality = 85
@@ -320184,8 +320772,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_LNX_CUPS_CVE_2024_47177_Sep24 : CVE_2024_47177
 		date = "2024-09-27"
 		modified = "2024-12-12"
 		reference = "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cups_sep24.yar#L17-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cups_sep24.yar#L17-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2158ca8a08cb7552e2a437de025e3aad63ddc5417245e6ede7283d3bd0fc159b"
 		score = 65
 		quality = 85
@@ -320215,8 +320803,8 @@ rule SIGNATURE_BASE_Hawkeye_Keylogger_Feb18_1 : FILE
 		date = "2018-02-12"
 		modified = "2023-01-06"
 		reference = "https://app.any.run/tasks/ae2521dd-61aa-4bc7-b0d8-8c85ddcbfcc9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_hawkeye.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_hawkeye.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "39037ccb90b747c098fbf5a504aee4a6a716901ff5841ae328ea40d06cc3fcfd"
 		score = 90
 		quality = 85
@@ -320240,8 +320828,8 @@ rule SIGNATURE_BASE_MAL_Hawkeye_Keylogger_Gen_Dec18
 		date = "2018-12-10"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/James_inthe_box/status/1072116224652324870"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_hawkeye.yar#L20-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_hawkeye.yar#L20-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b850f02849030d9912b7571e33e969427ac8f721d2f288ae3ac3e971c4ee4263"
 		score = 75
 		quality = 85
@@ -320266,8 +320854,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_POC_Vmware_Workspace_ONE_CVE_2022_22954_Apr22_1 :
 		modified = "2025-03-29"
 		old_rule_name = "EXPL_POC_VMWare_Workspace_ONE_CVE_2022_22954_Apr22"
 		reference = "https://twitter.com/rwincey/status/1512241638994853891/photo/1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2022_22954_vmware_workspace_one.yar#L2-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2022_22954_vmware_workspace_one.yar#L2-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "20c1d55e29b777cca3cb8e92fbe45e23e6bbf972167dee8b0a012d9ff12f3841"
 		score = 60
 		quality = 85
@@ -320303,8 +320891,8 @@ rule SIGNATURE_BASE_LOG_SUSP_EXPL_POC_Vmware_Workspace_ONE_CVE_2022_22954_Apr22_
 		modified = "2025-03-29"
 		old_rule_name = "EXPL_POC_VMWare_Workspace_ONE_CVE_2022_22954_Apr22"
 		reference = "https://twitter.com/rwincey/status/1512241638994853891/photo/1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2022_22954_vmware_workspace_one.yar#L36-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2022_22954_vmware_workspace_one.yar#L36-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c383f197da1e043e632c4d4de03fa7ff42e3fb6fa7824f326874446bcd13588"
 		score = 60
 		quality = 85
@@ -320328,8 +320916,8 @@ rule SIGNATURE_BASE_PUA_Anydesk_Compromised_Certificate_Revoked_Jan24 : FILE
 		date = "2024-02-05"
 		modified = "2024-04-24"
 		reference = "https://anydesk.com/en/public-statement"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_anydesk_compromised_cert_feb23.yar#L3-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_anydesk_compromised_cert_feb23.yar#L3-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a1f148dbf15579bd6a65e7c93fa64f00ea481d6b314a444fa924a4604adb9a6d"
 		score = 50
 		quality = 85
@@ -320348,8 +320936,8 @@ rule SIGNATURE_BASE_SUSP_Anydesk_Compromised_Certificate_Jan24_1 : FILE
 		date = "2024-02-02"
 		modified = "2024-04-24"
 		reference = "https://anydesk.com/en/public-statement"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_anydesk_compromised_cert_feb23.yar#L19-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_anydesk_compromised_cert_feb23.yar#L19-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1b2268b1efa09ee8578f4c1ae07617ac6bebeacd3ed50598a2fc2ec4d709baa7"
 		score = 75
 		quality = 85
@@ -320370,8 +320958,8 @@ rule SIGNATURE_BASE_SUSP_Anydesk_Compromised_Certificate_Jan24_2 : FILE
 		date = "2024-02-02"
 		modified = "2024-04-24"
 		reference = "https://anydesk.com/en/public-statement"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_anydesk_compromised_cert_feb23.yar#L38-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_anydesk_compromised_cert_feb23.yar#L38-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "86f708233d5a6a46d367430dcc65b128e8dc7ec24eda774ff3860101cc16c9fc"
 		score = 65
 		quality = 85
@@ -320395,8 +320983,8 @@ rule SIGNATURE_BASE_SUSP_Anydesk_Compromised_Certificate_Jan24_3 : FILE
 		date = "2024-02-02"
 		modified = "2024-04-24"
 		reference = "https://anydesk.com/en/public-statement"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_anydesk_compromised_cert_feb23.yar#L58-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_anydesk_compromised_cert_feb23.yar#L58-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fdd1068abfba52c9a40fd2b6628a5c67775eb31815e6d53bfc4655080d9b240e"
 		score = 75
 		quality = 85
@@ -320415,8 +321003,8 @@ rule SIGNATURE_BASE_APT_Tick_Sysmon_Loader_Jun18 : FILE
 		date = "2018-06-23"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_tick_weaponized_usb.yar#L13-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_tick_weaponized_usb.yar#L13-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e6256269409322a4f48bfdaafc52f5ec83602cf66f2e3b8d83ed5175e1dc506f"
 		score = 75
 		quality = 85
@@ -320447,8 +321035,8 @@ rule SIGNATURE_BASE_APT_Tick_Homamdownloader_Jun18 : FILE
 		date = "2018-06-23"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_tick_weaponized_usb.yar#L40-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_tick_weaponized_usb.yar#L40-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b4c798aa0c71f44f271e710d791c97adcbf9bd28ec87dd1d8d589029e58d1cfb"
 		score = 75
 		quality = 85
@@ -320476,8 +321064,8 @@ rule SIGNATURE_BASE_Rocketkitten_Keylogger : FILE
 		date = "2015-09-01"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/SjQhlp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rocketkitten_keylogger.yar#L8-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rocketkitten_keylogger.yar#L8-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c8523a50075c6ee9675d37d870da55d9e6193bbc770f6b916e700ab9aad438cc"
 		score = 75
 		quality = 85
@@ -320510,8 +321098,8 @@ rule SIGNATURE_BASE_SUSP_Unsigned_Googleupdate : FILE
 		date = "2019-08-05"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_google_anomaly.yar#L3-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_google_anomaly.yar#L3-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5e333ac773927e2ed1f6aa4d6bbcb63d67bcc8d18d732a84bb68cb503469b247"
 		score = 60
 		quality = 85
@@ -320537,8 +321125,8 @@ rule SIGNATURE_BASE_EXP_Drivecrypt_1 : FILE
 		date = "2018-08-21"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vul_drivecrypt.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vul_drivecrypt.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1959f2e4838e40f2abc26ee16b03089088c96cafb101125bdc346f69fe76d7a4"
 		score = 75
 		quality = 85
@@ -320563,8 +321151,8 @@ rule SIGNATURE_BASE_EXP_Drivecrypt_X64Passldr : FILE
 		date = "2018-08-21"
 		modified = "2023-01-06"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vul_drivecrypt.yar#L19-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vul_drivecrypt.yar#L19-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "573cd96f7f82788a3884cd4b4d91c739a890835c3ed1b3933af48ba5756cc5a6"
 		score = 75
 		quality = 85
@@ -320592,8 +321180,8 @@ rule SIGNATURE_BASE_MAL_Backdoor_Naikon_APT_Sample1 : FILE
 		date = "2015-05-14"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/7vHyvh"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_naikon.yar#L2-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_naikon.yar#L2-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d5716c80cba8554eb79eecfb4aa3d99faf0435a1833ec5ef51f528146c758eba"
 		hash = "f5ab8e49c0778fa208baad660fe4fa40fc8a114f5f71614afbd6dcc09625cb96"
 		logic_hash = "e582fc3518dab2392a79909b5369c48656b6f280b915fad4befb0839ec7ce1bd"
@@ -320632,8 +321220,8 @@ rule SIGNATURE_BASE_MAL_DOC_Zloader_Oct20_1 : FILE
 		date = "2020-10-10"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/JohnLaTwC/status/1314602421977452544"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_zloader_maldocs.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_zloader_maldocs.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6f546a860361d3caff99c282465dbbd1880460c7491a1b5ad065c1b5d91e5d49"
 		score = 75
 		quality = 85
@@ -320661,8 +321249,8 @@ rule SIGNATURE_BASE_HKTL_Cobaltstrike_Sleepmask_Jul22
 		date = "2022-07-04"
 		modified = "2023-12-05"
 		reference = "https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cobaltstrike.yar#L3-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cobaltstrike.yar#L3-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "233b3cb441f45f400c0261589aac31dd1fcd9c4e3a86a6aaa46c60849063b34b"
 		score = 80
 		quality = 85
@@ -320683,8 +321271,8 @@ rule SIGNATURE_BASE_Winnti_Signing_Cert : FILE
 		date = "2015-10-10"
 		modified = "2025-08-11"
 		reference = "https://securelist.com/analysis/publications/72275/i-am-hdroot-part-1/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L9-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L9-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6fd5f2808e7d683b9c4b7f5d4ccfd0eb87037eb2e70700b2c083db8c6ddf4a26"
 		score = 75
 		quality = 85
@@ -320710,8 +321298,8 @@ rule SIGNATURE_BASE_Winnti_Malware_Nsiproxy : FILE
 		date = "2015-10-10"
 		modified = "2025-08-11"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L28-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L28-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "742b091cc630ecea995be8d022eabadef1725dbd952f66a9ca62ecdee6985733"
 		score = 75
 		quality = 85
@@ -320745,8 +321333,8 @@ rule SIGNATURE_BASE_Winnti_Malware_Updatedll : FILE
 		date = "2015-10-10"
 		modified = "2025-08-11"
 		reference = "VTI research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L56-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L56-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4b483e77106cc0e2f8ed2398de8b34b8246472875ad3e0612fa06cac96b7e6aa"
 		score = 75
 		quality = 85
@@ -320784,8 +321372,8 @@ rule SIGNATURE_BASE_Winnti_Malware_FWPK : FILE
 		date = "2015-10-10"
 		modified = "2023-01-06"
 		reference = "VTI research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L90-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L90-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6e87b06f6bf11dceb04c8eb4910f5d98ec3fe430fa984eeed8b73e99b28c5abe"
 		score = 75
 		quality = 85
@@ -320820,8 +321408,8 @@ rule SIGNATURE_BASE_Winnti_Malware_Streamportal_Gen : FILE
 		date = "2015-10-10"
 		modified = "2025-08-11"
 		reference = "VTI research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L119-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L119-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "249f51b263fbcab650983d75482fd4787934731e415fcbd0e6f6925032aac690"
 		score = 75
 		quality = 85
@@ -320853,8 +321441,8 @@ rule SIGNATURE_BASE_WINNTI_Kingsoft_Moz_Confustion : FILE
 		date = "2018-04-13"
 		modified = "2025-08-11"
 		reference = "https://www.virustotal.com/en/file/070ee4a40852b26ec0cfd79e32176287a6b9d2b15e377281d8414550a83f6496/analysis/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L143-L159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L143-L159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ebd8465f484e1142ac741263282ea1c6f98e6bd0637ebdcec6ecc6233193407e"
 		score = 75
 		quality = 85
@@ -320873,8 +321461,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_1 : FILE
 		date = "2019-12-06"
 		modified = "2025-06-03"
 		reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L160-L181"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L160-L181"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2ffeb40b096e5112adbb9c07b27b954424d6ef11a0a9bd736b43df9aa1e9af3e"
 		score = 75
 		quality = 85
@@ -320900,8 +321488,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_2
 		date = "2019-12-06"
 		modified = "2025-08-11"
 		reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L183-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L183-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "216557999b7100f26556f9f7088b16ba125ac39b308cb77c997d620ce9591d24"
 		score = 75
 		quality = 85
@@ -320933,8 +321521,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_3
 		date = "2019-12-06"
 		modified = "2025-08-11"
 		reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L208-L224"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L208-L224"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "601f8a3cba57fea46c16c36f8276631fcd22feef4ea1388a1ea35b00929b9fbb"
 		score = 75
 		quality = 85
@@ -320959,8 +321547,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_4
 		date = "2019-12-06"
 		modified = "2025-08-11"
 		reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L226-L240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L226-L240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "32909e915a6e602ad1e8698cf5c128c2e54670770b97f54b1414c5798c42cc00"
 		score = 75
 		quality = 85
@@ -320983,8 +321571,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_5
 		date = "2019-12-06"
 		modified = "2025-08-11"
 		reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L242-L269"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L242-L269"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "977d11fbb7cf4678d4da179c43d5566520ee97ac528e269a9b985e5bc75641b7"
 		score = 75
 		quality = 85
@@ -321020,8 +321608,8 @@ rule SIGNATURE_BASE_APT_CN_Group_Loader_Jan20_1
 		date = "2020-02-01"
 		modified = "2025-08-11"
 		reference = "https://twitter.com/VK_Intel/status/1223411369367785472?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L271-L283"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L271-L283"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "30a180ada2390ca8df4bf7883624a5a176249622b4c34ce96931fe62b09ea8e3"
 		score = 80
 		quality = 85
@@ -321042,8 +321630,8 @@ rule SIGNATURE_BASE_Winnti_Dropper_X64_Libtomcrypt_Fns : TAU CN APT
 		date = "2019-08-26"
 		modified = "2025-08-11"
 		reference = "https://www.carbonblack.com/2019/09/04/cb-tau-threat-intelligence-notification-winnti-malware-4-0/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L285-L332"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L285-L332"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "39d23f2a12a3b78182e52847e2fdb2d09386765138c37eb7f75edfc680505531"
 		score = 75
 		quality = 83
@@ -321096,8 +321684,8 @@ rule SIGNATURE_BASE_Winnti_Dropper_X86_Libtomcrypt_Fns : TAU CN APT
 		date = "2019-08-26"
 		modified = "2025-08-11"
 		reference = "https://www.carbonblack.com/2019/09/04/cb-tau-threat-intelligence-notification-winnti-malware-4-0/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti.yar#L334-L375"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti.yar#L334-L375"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "84bfe001758677ff3a0d60d98e29c33ad1525a0afb27b73df750b2131e298879"
 		score = 75
 		quality = 85
@@ -321144,8 +321732,8 @@ rule SIGNATURE_BASE_Reveal_Memorycredentials : FILE
 		date = "2015-08-31"
 		modified = "2023-12-05"
 		reference = "https://github.com/giMini/RWMC/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rwmc_powershell_creddump.yar#L8-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rwmc_powershell_creddump.yar#L8-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "893c26818c424d0ff549c1fbfa11429f36eecd16ee69330c442c59a82ce6adea"
 		logic_hash = "d740462aacd3b30d0258d018344642683fefd43ef033dd7f5bdde2bdddce4115"
 		score = 75
@@ -321171,8 +321759,8 @@ rule SIGNATURE_BASE_Minidumptest_Msdsc : FILE
 		date = "2015-08-31"
 		modified = "2023-12-05"
 		reference = "https://github.com/giMini/RWMC/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_rwmc_powershell_creddump.yar#L26-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_rwmc_powershell_creddump.yar#L26-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "477034933918c433f521ba63d2df6a27cc40a5833a78497c11fb0994d2fd46ba"
 		logic_hash = "ae8a28df245a8f7a2d62639789c31556b012322fcac09784595fd6f95d6bf195"
 		score = 50
@@ -321198,8 +321786,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Tools_Back : FILE
 		date = "2017-07-23"
 		modified = "2022-12-21"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wilted_tulip.yar#L13-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wilted_tulip.yar#L13-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3a23491cbb24177c027695d8f677c4a72ed0404c4c38356eec4b92f2d06be2ee"
 		score = 75
 		quality = 85
@@ -321224,8 +321812,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Tools_Clrlg : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wilted_tulip.yar#L31-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wilted_tulip.yar#L31-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "003f711ac6f2308f2bdc638da7c654686e7402db7b3837120168e5a99b774537"
 		score = 75
 		quality = 85
@@ -321249,8 +321837,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Powershell
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wilted_tulip.yar#L47-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wilted_tulip.yar#L47-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "57d28f7b79cc14b8bbc2d7c9b2c16ab0f94a4b160cf7cb1d4641fe1c77e06811"
 		score = 75
 		quality = 85
@@ -321273,8 +321861,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Vminst : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wilted_tulip.yar#L62-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wilted_tulip.yar#L62-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a4559c2f4de60537827d167453751a92c0030ae6ce095a2d64df777e93d4b87a"
 		score = 75
 		quality = 85
@@ -321307,8 +321895,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Windows_UM_Task
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wilted_tulip.yar#L90-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wilted_tulip.yar#L90-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cfc2d231b6be798172e5d7ffc525842c7eed6d78a145c401136452c46f21e3b2"
 		score = 75
 		quality = 85
@@ -321334,8 +321922,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Windowstask
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wilted_tulip.yar#L109-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wilted_tulip.yar#L109-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a2bbcb02f34b2da3d88772d211cc7bfb669384161eec94336cdc2474144b16ae"
 		score = 75
 		quality = 85
@@ -321364,8 +321952,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Tdtess : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wilted_tulip.yar#L130-L147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wilted_tulip.yar#L130-L147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ffd10e06b3a8f3054747443b863070e8726589fc795f816832dbf73c0c34e080"
 		score = 75
 		quality = 85
@@ -321391,8 +321979,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Silverlightmsi : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wilted_tulip.yar#L149-L165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wilted_tulip.yar#L149-L165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "716db8f8e7d71c7f3deaeb9ac8e141c9bf374e5dae992e8e2623070c81089953"
 		score = 75
 		quality = 85
@@ -321419,8 +322007,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Matryoshka_Injector : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wilted_tulip.yar#L167-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wilted_tulip.yar#L167-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e02d26882c85b77bd97629fce20bd027e1f5f7e28ae0c43c9ea7a4b1e5d02cd1"
 		score = 75
 		quality = 85
@@ -321445,8 +322033,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Zpp : FILE
 		date = "2017-07-23"
 		modified = "2022-12-21"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wilted_tulip.yar#L191-L215"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wilted_tulip.yar#L191-L215"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "32c91f8a02443a6f024acb3f941b7f11472e7f1517c54a3c7edc89ce88ba73e0"
 		score = 75
 		quality = 85
@@ -321478,8 +322066,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Netsrv_Netsrvs : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wilted_tulip.yar#L217-L242"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wilted_tulip.yar#L217-L242"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1506d1eddd43731c00e5f01a292589b07de5055bbdd7b1f7c2d7ac7a09b8ae58"
 		score = 75
 		quality = 85
@@ -321514,8 +322102,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Reflectiveloader : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wilted_tulip.yar#L244-L268"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wilted_tulip.yar#L244-L268"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9488d2e97d0ea031a138e72964a3b56781f9d05c1676ff0b360407db944e26de"
 		score = 75
 		quality = 85
@@ -321547,8 +322135,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Matryoshka_RAT : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wilted_tulip.yar#L270-L289"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wilted_tulip.yar#L270-L289"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9e878d9e3dc3f2050e52a046038f4f855b5b777948d928e0bc6d7a98fc0a7119"
 		score = 75
 		quality = 85
@@ -321577,8 +322165,8 @@ rule SIGNATURE_BASE_APT_Lazarus_Aug18_Downloader_1 : FILE
 		date = "2018-08-24"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/operation-applejeus/87553/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_applejeus.yar#L13-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_applejeus.yar#L13-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f6bdaa8aa76da3e679094ae9759a67b5db33d0445f7204ff13e400fa6db60386"
 		score = 75
 		quality = 85
@@ -321610,8 +322198,8 @@ rule SIGNATURE_BASE_APT_Lazarus_Aug18_1 : FILE
 		date = "2018-08-24"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/operation-applejeus/87553/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_applejeus.yar#L39-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_applejeus.yar#L39-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "efd43e2d84ba964e7fc7e6c03eaba3dd5181c9cbe51b4a06a7a723dca95fab17"
 		score = 75
 		quality = 85
@@ -321639,8 +322227,8 @@ rule SIGNATURE_BASE_APT_Lazarus_Aug18_2 : FILE
 		date = "2018-08-24"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/operation-applejeus/87553/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_applejeus.yar#L62-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_applejeus.yar#L62-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "75d52ad829383392d9eb20a8308278d073d16f7624e60010356534bdc6acc81f"
 		score = 75
 		quality = 85
@@ -321668,8 +322256,8 @@ rule SIGNATURE_BASE_APT_Fallchill_RC4_Keys : FILE
 		date = "2018-08-21"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/operation-applejeus/87553/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_applejeus.yar#L84-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_applejeus.yar#L84-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "59861618dba256996d7bbcd94a6efccdb64589fc75086bfe7d980fa51761ef97"
 		score = 75
 		quality = 85
@@ -321694,8 +322282,8 @@ rule SIGNATURE_BASE_Bytes_Used_In_AES_Key_Generation : FILE
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ncsc_report_04_2018.yar#L9-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ncsc_report_04_2018.yar#L9-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b5278301da06450fe4442a25dda2d83d21485be63598642573f59c59e980ad46"
 		logic_hash = "221f5ea0a0224a96588912e7ddfbafd20b0b10c119395ca14d1138c284d7b79e"
 		score = 75
@@ -321717,8 +322305,8 @@ rule SIGNATURE_BASE_Partial_Implant_ID : FILE
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ncsc_report_04_2018.yar#L24-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ncsc_report_04_2018.yar#L24-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b5278301da06450fe4442a25dda2d83d21485be63598642573f59c59e980ad46"
 		logic_hash = "d0a29bed3c19007cb08427769918b0a02d5d247211a1ceaff31aed5839c78966"
 		score = 75
@@ -321740,8 +322328,8 @@ rule SIGNATURE_BASE_Sleep_Timer_Choice : FILE
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ncsc_report_04_2018.yar#L39-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ncsc_report_04_2018.yar#L39-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b5278301da06450fe4442a25dda2d83d21485be63598642573f59c59e980ad46"
 		logic_hash = "5d2b656aabb113c50805d4af0faa62f579547dd4ec328ff2778fab64d778b8b9"
 		score = 75
@@ -321763,8 +322351,8 @@ rule SIGNATURE_BASE_User_Function_String
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ncsc_report_04_2018.yar#L54-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ncsc_report_04_2018.yar#L54-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b5278301da06450fe4442a25dda2d83d21485be63598642573f59c59e980ad46"
 		logic_hash = "04821d1d5c12b5a9aca3c5b4be9f7a7d35320ad1503ccbdadebc7710c613a976"
 		score = 75
@@ -321790,8 +322378,8 @@ rule SIGNATURE_BASE_Generic_Shellcode_Downloader_Specific : FILE
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ncsc_report_04_2018.yar#L73-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ncsc_report_04_2018.yar#L73-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b8bc0611a7fd321d2483a0a9a505251e15c22402e0cfdc62c0258af53ed3658a"
 		logic_hash = "9315ad03b5a28030c32fea5547db3ae421a1ebdae0b96a8a4c2f92660c41bc40"
 		score = 75
@@ -321817,8 +322405,8 @@ rule SIGNATURE_BASE_Batch_Script_To_Run_Psexec
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ncsc_report_04_2018.yar#L91-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ncsc_report_04_2018.yar#L91-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b7d7c4bc8f9fd0e461425747122a431f93062358ed36ce281147998575ee1a18"
 		logic_hash = "9bdaa14aa535c178914f83c12b23484162f085c6fc6041d379268546ee99f462"
 		score = 75
@@ -321844,8 +322432,8 @@ rule SIGNATURE_BASE_Batch_Powershell_Invoke_Inveigh
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ncsc_report_04_2018.yar#L109-L124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ncsc_report_04_2018.yar#L109-L124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0a6b1b29496d4514f6485e78680ec4cd0296ef4d21862d8bf363900a4f8e3fd2"
 		logic_hash = "5048a180df301707622e9ad0b949da9e39d2f55f16fc43e7344a8181596a836c"
 		score = 75
@@ -321870,8 +322458,8 @@ rule SIGNATURE_BASE_Lnk_Detect : FILE
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ncsc_report_04_2018.yar#L126-L149"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ncsc_report_04_2018.yar#L126-L149"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ae8796877d70f8ddd56bac8ed474231f26d9bc8e73625e65d5d927ab804996b3"
 		score = 75
 		quality = 85
@@ -321902,8 +322490,8 @@ rule SIGNATURE_BASE_RDP_Brute_Strings
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ncsc_report_04_2018.yar#L151-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ncsc_report_04_2018.yar#L151-L174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8234bf8a1b53efd2a452780a69666d1aedcec9eb1bb714769283ccc2c2bdcc65"
 		logic_hash = "80c51d82a57271409d298b5175505c4234a6c3ec8a8763c93b669d1f0a8d59ba"
 		score = 75
@@ -321937,8 +322525,8 @@ rule SIGNATURE_BASE_WEBSHELL_Z_Webshell_1
 		modified = "2023-12-05"
 		old_rule_name = "Z_WebShell"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ncsc_report_04_2018.yar#L176-L192"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ncsc_report_04_2018.yar#L176-L192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ace12552f3a980f1eed4cadb02afe1bfb851cafc8e58fb130e1329719a07dbf0"
 		logic_hash = "1dfc546a7493c1443527ebe74ed8cd2b06ee032b9a3f736b830e16288e616d43"
 		score = 75
@@ -321963,8 +322551,8 @@ rule SIGNATURE_BASE_APT_MAL_Winntilinux_Dropper_Azazelfork_May19 : AZAZEL_FORK F
 		date = "2019-05-15"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_linux.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_linux.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4741c2884d1ca3a40dadd3f3f61cb95a59b11f99a0f980dbadc663b85eb77a2a"
 		logic_hash = "0af32675dccfd0ad0c7919683fddced6ad49c65800ffa523773b7342b431379f"
 		score = 75
@@ -321990,8 +322578,8 @@ rule SIGNATURE_BASE_APT_MAL_Winntilinux_Main_Azazelfork_May19 : FILE
 		date = "2019-05-15"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_linux.yar#L18-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_linux.yar#L18-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ae9d6848f33644795a0cc3928a76ea194b99da3c10f802db22034d9f695a0c23"
 		logic_hash = "3ff38795179f6c32f2ff014b06ac126ae3a0de3fe7515f0e49f12f9c8ff14b43"
 		score = 75
@@ -322023,8 +322611,8 @@ rule SIGNATURE_BASE_Duqu2_Sample1 : FILE
 		date = "2016-07-02"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_duqu2.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_duqu2.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bf6b60bcae2b41487ede11581c82b32e6bc912445008b1655e4f75be65cf6596"
 		score = 80
 		quality = 85
@@ -322051,8 +322639,8 @@ rule SIGNATURE_BASE_Duqu2_Sample2 : FILE
 		date = "2016-07-02"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_duqu2.yar#L30-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_duqu2.yar#L30-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6afd87d472929f56272eb6f28970f2c8be5eb08e6126287391aee1269de1100d"
 		score = 80
 		quality = 85
@@ -322081,8 +322669,8 @@ rule SIGNATURE_BASE_Duqu2_Sample3 : FILE
 		date = "2016-07-02"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_duqu2.yar#L52-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_duqu2.yar#L52-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4adaf71a4acd8ce122af0b6f1267dc34c5190efcb4a6fa3322c1e6cf67a546a5"
 		score = 80
 		quality = 85
@@ -322105,8 +322693,8 @@ rule SIGNATURE_BASE_Duqu2_Sample4 : FILE
 		date = "2016-07-02"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_duqu2.yar#L68-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_duqu2.yar#L68-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ddecd1d7fa007b83fe6e29ac8983d02511a89a16ab2365f8086ec92a52d4bf33"
 		score = 80
 		quality = 85
@@ -322132,8 +322720,8 @@ rule SIGNATURE_BASE_Duqu2_Uas : FILE
 		date = "2016-07-02"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_duqu2.yar#L86-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_duqu2.yar#L86-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8bf27ca851c580080514dfa886c0d7c69ac114efb5dbc35ccd1e7686c3dd44b1"
 		score = 80
 		quality = 85
@@ -322160,8 +322748,8 @@ rule SIGNATURE_BASE_Ironpanda_Dnstunclient : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger.yar#L10-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger.yar#L10-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a08db49e198068709b7e52f16d00a10d72b4d26562c0d82b4544f8b0fb259431"
 		logic_hash = "07c142f6eb11ecc8ed5f55d6b0cc7110c6268e189f3ce29215f75b7aba91a290"
 		score = 80
@@ -322194,8 +322782,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware1 : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger.yar#L38-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger.yar#L38-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a0cee5822ddf254c254a5a0b7372c9d2b46b088a254a1208cb32f5fe7eca848a"
 		logic_hash = "4b50a2c7f0f94b678fc560eefb217c067e934f8e7d64bc0f0d16afcccccd0d08"
 		score = 75
@@ -322222,8 +322810,8 @@ rule SIGNATURE_BASE_Ironpanda_Webshell_JSP : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger.yar#L57-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger.yar#L57-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3be95477e1d9f3877b4355cff3fbcdd3589bb7f6349fd4ba6451e1e9d32b7fa6"
 		logic_hash = "747ce812b156bf03f8d14ef84e7d2e8535c7c70590dfcb50ce3e957bec745efc"
 		score = 75
@@ -322248,8 +322836,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware_Htran : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger.yar#L74-L102"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger.yar#L74-L102"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7903f94730a8508e9b272b3b56899b49736740cea5037ea7dbb4e690bcaf00e7"
 		logic_hash = "e7312a2d0ffc247eda20cb5453538a501bde6683bf34e7f4bf2230243474ba76"
 		score = 75
@@ -322285,8 +322873,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware2 : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger.yar#L104-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger.yar#L104-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a89c21dd608c51c4bf0323d640f816e464578510389f9edcf04cd34090decc91"
 		logic_hash = "060c681e7127349464cd98f99cef6e184fbd18d2ec415dc6c95d8ac329e6fe7e"
 		score = 75
@@ -322313,8 +322901,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware3 : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger.yar#L123-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger.yar#L123-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5cd2af844e718570ae7ba9773a9075738c0b3b75c65909437c43201ce596a742"
 		logic_hash = "ca55fc5aa655fb221808b4c82db520cae24e0d93422293b6ed5e573b343e93ac"
 		score = 75
@@ -322342,8 +322930,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware4 : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger.yar#L143-L159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger.yar#L143-L159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0d6da946026154416f49df2283252d01ecfb0c41c27ef3bc79029483adc2240c"
 		logic_hash = "12661c8862eeb82d55a3912e0a499beb6bb19f7abe9ccfe6fa0506e6a032cfe4"
 		score = 75
@@ -322369,8 +322957,8 @@ rule SIGNATURE_BASE_Bitpaymer_1
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://blog.morphisec.com/bitpaymer-ransomware-with-new-custom-packer-framework"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_crime_bitpaymer.yar#L1-L12"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_crime_bitpaymer.yar#L1-L12"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0c236794c04f0805d4611cfaf43369eeb4d0e65d6c697e6c5e6afd321fbca629"
 		score = 75
 		quality = 85
@@ -322392,8 +322980,8 @@ rule SIGNATURE_BASE_EXPL_Keepass_CVE_2023_24055_Jan23 : CVE_2023_24055 FILE
 		date = "2023-01-25"
 		modified = "2023-12-05"
 		reference = "https://github.com/alt3kx/CVE-2023-24055_PoC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_keepass_cve_2023_24055.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_keepass_cve_2023_24055.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3ca00f317838819bb7fb80c9d00d94db498e1d3ef146b9af2664dae09302a86d"
 		score = 75
 		quality = 81
@@ -322419,8 +323007,8 @@ rule SIGNATURE_BASE_SUSP_Keepass_CVE_2023_24055_Jan23 : CVE_2023_24055 FILE
 		date = "2023-01-25"
 		modified = "2023-12-05"
 		reference = "https://github.com/alt3kx/CVE-2023-24055_PoC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_keepass_cve_2023_24055.yar#L22-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_keepass_cve_2023_24055.yar#L22-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4ed3eee86baf3dddfe423795491a5a94c02df3f4a7525efa6f2436e19197e55b"
 		score = 60
 		quality = 85
@@ -322443,8 +323031,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_SH_Esxi_Attacks_Feb23_1 : FILE
 		date = "2023-02-04"
 		modified = "2023-12-05"
 		reference = "https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/page-14"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_ransom_esxi_attacks_feb23.yar#L6-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_ransom_esxi_attacks_feb23.yar#L6-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1143ee36603f604874432ee280314a9f62ffe64e58ec5cd4eb114b7b175b365a"
 		score = 85
 		quality = 60
@@ -322470,8 +323058,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_ELF_Esxi_Attacks_Feb23_1 : FILE
 		date = "2023-02-04"
 		modified = "2023-12-05"
 		reference = "https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/page-14"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_ransom_esxi_attacks_feb23.yar#L30-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_ransom_esxi_attacks_feb23.yar#L30-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "27ff018574323c10821993c30cf74de15121caa92a308fbcae4eceae954e63b6"
 		score = 85
 		quality = 85
@@ -322500,8 +323088,8 @@ rule SIGNATURE_BASE_APT_PY_Esxi_Backdoor_Dec22 : FILE
 		date = "2022-12-14"
 		modified = "2023-12-05"
 		reference = "https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_ransom_esxi_attacks_feb23.yar#L58-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_ransom_esxi_attacks_feb23.yar#L58-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "86b628f007720aa706c30d91e845d867ed481d1e99bcc9315c84a4e0b7b1b2a6"
 		score = 85
 		quality = 85
@@ -322523,8 +323111,8 @@ rule SIGNATURE_BASE_APT_SH_Esxi_Backdoor_Dec22 : FILE
 		date = "2022-12-14"
 		modified = "2023-12-05"
 		reference = "https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_ransom_esxi_attacks_feb23.yar#L73-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_ransom_esxi_attacks_feb23.yar#L73-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "155a90a6c55b99285555634d91a66fca9c7e7297f05314fa4d6ce1d84257ee11"
 		score = 75
 		quality = 85
@@ -322547,8 +323135,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_SH_Esxi_Attacks_Feb23_2 : FILE
 		date = "2023-02-06"
 		modified = "2023-12-05"
 		reference = "https://dev.to/xakrume/esxiargs-encryption-malware-launches-massive-attacks-against-vmware-esxi-servers-pfe"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_ransom_esxi_attacks_feb23.yar#L89-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_ransom_esxi_attacks_feb23.yar#L89-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3f240784873a0239cbf61f7f420fdd72b8992d5943ffc3d4dcad43c836569f4d"
 		score = 85
 		quality = 85
@@ -322569,8 +323157,8 @@ rule SIGNATURE_BASE_SUSP_Esxiargs_Endpoint_Conf_Aug23 : FILE
 		date = "2023-08-04"
 		modified = "2023-12-05"
 		reference = "https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/page-47"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_ransom_esxi_attacks_feb23.yar#L103-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_ransom_esxi_attacks_feb23.yar#L103-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "794d460eec0e2f0b48e6ced94b125a1e48acde6be6281866e0b4a2ae6c2d3b51"
 		score = 75
 		quality = 85
@@ -322595,8 +323183,8 @@ rule SIGNATURE_BASE_SUSP_Scheduled_Task_Java_JAR_Aug25 : FILE
 		date = "2025-08-07"
 		modified = "2025-08-08"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_soupdealer_java_aug25.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_soupdealer_java_aug25.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7c5999082d9c5f3dd342ca05191311ddd1e24ba7675d1e9763fb4d962be3a933"
 		logic_hash = "fc8e72dbc6133ca27cfd35bb952c32be3a75d0485558915f9ea49fc8fd8c5719"
 		score = 60
@@ -322622,8 +323210,8 @@ rule SIGNATURE_BASE_SUSP_JAVA_Loader_Indicators_Aug25 : FILE
 		date = "2025-08-07"
 		modified = "2025-08-08"
 		reference = "https://www.malwation.com/blog/technical-analysis-of-a-stealth-java-loader-used-in-phishing-campaigns-targeting-turkiye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_soupdealer_java_aug25.yar#L25-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_soupdealer_java_aug25.yar#L25-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ac610cd6d3030f49058d5e6f059b746cf3da05ca3cdc8f2be2f5f1cfec2ff665"
 		score = 70
 		quality = 85
@@ -322647,8 +323235,8 @@ rule SIGNATURE_BASE_MAL_JAVA_Loader_Final_Jar_Aug25
 		date = "2025-08-07"
 		modified = "2025-08-08"
 		reference = "https://www.malwation.com/blog/technical-analysis-of-a-stealth-java-loader-used-in-phishing-campaigns-targeting-turkiye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_soupdealer_java_aug25.yar#L45-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_soupdealer_java_aug25.yar#L45-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "743e7e12afd949aacbbfcfc62b13d4e65b7011ca4301b37b71bc8032f96aff20"
 		score = 85
 		quality = 85
@@ -322673,8 +323261,8 @@ rule SIGNATURE_BASE_SUSP_JAVA_Class_Allatori_Obfuscator_Aug25 : FILE
 		date = "2025-08-07"
 		modified = "2025-08-08"
 		reference = "https://www.malwation.com/blog/technical-analysis-of-a-stealth-java-loader-used-in-phishing-campaigns-targeting-turkiye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_soupdealer_java_aug25.yar#L62-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_soupdealer_java_aug25.yar#L62-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "981ae619526e3f90618884d133d565630320419ad4b9c75737708c864fac8365"
 		score = 50
 		quality = 85
@@ -322696,8 +323284,8 @@ rule SIGNATURE_BASE_Deeppanda_Sl_Txt_Packed
 		date = "2015-02-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_deeppanda.yar#L3-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_deeppanda.yar#L3-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ffb1d8ea3039d3d5eb7196d27f5450cac0ea4f34"
 		logic_hash = "37f875dcb2c920278c2625085c97a9dcce1907198409595a10e6a3fbce767f35"
 		score = 75
@@ -322727,8 +323315,8 @@ rule SIGNATURE_BASE_Deeppanda_Lot1
 		date = "2015-02-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_deeppanda.yar#L24-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_deeppanda.yar#L24-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5d201a0fb0f4a96cefc5f73effb61acff9c818e1"
 		logic_hash = "92169a1288f30dc6008e1a8c9b2b700f878c90aa09634e36fea586e19657dbd1"
 		score = 75
@@ -322764,8 +323352,8 @@ rule SIGNATURE_BASE_Deeppanda_Htran_Exe
 		date = "2015-02-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_deeppanda.yar#L51-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_deeppanda.yar#L51-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "38e21f0b87b3052b536408fdf59185f8b3d210b9"
 		logic_hash = "9ac5ddc53d3d5292acb3dcf68e66bc3f6ab4b8e61a71597dd84454adc516f95d"
 		score = 75
@@ -322795,8 +323383,8 @@ rule SIGNATURE_BASE_Deeppanda_Trojan_Kakfum
 		date = "2015-02-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_deeppanda.yar#L72-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_deeppanda.yar#L72-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0710edea973dce6f5feccf2e7e508cd5f65aa451e0bb5aca503778ffe2363401"
 		score = 75
 		quality = 60
@@ -322825,8 +323413,8 @@ rule SIGNATURE_BASE_MAL_LNX_Redmenshen_Bpfdoor_May23_1 : FILE
 		date = "2023-05-11"
 		modified = "2023-12-05"
 		reference = "https://www.deepinstinct.com/blog/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lnx_implant_may22.yar#L3-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lnx_implant_may22.yar#L3-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c58971a43443800256e791b4f9fe7c3221518b0050e5f2964b6c843ddb4549ac"
 		score = 80
 		quality = 85
@@ -322856,8 +323444,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Redmenshen_Bpfdoor_Controller_May22_1 : FILE
 		date = "2022-05-05"
 		modified = "2023-12-05"
 		reference = "https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lnx_implant_may22.yar#L45-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lnx_implant_may22.yar#L45-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8de10beea4ef2e059b16d38fb015d6f091cc517b6f0c06b6ef6868518349994d"
 		score = 90
 		quality = 85
@@ -322895,8 +323483,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Redmenshen_Bpfdoor_Controller_May22_2 : FILE
 		date = "2022-05-07"
 		modified = "2023-12-05"
 		reference = "https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lnx_implant_may22.yar#L78-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lnx_implant_may22.yar#L78-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7525c675dbba6eb480f1d28fc6db05bd9907725c291e64ee6dc2453fd42892a0"
 		score = 85
 		quality = 85
@@ -322925,8 +323513,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Redmenshen_Bpfdoor_Controller_May22_3 : FILE
 		date = "2022-05-08"
 		modified = "2023-12-05"
 		reference = "https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lnx_implant_may22.yar#L102-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lnx_implant_may22.yar#L102-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "afec0bfeddf5c5c2abc1a3173f636c385437e5d7c0b68665f6274011113a6a9c"
 		score = 85
 		quality = 85
@@ -322951,8 +323539,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Redmenshen_Bpfdoor_Controller_Generic_May22_1 :
 		date = "2022-05-09"
 		modified = "2023-12-05"
 		reference = "https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lnx_implant_may22.yar#L121-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lnx_implant_may22.yar#L121-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "57ae5f7dc1d202fe66d6626ef2bf2278b92bec0310449ce049bdaeaec5657c77"
 		score = 90
 		quality = 85
@@ -322995,8 +323583,8 @@ rule SIGNATURE_BASE_Payload_Exe2Hex
 		date = "2016-01-15"
 		modified = "2023-12-05"
 		reference = "https://github.com/g0tmi1k/exe2hex"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/generic_exe2hex_payload.yar#L8-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/generic_exe2hex_payload.yar#L8-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "91b738f0174a267bbc900d59abcb504d2ae0bac8c287c3b7d1ebfc57374a7ee7"
 		score = 70
 		quality = 85
@@ -323025,8 +323613,8 @@ rule SIGNATURE_BASE_MAL_LNX_Linadoor_Rootkit_May22 : FILE
 		date = "2022-05-19"
 		modified = "2023-05-16"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lnx_linadoor_rootkit.yar#L2-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lnx_linadoor_rootkit.yar#L2-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "546c34d4c204c7266884bb3b5b6ada418e83029ab88f72e5ffb094f50d9ed28e"
 		score = 85
 		quality = 85
@@ -323064,8 +323652,8 @@ rule SIGNATURE_BASE_MAL_OSX_Fancybear_Agent_Jul18_1 : FILE
 		date = "2018-07-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DrunkBinary/status/1018448895054098432"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fancybear_osxagent.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fancybear_osxagent.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "099235424f22f3591a891726ea0c13ebf831fae0456ab1b6baba329c090a9535"
 		score = 75
 		quality = 85
@@ -323093,8 +323681,8 @@ rule SIGNATURE_BASE_Gen_Base64_EXE : HIGHVOL FILE
 		date = "2017-04-21"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/general_cloaking.yar#L71-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/general_cloaking.yar#L71-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6fe18ee727a836c0baaac4dbbffdb9f50065f56a4c6eeee7e54792a8a66229de"
 		score = 75
 		quality = 85
@@ -323121,8 +323709,8 @@ rule SIGNATURE_BASE_Binary_Drop_Certutil : FILE
 		date = "2015-07-15"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/9DNn8q"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/general_cloaking.yar#L92-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/general_cloaking.yar#L92-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3e2b62442b5da6ab887e1eb03cdd44932651fa51ce11e87e6fc29015e708d2f3"
 		score = 70
 		quality = 85
@@ -323146,8 +323734,8 @@ rule SIGNATURE_BASE_Stegokatz : FILE
 		date = "2015-09-11"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/jWPBBY"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/general_cloaking.yar#L109-L123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/general_cloaking.yar#L109-L123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "091b07220d2a89822aa382edcecf5869d463e375747cc41f52417e66ccf0e2da"
 		score = 70
 		quality = 85
@@ -323170,8 +323758,8 @@ rule SIGNATURE_BASE_Obfuscated_VBS_April17 : FILE
 		date = "2017-04-21"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/general_cloaking.yar#L125-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/general_cloaking.yar#L125-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "590dca22a4fcbc2bbfb4358c53f7cb6c06824970139cca251c4cf1bd435817b0"
 		score = 75
 		quality = 85
@@ -323193,8 +323781,8 @@ rule SIGNATURE_BASE_Obfuscated_JS_April17 : FILE
 		date = "2017-04-21"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/general_cloaking.yar#L139-L153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/general_cloaking.yar#L139-L153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c75bf0ad8dd35fabbaedb54c2630249497edbb215b6ce2b707e32f82e8fb8f56"
 		score = 75
 		quality = 85
@@ -323218,8 +323806,8 @@ rule SIGNATURE_BASE_Tofu_Backdoor
 		date = "2017-02-28"
 		modified = "2023-12-05"
 		reference = "https://www.cylance.com/en_us/blog/the-deception-project-a-new-japanese-centric-threat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ham_tofu_chches.yar#L11-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ham_tofu_chches.yar#L11-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "67c49456dbe4dc4c8bc54139ce6d493ea5588392d8c64010d029d7a63ac7f976"
 		score = 75
 		quality = 85
@@ -323242,8 +323830,8 @@ rule SIGNATURE_BASE_Revengerat_Sep17 : FILE
 		date = "2017-09-04"
 		modified = "2020-07-27"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_revenge_rat.yar#L11-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_revenge_rat.yar#L11-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "467133402d6898f325cfd8c18308fc2a4dafd06c8624f9347225f16afd4035ce"
 		score = 75
 		quality = 85
@@ -323274,12 +323862,12 @@ rule SIGNATURE_BASE_SUSP_Vulndriver_HP_Hardware_Diagnostics_Etdsupp_May23 : FILE
 		date = "2023-05-12"
 		modified = "2023-12-05"
 		reference = "https://github.com/alfarom256/HPHardwareDiagnostics-PoC/tree/main/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/susp_vulndriver_hp_hardware_diagnostics_etdsupp_may23.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/susp_vulndriver_hp_hardware_diagnostics_etdsupp_may23.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f744abb99c97d98e4cd08072a897107829d6d8481aee96c22443f626d00f4145"
 		logic_hash = "bb50f591e49b1b0b08ccbe4ca5cb3685d8f358e51e6d6f77677bc05701f6b301"
 		score = 65
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -323299,8 +323887,8 @@ rule SIGNATURE_BASE_TA17_318B_Volgmer : FILE
 		date = "2017-11-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-318B"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_318B.yar#L9-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_318B.yar#L9-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2b3a7e501214767b7d79b33fb560b5611fa3726036a0c98d6f1904a55f306e40"
 		score = 75
 		quality = 85
@@ -323322,8 +323910,8 @@ rule SIGNATURE_BASE_Volgmer_Malware : FILE
 		date = "2017-11-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-318B"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta17_318B.yar#L34-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta17_318B.yar#L34-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "898c2734c56a40aa4d24c1eac2dfb7dd1f98b0bdf7a11ab518eef282becb84b6"
 		score = 75
 		quality = 85
@@ -323364,8 +323952,8 @@ rule SIGNATURE_BASE_REGEORG_Tuneller_Generic : FILE
 		date = "2021-12-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/unc3524-eye-spy-email"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/webshell_regeorg.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/webshell_regeorg.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ba22992ce835dadcd06bff4ab7b162f9"
 		logic_hash = "1657928875c3cd2d5bf774929b0497d78f0211b321f8a4138cc9b8c80b9f99d6"
 		score = 75
@@ -323395,8 +323983,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Keywords_May20_1 : CVE_2019_10149 FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_exim_expl.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_exim_expl.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9f9a81ff0c576f05ac063eaca7a5882dbdb09c9a0778610cca2864636a00efce"
 		score = 75
 		quality = 85
@@ -323418,8 +324006,8 @@ rule SIGNATURE_BASE_APT_Sandworm_SSH_Key_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_exim_expl.yar#L17-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_exim_expl.yar#L17-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "23a43849dfaa80bad2ca4f46b53181b3a4855ee89673ae9b658c854069b9aaa9"
 		score = 75
 		quality = 85
@@ -323442,8 +324030,8 @@ rule SIGNATURE_BASE_APT_Sandworm_SSHD_Config_Modification_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_exim_expl.yar#L33-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_exim_expl.yar#L33-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5775588b3a9d44e9eb2c8ef0f50351d7e3b06f1005f669775fae7187900d5999"
 		score = 75
 		quality = 85
@@ -323467,8 +324055,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Initfile_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_exim_expl.yar#L51-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_exim_expl.yar#L51-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "989f37069820d9ecf67dc71e4761a7cde2c1adf8db40b5f8a47e9c610ddec2e6"
 		score = 75
 		quality = 85
@@ -323492,8 +324080,8 @@ rule SIGNATURE_BASE_APT_Sandworm_User_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_exim_expl.yar#L68-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_exim_expl.yar#L68-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d052792a674dfa2d93a048b550ea085c3b9225662fdb09bf4a602093b0527e38"
 		score = 75
 		quality = 85
@@ -323518,8 +324106,8 @@ rule SIGNATURE_BASE_APT_WEBSHELL_PHP_Sandworm_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_exim_expl.yar#L86-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_exim_expl.yar#L86-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0d10f618c7b465c7691d6054e994a76f56c12eb0a36d2d98b5accd2c1e2c1da7"
 		score = 75
 		quality = 85
@@ -323543,8 +324131,8 @@ rule SIGNATURE_BASE_APT_SH_Sandworm_Shell_Script_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_exim_expl.yar#L103-L129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_exim_expl.yar#L103-L129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b9116585e74ad6159cd31c0c8a84566f981a62ca5b5f82ace8b855a180461071"
 		score = 75
 		quality = 60
@@ -323577,8 +324165,8 @@ rule SIGNATURE_BASE_APT_RU_Sandworm_PY_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/billyleonard/status/1266054881225236482"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_exim_expl.yar#L131-L148"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_exim_expl.yar#L131-L148"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2ccc4c7fc75c04cbcab34904de2e7ab055a15c1017ec0f8d01b06454f4395047"
 		score = 75
 		quality = 85
@@ -323602,8 +324190,8 @@ rule SIGNATURE_BASE_APT_RU_Sandworm_PY_May20_2 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/billyleonard/status/1266054881225236482"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sandworm_exim_expl.yar#L150-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sandworm_exim_expl.yar#L150-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5fb61a9cef64ecf97adc78bf67db667cfd9e5e6f3e03f1bba8f3cdbf6c257520"
 		score = 75
 		quality = 85
@@ -323628,8 +324216,8 @@ rule SIGNATURE_BASE_Icefog_Malware_Feb18_1 : FILE
 		date = "2018-02-26"
 		modified = "2023-01-06"
 		reference = "https://twitter.com/ClearskySec/status/968104465818669057"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_icefog.yar#L11-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_icefog.yar#L11-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8bba0f7f6f6aad6586c2c5ed29f30514d2f88703134f331724cc2ff86ccffe87"
 		score = 75
 		quality = 85
@@ -323659,8 +324247,8 @@ rule SIGNATURE_BASE_MAL_Winnti_BR_Report_Twinpeaks : FILE
 		date = "2019-07-24"
 		modified = "2023-12-05"
 		reference = "https://github.com/br-data/2019-winnti-analyse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_br.yar#L3-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_br.yar#L3-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "76457f5aa4cc4bf4f43ffbaa60d63006455977e881f1d74b845835c505a93fed"
 		score = 75
 		quality = 85
@@ -323683,8 +324271,8 @@ rule SIGNATURE_BASE_MAL_BR_Report_Thedao : FILE
 		date = "2019-07-24"
 		modified = "2023-12-05"
 		reference = "https://github.com/br-data/2019-winnti-analyse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_br.yar#L17-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_br.yar#L17-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "798b092b7667462aa66590603504cb0cd1166e4ac3472627cd8cd8fdf8f0b778"
 		score = 75
 		quality = 60
@@ -323705,8 +324293,8 @@ rule SIGNATURE_BASE_MAL_Winnti_BR_Report_Mockingjay : FILE
 		date = "2019-07-24"
 		modified = "2023-12-05"
 		reference = "https://github.com/br-data/2019-winnti-analyse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_br.yar#L30-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_br.yar#L30-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7a63b6f10cc5feebba16e585cb29d741876e1dc7f4dde3ef43ac76db9c7ad135"
 		score = 75
 		quality = 85
@@ -323729,8 +324317,8 @@ rule SIGNATURE_BASE_VULN_Keepass_DB_Brute_Forcible : FILE
 		date = "2023-07-20"
 		modified = "2023-12-05"
 		reference = "https://keepass.info/help/base/security.html#secdictprotect"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_keepass_brute_forcible.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_keepass_brute_forcible.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "14460f7d4976a3bbd6de2f7cfccfbfec35eb780ab762396a6490669ddde59ce8"
 		score = 60
 		quality = 85
@@ -323752,8 +324340,8 @@ rule SIGNATURE_BASE_APT_MAL_Maldoc_Cloudatlas_Oct20_1 : FILE
 		date = "2020-10-13"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/jfslowik/status/1316050637092651009"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cloudatlas.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cloudatlas.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "772bdd8ec89edf2054e675e9ecb321a7bfe0307a7086a4e5b65f8d8b8cf80ecc"
 		score = 75
 		quality = 85
@@ -323775,8 +324363,8 @@ rule SIGNATURE_BASE_APT_MAL_URL_Cloudatlas_Oct20_2 : FILE
 		date = "2020-10-13"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/jfslowik/status/1316050637092651009"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cloudatlas.yar#L18-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cloudatlas.yar#L18-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8bb60c262a34babbe8839f5d39d1c972eeb41ea77eaae02cc877d908c7033f13"
 		score = 75
 		quality = 85
@@ -323801,8 +324389,8 @@ rule SIGNATURE_BASE_WEBSHELL_APT_PHP_DEWMODE_UNC2546_Feb21_1 : FILE
 		date = "2021-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unc2546_dewmode.yar#L2-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unc2546_dewmode.yar#L2-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "86ce185f6350eb7485bce5bd31d91085fed25aa8ce78813e1c3c3dffbaae58ff"
 		score = 75
 		quality = 60
@@ -323832,8 +324420,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_1 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_pp_zerot.yar#L11-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_pp_zerot.yar#L11-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ad3018e6aa377b5032b04226ecb1e27b2cc7bc8294455ea51e426b5182ed7821"
 		score = 75
 		quality = 85
@@ -323856,8 +324444,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_2 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_pp_zerot.yar#L26-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_pp_zerot.yar#L26-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e31ade3690938fe0999423fbe446d9426e14abd01ebbada4eed8bddb1e2c9ea6"
 		score = 75
 		quality = 85
@@ -323880,8 +324468,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_3 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_pp_zerot.yar#L41-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_pp_zerot.yar#L41-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6920febf177667610e3edb8ba88ec137d085a867c1d6a570d4785fcc9cc62d49"
 		score = 75
 		quality = 85
@@ -323909,8 +324497,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_4 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_pp_zerot.yar#L61-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_pp_zerot.yar#L61-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8011497e7d061a9ebde06667e47b5cd9469a433e0be1401d70637e7ace8e8155"
 		score = 75
 		quality = 85
@@ -323934,8 +324522,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_5 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_pp_zerot.yar#L77-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_pp_zerot.yar#L77-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fbc1a2e078cfae7a9c72612b9c769e84d8c1d59c89e05001571ad00071e38577"
 		score = 75
 		quality = 85
@@ -323962,8 +324550,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_6 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_pp_zerot.yar#L97-L111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_pp_zerot.yar#L97-L111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2de78012cc384211cef6c12817fd8cef9d93eef6de3197d0cfec64c1a8022ae3"
 		score = 75
 		quality = 85
@@ -323987,8 +324575,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_7 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_pp_zerot.yar#L113-L129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_pp_zerot.yar#L113-L129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "87ab6cd5c769e7e38bef807fa7d15af3a66fed8fdb7fed49fa62d87e1049ceb4"
 		score = 75
 		quality = 85
@@ -324014,8 +324602,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_8 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_pp_zerot.yar#L131-L147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_pp_zerot.yar#L131-L147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a1d5e72970919cd5c0493f8882cbc6fb1bb3c5b6517813a4022efd0028dfe728"
 		score = 75
 		quality = 85
@@ -324041,8 +324629,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_9 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_pp_zerot.yar#L149-L163"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_pp_zerot.yar#L149-L163"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "af4b85ef01c4fa21a2506369f3bc0f8eff6e95a4cfd494e1ea11a44d75bb024e"
 		score = 75
 		quality = 85
@@ -324066,8 +324654,8 @@ rule SIGNATURE_BASE_CN_APT_Zerot_Nflogger : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_pp_zerot.yar#L165-L178"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_pp_zerot.yar#L165-L178"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dc9b19e3c4c321cb9f840ec9ff78bec9e4a075cc62ea2823d92a3fbd9f99cc07"
 		score = 75
 		quality = 85
@@ -324090,8 +324678,8 @@ rule SIGNATURE_BASE_CN_APT_Zerot_Extracted_Go : FILE
 		date = "2017-02-04"
 		modified = "2023-01-06"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_pp_zerot.yar#L180-L203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_pp_zerot.yar#L180-L203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bf5e2d825e4bd63e94455ffb4013fa1088098a826390c1916c0aa50866588fcb"
 		score = 75
 		quality = 85
@@ -324122,8 +324710,8 @@ rule SIGNATURE_BASE_CN_APT_Zerot_Extracted_Mcutil : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_pp_zerot.yar#L205-L223"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_pp_zerot.yar#L205-L223"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "edb6000fd65d6593bd94842e60ec099c5a652d10005f81d17063dba1a2e267d2"
 		score = 75
 		quality = 85
@@ -324151,8 +324739,8 @@ rule SIGNATURE_BASE_CN_APT_Zerot_Extracted_Zlh : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_pp_zerot.yar#L225-L241"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_pp_zerot.yar#L225-L241"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "26796f75a8302bd6c93eb3ea43d0491b86770b52bd11aad6e1e250d968a77004"
 		score = 75
 		quality = 85
@@ -324178,8 +324766,8 @@ rule SIGNATURE_BASE_CHAOS_Payload : FILE
 		date = "2017-07-15"
 		modified = "2023-12-05"
 		reference = "https://github.com/tiagorlampert/CHAOS"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_chaos_payload.yar#L11-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_chaos_payload.yar#L11-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ca409d3d0430fbc4c5ae52ce22616132da3a90c1ec3889571c6314e8787eee67"
 		score = 80
 		quality = 85
@@ -324203,8 +324791,8 @@ rule SIGNATURE_BASE_M_APT_Downloader_BEATDROP : FILE
 		date = "2022-04-28"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_apr22.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_apr22.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7a766682cc9a057798cc569111bfcb611648c4a052c0dd664d983b80d5891255"
 		score = 90
 		quality = 85
@@ -324229,8 +324817,8 @@ rule SIGNATURE_BASE_M_APT_Downloader_BOOMMIC : FILE
 		date = "2022-04-28"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_apr22.yar#L19-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_apr22.yar#L19-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c561b19464597f896d31307c0383fbc639cf4211600513e1251a3f59405bfed6"
 		score = 75
 		quality = 85
@@ -324254,8 +324842,8 @@ rule SIGNATURE_BASE_SUSP_BAT2EXE_Bdargo_Converted_BAT : FILE
 		date = "2018-07-28"
 		modified = "2022-06-23"
 		reference = "https://www.majorgeeks.com/files/details/advanced_bat_to_exe_converter.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_bat2exe.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_bat2exe.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "978aa25f1abd0cbd36e55da2b1ed4478a3a5b8b814988669c70e219cc2dd1afd"
 		score = 45
 		quality = 85
@@ -324285,8 +324873,8 @@ rule SIGNATURE_BASE_Snaketurla_Malware_May17_1 : FILE
 		date = "2017-05-04"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/QaOh4V"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_snaketurla_osx.yar#L11-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_snaketurla_osx.yar#L11-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "12b18c9e03f1a471541de2fb3ecc6b90a13910ca299a9b7d2bad9dd11f881506"
 		score = 75
 		quality = 85
@@ -324309,8 +324897,8 @@ rule SIGNATURE_BASE_Snaketurla_Malware_May17_2 : FILE
 		date = "2017-05-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QaOh4V"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_snaketurla_osx.yar#L27-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_snaketurla_osx.yar#L27-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "35bd8650afbc515ecd1cef393fd75f9b77a1e31111612227f0f4557fe8b312a7"
 		score = 75
 		quality = 85
@@ -324335,8 +324923,8 @@ rule SIGNATURE_BASE_Snaketurla_Malware_May17_4 : FILE
 		date = "2017-05-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QaOh4V"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_snaketurla_osx.yar#L44-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_snaketurla_osx.yar#L44-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7b6aac2313ea7dae572114e92ad0b5437c5be2542853de3b184bef780faee68b"
 		score = 75
 		quality = 85
@@ -324359,8 +324947,8 @@ rule SIGNATURE_BASE_Snaketurla_Installd_SH : FILE
 		date = "2017-05-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QaOh4V"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_snaketurla_osx.yar#L59-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_snaketurla_osx.yar#L59-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5b16107434951ddb212996909d53dfbcdae74ed13df6690ce3f6c74258ab4670"
 		score = 75
 		quality = 85
@@ -324383,8 +324971,8 @@ rule SIGNATURE_BASE_Snaketurla_Install_SH : FILE
 		date = "2017-05-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QaOh4V"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_snaketurla_osx.yar#L74-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_snaketurla_osx.yar#L74-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "019d20ca6632759cf01962d336c22831edc64b6927d8b27d026b76eb118fce02"
 		score = 75
 		quality = 85
@@ -324407,8 +324995,8 @@ rule SIGNATURE_BASE_Pos_Malware_Malumpos
 		date = "2015-05-25"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_malumpos.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_malumpos.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ece32e51a12adf0d68420c8d98efbe7df27b9061ddfe4dcedf151f9f06287eee"
 		score = 75
 		quality = 60
@@ -324434,8 +325022,8 @@ rule SIGNATURE_BASE_Uboatrat : FILE
 		date = "2017-11-29"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_uboat_rat.yar#L9-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_uboat_rat.yar#L9-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3d0837607d1a5efd9986eccf98f108633502a09dbf8c4c94fc0f0247060bc3a8"
 		score = 75
 		quality = 83
@@ -324473,8 +325061,8 @@ rule SIGNATURE_BASE_Uboatrat_Dropper : FILE
 		date = "2017-11-29"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_uboat_rat.yar#L52-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_uboat_rat.yar#L52-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6f8dcc8559fa0ab1644ef6bab9bc875f3d62391c157b373e0355ad03d35e5601"
 		score = 75
 		quality = 85
@@ -324501,8 +325089,8 @@ rule SIGNATURE_BASE_MAL_CMD_Script_Obfuscated_Feb19_1 : FILE
 		date = "2019-03-01"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DbgShell/status/1101076457189793793"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cmd_script_obfuscated.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cmd_script_obfuscated.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "71c8831686796c921674ec293b5bdf2c42ae9069b258c85c9e0ca6a7f972daf8"
 		score = 75
 		quality = 85
@@ -324525,8 +325113,8 @@ rule SIGNATURE_BASE_SUSP_Microsoft_7Z_SFX_Combo : FILE
 		date = "2018-09-16"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_sfx_with_microsoft_copyright.yar#L1-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_sfx_with_microsoft_copyright.yar#L1-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f48887e0c1031d180e25f2d1b9e016d434f594aef283ab3af8418e86496d2eac"
 		score = 65
 		quality = 85
@@ -324557,8 +325145,8 @@ rule SIGNATURE_BASE_SUSP_Microsoft_RAR_SFX_Combo : FILE
 		date = "2018-09-16"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_sfx_with_microsoft_copyright.yar#L27-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_sfx_with_microsoft_copyright.yar#L27-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a0f29fcf86139a6f95b4ab0095154bd26b555f1576b5a2e263c1939bc30e3431"
 		score = 65
 		quality = 85
@@ -324590,8 +325178,8 @@ rule SIGNATURE_BASE_SUSP_Fake_AMSI_DLL_Jun23_1 : FILE
 		date = "2023-06-07"
 		modified = "2023-06-12"
 		reference = "https://twitter.com/eversinc33/status/1666121784192581633?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_fake_amsi_dll.yar#L3-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_fake_amsi_dll.yar#L3-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ec3db233ab22144bc65614b45bb894a7ea5a4fd40ccb603e6e52cc1b9ff8805b"
 		score = 65
 		quality = 85
@@ -324618,8 +325206,8 @@ rule SIGNATURE_BASE_Xdedic_Sysscan_Unpacked : CRIMEWARE FILE
 		date = "2016-03-14"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/75027/xdedic-the-shady-world-of-hacked-servers-for-sale/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sysscan.yar#L1-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sysscan.yar#L1-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "df0834e89c512721547001c910c1461f028a46e954dd51017d4e8bde7893d04a"
 		score = 75
 		quality = 85
@@ -324654,8 +325242,8 @@ rule SIGNATURE_BASE_Xdedic_Packed_Syscan : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sysscan.yar#L29-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sysscan.yar#L29-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "04eb5b056e892b2c2cf87e3770847226cccaceb1c743f3b9f8ac548026747ccf"
 		score = 75
 		quality = 83
@@ -324678,8 +325266,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Rel : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_putterpanda.yar#L1-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_putterpanda.yar#L1-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5367e183df155e3133d916f7080ef973f7741d34"
 		logic_hash = "f2ffab73993c578f47e17babc2e65301b3720e438b33e57f2af31b7183bfd20f"
 		score = 70
@@ -324713,8 +325301,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Rel_2 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_putterpanda.yar#L30-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_putterpanda.yar#L30-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f97e01ee04970d1fc4d988a9e9f0f223ef2a6381"
 		logic_hash = "60a48288cb106135728fb676ecad2b9be5254d5dc5094da158ea9dc07704c9ab"
 		score = 70
@@ -324752,8 +325340,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_PSAPI : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_putterpanda.yar#L61-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_putterpanda.yar#L61-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f93a7945a33145bb6c106a51f08d8f44eab1cdf5"
 		logic_hash = "b73f1db2ca8a3164562314ebd9903c864eb2690c95731959df0e99656544ed40"
 		score = 70
@@ -324780,8 +325368,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_WUAUCLT
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_putterpanda.yar#L81-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_putterpanda.yar#L81-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fd5ca5a2d444865fa8320337467313e4026b9f78"
 		logic_hash = "49cae3b727d6b2673dc9a6497d59c9abdd78d486e1eaf6f036f6eb1aef9a8fcb"
 		score = 70
@@ -324815,8 +325403,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Gen1 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_putterpanda.yar#L110-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_putterpanda.yar#L110-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8054195f212017fb17953728a7df34645d81c93fee75300e44f467c6aa5efaff"
 		score = 75
 		quality = 85
@@ -324847,8 +325435,8 @@ rule SIGNATURE_BASE_Malware_Msupdater_String_In_EXE : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_putterpanda.yar#L133-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_putterpanda.yar#L133-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b1a2043b7658af4d4c9395fa77fde18ccaf549bb"
 		logic_hash = "2b7a43aee6dbac1bfa7d9e0331cb078394ae78a1ec44c1a4a70a63b38595abe0"
 		score = 50
@@ -324878,8 +325466,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Msupdater_3 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_putterpanda.yar#L158-L175"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_putterpanda.yar#L158-L175"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "464149ff23f9c7f4ab2f5cadb76a4f41f969bed0"
 		logic_hash = "09e7da7f2bfbae9252502ea1ea61b612c1af2e4c70508b34e685b46429d4613c"
 		score = 70
@@ -324905,8 +325493,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Msupdater_1 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_putterpanda.yar#L177-L200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_putterpanda.yar#L177-L200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b55072b67543f58c096571c841a560c53d72f01a"
 		logic_hash = "038be28609df0187cbbce0d16fee7c902b742458f1201ff3c0d5fde19acd2c56"
 		score = 70
@@ -324936,8 +325524,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Msupdater_2 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_putterpanda.yar#L202-L236"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_putterpanda.yar#L202-L236"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "365b5537e3495f8ecfabe2597399b1f1226879b1"
 		logic_hash = "47d75e589d47a39d5a9c9e0047a143074d3d74b5541adf8cb3be968da732a96d"
 		score = 70
@@ -324980,8 +325568,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Gen4 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_putterpanda.yar#L238-L276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_putterpanda.yar#L238-L276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7d450935febe5d6db14be1e7694db1d7b9e8fcacf013920e89c7b25659254310"
 		score = 70
 		quality = 85
@@ -325022,8 +325610,8 @@ rule SIGNATURE_BASE_MAL_LNX_PLAGUE_BACKDOOR_Jul25 : FILE
 		date = "2025-07-25"
 		modified = "2025-09-17"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lnx_plague.yar#L1-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lnx_plague.yar#L1-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "14b0c90a2eff6b94b9c5160875fcf29aff15dcfdfd3402d953441d9b0dca8b39"
 		hash = "7c3ada3f63a32f4727c62067d13e40bcb9aa9cbec8fb7e99a319931fc5a9332e"
 		logic_hash = "9ef7d8153c8567f85b8713467bf5b175e0c2af050e1f275fb2441bbca8d20a79"
@@ -325056,8 +325644,8 @@ rule SIGNATURE_BASE_Codoso_Plugx_3 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L11-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L11-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "74e1e83ac69e45a3bee78ac2fac00f9e897f281ea75ed179737e9b6fe39971e3"
 		logic_hash = "51615c2583bb672f148f216e4856e7e346b17884f0740d69f6a24f08b594bda4"
 		score = 75
@@ -325083,8 +325671,8 @@ rule SIGNATURE_BASE_Codoso_Plugx_2 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b9510e4484fa7e3034228337768176fce822162ad819539c6ca3631deac043eb"
 		logic_hash = "5ee652a135d4865340d2ce6421144ec76ccc7ab69704e92904b2e2ebfc72edfc"
 		score = 75
@@ -325111,8 +325699,8 @@ rule SIGNATURE_BASE_Codoso_Customtcp_4 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L46-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L46-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fcabbd37acf75e1233894682e77abad95a849ed68c7e8ce2690dde03d8160f8b"
 		score = 75
 		quality = 85
@@ -325145,8 +325733,8 @@ rule SIGNATURE_BASE_Codoso_Customtcp_3 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L72-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L72-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d66106ec2e743dae1d71b60a602ca713b93077f56a47045f4fc9143aa3957090"
 		logic_hash = "fb486985587fc28c45cbdf6a63550e60e8d6c18f218544adc19c5604193fe8ea"
 		score = 75
@@ -325177,8 +325765,8 @@ rule SIGNATURE_BASE_Codoso_Customtcp_2 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L94-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L94-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3577845d71ae995762d4a8f43b21ada49d809f95c127b770aff00ae0b64264a3"
 		logic_hash = "a355ac60dca5ca880a90a5c2720690b4691630fd434411758fa7ff006f7389ba"
 		score = 75
@@ -325208,8 +325796,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_6 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L115-L129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L115-L129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4b16f6e8414d4192d0286b273b254fa1bd633f5d3d07ceebd03dfdfc32d0f17f"
 		logic_hash = "0907274bd6c97b7d7b2913e42aa748c92012aeeb32196ddcbcd30332f4e95ac9"
 		score = 75
@@ -325233,8 +325821,8 @@ rule SIGNATURE_BASE_Codoso_Gh0St_3 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L130-L151"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L130-L151"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bf52ca4d4077ae7e840cf6cd11fdec0bb5be890ddd5687af5cfa581c8c015fcd"
 		logic_hash = "e24d434d8f08b83f8e4b1f4aa75a84a040e4f56cdbd9a58ff49c463437e78c24"
 		score = 75
@@ -325264,8 +325852,8 @@ rule SIGNATURE_BASE_Codoso_Gh0St_2 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L152-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L152-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841"
 		logic_hash = "5864e52820578769a31a6925795d13283d7b3bc5f9ac50ac8aea6578a5919e71"
 		score = 75
@@ -325293,8 +325881,8 @@ rule SIGNATURE_BASE_Codoso_Customtcp : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L171-L188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L171-L188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b95d7f56a686a05398198d317c805924c36f3abacbb1b9e3f590ec0d59f845d8"
 		logic_hash = "4f0333de25b9f84ecaa3e63c5f600f53929244cd63a681d21cb78cfe17ca15f9"
 		score = 75
@@ -325321,8 +325909,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_5 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L192-L208"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L192-L208"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e248bada3ac46611bbe2cf1e1afee902191a2c1fb9611c4a052318e5e093b015"
 		score = 75
 		quality = 85
@@ -325348,8 +325936,8 @@ rule SIGNATURE_BASE_Codoso_Gh0St_1 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L209-L247"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L209-L247"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "799ae0946464e5b4980f792e525da9eec46aa7844ec977f892a80f58d8b22afd"
 		score = 75
 		quality = 85
@@ -325393,8 +325981,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_4 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L248-L275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L248-L275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f24100c0fe837511ce6144224eda397fed3931072e364f1b5be49c7bb4102aa4"
 		score = 75
 		quality = 85
@@ -325430,8 +326018,8 @@ rule SIGNATURE_BASE_Codoso_Plugx_1 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L276-L294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L276-L294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "34736c85699a94b1413e5f9934e1a55841e8296df61d558bccf2d477e545d156"
 		score = 75
 		quality = 85
@@ -325459,8 +326047,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_3
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L295-L314"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L295-L314"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "371a91b08747b8025baba79797baf9f29487f9c3541f27fc2c2716b531d30b54"
 		score = 75
 		quality = 85
@@ -325489,8 +326077,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_2 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L315-L337"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L315-L337"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7eab3d398b5172127383047de7106a9713ec5b149f8e8ca1506b3382b007f648"
 		score = 75
 		quality = 85
@@ -325522,8 +326110,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_1 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_codoso.yar#L339-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_codoso.yar#L339-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8cecf96c7732becf83eb900bc36fa44daee466da6b483ea4f8c25ae9aeffcb7b"
 		score = 75
 		quality = 85
@@ -325560,8 +326148,8 @@ rule SIGNATURE_BASE_MAL_WIPER_Isaacwiper_Mar22_1 : FILE
 		date = "2022-03-03"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ua_isaacwiper.yar#L3-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ua_isaacwiper.yar#L3-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6fe7d1536db5fc30c9b4a171be66993fc69e6a1d96dae00be4170bdb4a53afb8"
 		score = 85
 		quality = 85
@@ -325590,8 +326178,8 @@ rule SIGNATURE_BASE_Bronzebutler_Daserf_Delphi_1 : FILE
 		date = "2017-10-14"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bronze_butler.yar#L13-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bronze_butler.yar#L13-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6034a6746a5bd762d869ad2e791d80aca8a1251afa9386d6b657f23092c6fc42"
 		score = 75
 		quality = 85
@@ -325625,8 +326213,8 @@ rule SIGNATURE_BASE_Bronzebutler_Daserf_C_1 : FILE
 		date = "2017-10-14"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bronze_butler.yar#L38-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bronze_butler.yar#L38-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0b0c05db41d6b6ac48b31d8c22aead301470f465c2840ddc98ed9577d0aaa50b"
 		score = 75
 		quality = 85
@@ -325670,8 +326258,8 @@ rule SIGNATURE_BASE_Bronzebutler_Dget_1 : FILE
 		date = "2017-10-14"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bronze_butler.yar#L80-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bronze_butler.yar#L80-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2d5537f581039fa4561950402a34cbd9abd54c167d659fbbe74f1cb83217e3fb"
 		score = 75
 		quality = 85
@@ -325694,8 +326282,8 @@ rule SIGNATURE_BASE_Bronzebutler_Uacbypass_1 : FILE
 		date = "2017-10-14"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bronze_butler.yar#L95-L113"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bronze_butler.yar#L95-L113"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "64b70b9f5963be9009025c14a6e98be9642599af5226f77946b6255116fc22d8"
 		score = 75
 		quality = 85
@@ -325723,8 +326311,8 @@ rule SIGNATURE_BASE_Bronzebutler_Xxmm_1 : FILE
 		date = "2017-10-14"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bronze_butler.yar#L115-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bronze_butler.yar#L115-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eb9c12cbe2fe132a9588b744d10caee12716f622c31da8a1cee4c0f88d693e8e"
 		score = 75
 		quality = 85
@@ -325755,8 +326343,8 @@ rule SIGNATURE_BASE_Bronzebutler_Rarstar_1 : FILE
 		date = "2017-10-14"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bronze_butler.yar#L142-L158"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bronze_butler.yar#L142-L158"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0e418e595020d91c575051c3b1639b09efad150c625b62eec3d1331f9792641b"
 		score = 75
 		quality = 85
@@ -325782,8 +326370,8 @@ rule SIGNATURE_BASE_Daserf_Nov1_Bronzebutler : FILE
 		date = "2017-11-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/ffeCfd"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bronze_butler.yar#L170-L196"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bronze_butler.yar#L170-L196"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "75edc17c51f4ea82ff7722df2f5825721ff64445fb8c78b450f1333bd32b5829"
 		score = 75
 		quality = 85
@@ -325816,8 +326404,8 @@ rule SIGNATURE_BASE_Sofacy_Jun16_Sample1 : FILE
 		date = "2016-06-14"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/mzAa97"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_jun16.yar#L10-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_jun16.yar#L10-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "761cec3d04e6b5273cfb450000023ed10ea73d17648c0af7660f4ef2b37fc31c"
 		score = 85
 		quality = 85
@@ -325841,8 +326429,8 @@ rule SIGNATURE_BASE_Sofacy_Jun16_Sample2 : FILE
 		date = "2016-06-14"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/mzAa97"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_jun16.yar#L27-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_jun16.yar#L27-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a1f334996527556334c34d0308da6165e9d2a3d7eb8b2ecc322b574dea4d4844"
 		score = 85
 		quality = 85
@@ -325872,8 +326460,8 @@ rule SIGNATURE_BASE_Sofacy_Jun16_Sample3 : FILE
 		date = "2016-06-14"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/mzAa97"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_jun16.yar#L51-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_jun16.yar#L51-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bdc6fcc30ebd7a966391747e4156a6d94dc9187e8b8898de4c441540ec4e637e"
 		score = 85
 		quality = 85
@@ -325894,12 +326482,12 @@ rule SIGNATURE_BASE_SUSP_Two_Byte_XOR_PE_And_MZ : FILE
 		author = "Wesley Shields <wxs@atarininja.org>"
 		id = "ddb87194-bafb-597d-9184-fe4fe3c5ce8d"
 		date = "2021-10-11"
-		modified = "2023-12-05"
+		modified = "2025-11-03"
 		reference = "https://gist.github.com/wxsBSD/bf7b88b27e9f879016b5ce2c778d3e83"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_xored_pe.yar#L2-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_xored_pe.yar#L1-L12"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8a43ff9ec966df72ef35fb9ba9bbbd6f8b0f3761669bb91dc5919645d6327174"
-		score = 70
+		score = 60
 		quality = 85
 		tags = "FILE"
 
@@ -325913,12 +326501,12 @@ rule SIGNATURE_BASE_SUSP_Four_Byte_XOR_PE_And_MZ : FILE
 		author = "Wesley Shields <wxs@atarininja.org>"
 		id = "d7b4b462-dfde-5d1f-8039-63522436c15f"
 		date = "2021-10-11"
-		modified = "2023-12-05"
+		modified = "2025-11-03"
 		reference = "https://gist.github.com/wxsBSD/bf7b88b27e9f879016b5ce2c778d3e83"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_xored_pe.yar#L15-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_xored_pe.yar#L14-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "28230cd3c1d1da97a98df09243593eb59b57f376f651d5f22c3ea5903f0f73e4"
-		score = 70
+		score = 60
 		quality = 85
 		tags = "FILE"
 
@@ -325934,8 +326522,8 @@ rule SIGNATURE_BASE_Crime_Ole_Loadswf_Cve_2018_4878 : PURPORTED_NORTH_KOREAN_ACT
 		date = "2025-01-01"
 		modified = "2023-12-05"
 		reference = "hxxps://www[.]krcert[.]or[.kr/data/secNoticeView.do?bulletin_writing_sequence=26998"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ole_loadswf_cve_2018_4878.yar#L2-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ole_loadswf_cve_2018_4878.yar#L2-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "716cad0c5a12cc360522e2649c7870a493bef4bec3d55c3a3e235f3a85c02a56"
 		score = 75
 		quality = 85
@@ -325969,8 +326557,8 @@ rule SIGNATURE_BASE_NK_Miner_Malware_Jan18_1 : FILE
 		date = "2018-01-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/PChE1z"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_nkminer.yar#L11-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_nkminer.yar#L11-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eb75fe7d70b547a4774b74c01e11479949dfccb8645af330f87b51daaf0d8dbf"
 		score = 75
 		quality = 85
@@ -326006,8 +326594,8 @@ rule SIGNATURE_BASE_APT_Liudoor : WIN32_DLL
 		date = "2015-07-23"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_terracotta_liudoor.yar#L1-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_terracotta_liudoor.yar#L1-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6f60002d0173a8ebd2b407e79377d4816e699742aedb1e0649b08fd4ca6cf359"
 		score = 75
 		quality = 85
@@ -326042,8 +326630,8 @@ rule SIGNATURE_BASE_APT_Pupyrat_PY : FILE
 		date = "2017-02-17"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_magichound.yar#L10-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_magichound.yar#L10-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b30bc3082be3229ea2ef5d7c51ab6f97df2f612c80c45892e1a13fde1fb56725"
 		score = 75
 		quality = 85
@@ -326071,8 +326659,8 @@ rule SIGNATURE_BASE_APT_Magichound_Malmacro : FILE
 		date = "2017-02-17"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_magichound.yar#L33-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_magichound.yar#L33-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "198c6e7ab957d5c1bb45449b0b2210532e97ed11700f8435201200746e0dfa48"
 		score = 75
 		quality = 85
@@ -326100,8 +326688,8 @@ rule SIGNATURE_BASE_WEBSHELL_H4Ntu_Shell_Powered_Tsoi_3
 		modified = "2025-03-21"
 		old_rule_name = "Webshell_h4ntu_shell_powered_by_tsoi_"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L32-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L32-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "06ed0b2398f8096f1bebf092d0526137"
 		logic_hash = "871e9a057ca3920fcebaec5c2555c2d936d813c0d8bb2a6a69726dee7a796ff8"
 		score = 70
@@ -326126,8 +326714,8 @@ rule SIGNATURE_BASE_WEBSHELL_H4Ntu_Shell_Powered_Tsoi : FILE
 		modified = "2025-03-21"
 		old_rule_name = "Webshell_h4ntu_shell__powered_by_tsoi_"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L48-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L48-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "06ed0b2398f8096f1bebf092d0526137"
 		logic_hash = "3d9b568a66f3e6933b385fed30921883dd7be17863670c648702ae3403b6e8a1"
 		score = 80
@@ -326148,10 +326736,10 @@ rule SIGNATURE_BASE_Webshell_PHP_Sql
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L65-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L65-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2cf20a207695bbc2311a998d1d795c35"
 		logic_hash = "83049c3c5bce88d239b59accb173e234c3169f59187de17b7e6c2a0aa58a552f"
 		score = 70
@@ -326173,10 +326761,10 @@ rule SIGNATURE_BASE_Webshell_PHP_A
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L80-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L80-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e3b461f7464d81f5022419d87315a90d"
 		logic_hash = "6bdd5fbe9b16f2d84b884239cf3b6453587933c6b0c4308508d10019b4f36e38"
 		score = 70
@@ -326199,10 +326787,10 @@ rule SIGNATURE_BASE_Webshell_Imhapftp_2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L96-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L96-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "12911b73bc6a5d313b494102abcf5c57"
 		logic_hash = "9099504870c1e466808060f11aea38472832846d24e3c84fdd69b7d26bfed69d"
 		score = 70
@@ -326224,10 +326812,10 @@ rule SIGNATURE_BASE_Webshell_Jspspyweb
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L111-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L111-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4e9be07e95fff820a9299f3fb4ace059"
 		logic_hash = "491d9c4efee27469f2a26f6fcb7f7c768eac60977e640096ea5f78ff346e7fbe"
 		score = 70
@@ -326249,10 +326837,10 @@ rule SIGNATURE_BASE_Webshell_Safe_Mode_Bypass_PHP_4_4_2_And_PHP_5_1_2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L126-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L126-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "49ad9117c96419c35987aaa7e2230f63"
 		logic_hash = "d3d27d80f5f3adbc050a59d0c25953ec5d634344b5d051a4abdf4eeed3b8b035"
 		score = 70
@@ -326274,10 +326862,10 @@ rule SIGNATURE_BASE_Webshell_Simattacker_Vrsion_1_0_0_Priv8_4_My_Friend
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L141-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L141-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "089ff24d978aeff2b4b2869f0c7d38a3"
 		logic_hash = "fc553942b06b305f7b0d5b072a8d4517b0e51229545440ea9c43e9be01d64efa"
 		score = 70
@@ -326299,10 +326887,10 @@ rule SIGNATURE_BASE_Webshell_Phpshell_2_1_Pwhash
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L156-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L156-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ba120abac165a5a30044428fac1970d8"
 		logic_hash = "616c0570550cdb9394b5675864d4eec3fa62390f880817406b2a3b63952b69f0"
 		score = 70
@@ -326324,10 +326912,10 @@ rule SIGNATURE_BASE_Webshell_Phpremoteview
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L171-L185"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L171-L185"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "29420106d9a81553ef0d1ca72b9934d9"
 		logic_hash = "2de48b8640c0f2089a4a0badb4429127cb61ac972459290041e20b959e4e0c05"
 		score = 70
@@ -326349,10 +326937,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_12302
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L186-L201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L186-L201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a3930518ea57d899457a62f372205f7f"
 		logic_hash = "0959a138abc791f17344e25e84b24888ddfe238981fc7e3ffd76c0390006ea46"
 		score = 70
@@ -326375,10 +326963,10 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Guo
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L202-L216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L202-L216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9e69a8f499c660ee0b4796af14dc08f0"
 		logic_hash = "efb7055f42dd6be41ea3983cacea1a70b83675c8ebcb88ae3b250066a29e94eb"
 		score = 70
@@ -326400,10 +326988,10 @@ rule SIGNATURE_BASE_Webshell_PHP_Redcod
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L217-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L217-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5c1c8120d82f46ff9d813fbe3354bac5"
 		logic_hash = "eddfd90d27793756bcc685ffe33b2dabc3bb28b9654c33a0f99359e8b6f13678"
 		score = 70
@@ -326425,10 +327013,10 @@ rule SIGNATURE_BASE_Webshell_Remview_Fix
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L232-L246"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L232-L246"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a24b7c492f5f00e2a19b0fa2eb9c3697"
 		logic_hash = "0b29ef74fb0786aefe99281360dc4fe27005eac345a36bc14259afa6fc555303"
 		score = 70
@@ -326450,10 +327038,10 @@ rule SIGNATURE_BASE_Webshell_Asp_Cmd
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L247-L262"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L247-L262"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "895ca846858c315a3ff8daa7c55b3119"
 		logic_hash = "8e72b54267c2f83b288cdd43ccd56ae4ab1f95c17f4dde077e637d951df54866"
 		score = 70
@@ -326476,10 +327064,10 @@ rule SIGNATURE_BASE_Webshell_Php_Sh_Server
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L263-L276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L263-L276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d87b019e74064aa90e2bb143e5e16cfa"
 		logic_hash = "9f4d940a381e7bd298a252f485d5f1d26fd191c27f6e86e8fa6028237592a8c3"
 		score = 50
@@ -326500,10 +327088,10 @@ rule SIGNATURE_BASE_Webshell_PH_Vayv_PH_Vayv
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L277-L291"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L277-L291"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "35fb37f3c806718545d97c6559abd262"
 		logic_hash = "8769400b7b6828849f27092d790d291721c7e1b39dfd2080de5da8e59dd25523"
 		score = 70
@@ -326525,10 +327113,10 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Ice
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L292-L305"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L292-L305"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6560b436d3d3bb75e2ef3f032151d139"
 		logic_hash = "d92cc9ac8630b40f23b9ff7cda5a237b4885d30de4b9b497be7512e7eb020a09"
 		score = 70
@@ -326549,10 +327137,10 @@ rule SIGNATURE_BASE_Webshell_Cihshell_Fix
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L306-L320"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L306-L320"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3823ac218032549b86ee7c26f10c4cb5"
 		logic_hash = "59ae76d6828d8c0ddcbafa19063e6dcf25c826386f46df2b8f9674b628365a2b"
 		score = 70
@@ -326574,10 +327162,10 @@ rule SIGNATURE_BASE_Webshell_Asp_Shell
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L321-L335"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L321-L335"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e63f5a96570e1faf4c7b8ca6df750237"
 		logic_hash = "5cc698e4ff23ca296b339589d12c24e67c99272e73445604a4552d3023e19636"
 		score = 70
@@ -326599,10 +327187,10 @@ rule SIGNATURE_BASE_Webshell_Private_I3Lue
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L336-L349"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L336-L349"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "13f5c7a035ecce5f9f380967cf9d4e92"
 		logic_hash = "274586f2c451eda45c3a52b615961dbba806f8d25e34cc358e661fcfd1143d08"
 		score = 70
@@ -326623,10 +327211,10 @@ rule SIGNATURE_BASE_Webshell_Php_Up
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L350-L365"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L350-L365"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7edefb8bd0876c41906f4b39b52cd0ef"
 		logic_hash = "22f444ce4068f46c0b57e566faca0c6377346e403de592b0e51869781fda31a9"
 		score = 70
@@ -326649,10 +327237,10 @@ rule SIGNATURE_BASE_Webshell_Mysql_Interface_V1_0
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L366-L379"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L366-L379"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a12fc0a3d31e2f89727b9678148cd487"
 		logic_hash = "baa938c4cfd2c46b1752d866e186d76a04c353617d8ec3e0d78a3c546b120d13"
 		score = 70
@@ -326673,10 +327261,10 @@ rule SIGNATURE_BASE_Webshell_Php_S_U
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L380-L393"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L380-L393"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "efc7ba1a4023bcf40f5e912f1dd85b5a"
 		logic_hash = "3c6904fa475784e737275fd47eabea077bed57e920071c68fa09f7defecbdb72"
 		score = 70
@@ -326697,10 +327285,10 @@ rule SIGNATURE_BASE_Webshell_Phpshell_2_1_Config
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L394-L407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L394-L407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bd83144a649c5cc21ac41b505a36a8f3"
 		logic_hash = "51d16bcaef5f6795ebcd1154dca79d5cf5a389948b0e59f4939c30fef877e816"
 		score = 70
@@ -326721,10 +327309,10 @@ rule SIGNATURE_BASE_Webshell_Asp_EFSO_2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L408-L421"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L408-L421"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a341270f9ebd01320a7490c12cb2e64c"
 		logic_hash = "19bd00fabe0b4695129c180dd145e757e0b2c2a6dad751e8c889222c191e03ce"
 		score = 70
@@ -326745,10 +327333,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Up
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L422-L435"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L422-L435"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "515a5dd86fe48f673b72422cccf5a585"
 		logic_hash = "77c8121d000c45e44717689dec535fde7c9722005d1e4ff40d0b84abcf289f47"
 		score = 70
@@ -326769,10 +327357,10 @@ rule SIGNATURE_BASE_Webshell_Networkfilemanagerphp
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L436-L449"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L436-L449"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "acdbba993a5a4186fd864c5e4ea0ba4f"
 		logic_hash = "235e4062a9b9ebdf7dd0b8a2cb3b16ba7688a75b90d8c527344cf9605304838d"
 		score = 70
@@ -326793,10 +327381,10 @@ rule SIGNATURE_BASE_Webshell_Server_Variables
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L450-L464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L450-L464"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "47fb8a647e441488b30f92b4d39003d7"
 		logic_hash = "2a85301f1d6e4c457ff0a1b2a08eb6f054905993a0667087f37b9a7352e38911"
 		score = 70
@@ -326818,10 +327406,10 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Ice_2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L465-L478"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L465-L478"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1d6335247f58e0a5b03e17977888f5f2"
 		logic_hash = "57c3c369abd826d676290300d8df2d890b777fa1f0e1156654062159a4228db7"
 		score = 70
@@ -326842,10 +327430,10 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Mdb
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L479-L492"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L479-L492"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fbf3847acef4844f3a0d04230f6b9ff9"
 		logic_hash = "89f7692acd754992f9379b9b4661a01d6ab95cb85a3c2699928aa5ed3a3ac8c5"
 		score = 70
@@ -326866,10 +327454,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Guige
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L493-L506"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L493-L506"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2c9f2dafa06332957127e2c713aacdd2"
 		logic_hash = "9d71095b5c709dfdd8b5fcebcaa4493d9c93e841e85cda2e2255e0c15ea83659"
 		score = 70
@@ -326890,10 +327478,10 @@ rule SIGNATURE_BASE_Webshell_Phpspy2010
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L507-L522"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L507-L522"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "14ae0e4f5349924a5047fed9f3b105c5"
 		logic_hash = "b3acef196b30cf9afe24c81860bedff69fc5652c514aa36aba85d16b12bcc432"
 		score = 70
@@ -326916,10 +327504,10 @@ rule SIGNATURE_BASE_Webshell_Asp_Ice
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L523-L536"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L523-L536"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d141e011a92f48da72728c35f1934a2b"
 		logic_hash = "524419e802d3cb6ac310565af22ec28044984aa4b1b2ee1cfbd292afd071709c"
 		score = 70
@@ -326940,10 +327528,10 @@ rule SIGNATURE_BASE_Webshell_Drag_System
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L537-L550"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L537-L550"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "15ae237cf395fb24cf12bff141fb3f7c"
 		logic_hash = "8ea8d9d64521f47f1396e4f4d6c8f4a71fa1a643799ec408e1d2e0f255dc4996"
 		score = 70
@@ -326964,10 +327552,10 @@ rule SIGNATURE_BASE_Webshell_Darkblade1_3_Asp_Indexx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L551-L564"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L551-L564"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b7f46693648f534c2ca78e3f21685707"
 		logic_hash = "57cfe09d53d42ee9d909a3894b8a3362209c1972c7d96ae5fdc61681c2998a89"
 		score = 70
@@ -326988,10 +327576,10 @@ rule SIGNATURE_BASE_Webshell_Phpshell3
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L565-L580"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L565-L580"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "76117b2ee4a7ac06832d50b2d04070b8"
 		logic_hash = "868b1b69fab3ec6fcfa15557075f313f4af0ec9cd15f41bb9dcc9bc26fc17f93"
 		score = 70
@@ -327014,10 +327602,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Hsxa
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L581-L594"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L581-L594"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d0e05f9c9b8e0b3fa11f57d9ab800380"
 		logic_hash = "7f79b66d87f638bc09ee576de4dc4a8c5b1da7c406d318eeff7a4221c35d2313"
 		score = 70
@@ -327038,10 +327626,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Utils
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L595-L609"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L595-L609"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9827ba2e8329075358b8e8a53e20d545"
 		logic_hash = "90a5b64e59306bdffc5a89f5d86a2dc7a17669021d863e2a5ecea13d65c19053"
 		score = 70
@@ -327063,10 +327651,10 @@ rule SIGNATURE_BASE_Webshell_Asp_01
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L610-L623"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L610-L623"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "61a687b0bea0ef97224c7bd2df118b87"
 		logic_hash = "e057800013a9a8f4c3ecbe4e27c14e904700548e6ad9dc1f00313c7a3de7fd2d"
 		score = 50
@@ -327087,10 +327675,10 @@ rule SIGNATURE_BASE_Webshell_Asp_404
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L624-L637"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L624-L637"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d9fa1e8513dbf59fa5d130f389032a2d"
 		logic_hash = "3db951af36ed3d08bc10b4c3fc2e67481f005580fb76f66b6ec5789ed6e2efdb"
 		score = 70
@@ -327111,10 +327699,10 @@ rule SIGNATURE_BASE_Webshell_Webshell_Cnseay02_1
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L638-L651"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L638-L651"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "95fc76081a42c4f26912826cb1bd24b1"
 		logic_hash = "9950fb7c26dfb25665093dbcf5c4a9dcf65466783509a3caa11c2c96d177d855"
 		score = 70
@@ -327135,10 +327723,10 @@ rule SIGNATURE_BASE_Webshell_Php_Fbi
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L652-L665"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L652-L665"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1fb32f8e58c8deb168c06297a04a21f1"
 		logic_hash = "de8584ae83ee3e23f4ce00ccd73f75b4568d6a4544af45b83784a9a0c34d42e3"
 		score = 70
@@ -327159,10 +327747,10 @@ rule SIGNATURE_BASE_Webshell_B374Kphp_B374K
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L666-L682"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L666-L682"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bed7388976f8f1d90422e8795dff1ea6"
 		logic_hash = "1f0fc5e309dd67a11d6ba9b698fd9ca3c7e6616545c220de79aaa3b63f0ad931"
 		score = 70
@@ -327186,10 +327774,10 @@ rule SIGNATURE_BASE_Webshell_Cmd_Asp_5_1
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L683-L696"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L683-L696"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8baa99666bf3734cbdfdd10088e0cd9f"
 		logic_hash = "1ff4ae8c08cec4605594e97d6c077d4808d3a73c04ddf6a51952252dd2d01cf4"
 		score = 70
@@ -327210,10 +327798,10 @@ rule SIGNATURE_BASE_Webshell_Php_Dodo_Zip
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L697-L711"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L697-L711"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b7800364374077ce8864796240162ad5"
 		logic_hash = "bdeffafdedeadaba36c5c67f981c42d6111b954622780b930e9eeb9956c638b5"
 		score = 70
@@ -327235,10 +327823,10 @@ rule SIGNATURE_BASE_Webshell_Azrailphp_V1_0
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L712-L726"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L712-L726"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "26b2d3943395682e36da06ed493a3715"
 		logic_hash = "d0ccf9e37e378db4523d7918b30cff358115e7a4c36fad55a75f3aff218563c6"
 		score = 70
@@ -327260,10 +327848,10 @@ rule SIGNATURE_BASE_Webshell_Php_List
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L727-L742"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L727-L742"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "922b128ddd90e1dc2f73088956c548ed"
 		logic_hash = "007f9307493bca71dcbdcf6ba6c45bf36899e8f636ccbd09c26453cb0aea0847"
 		score = 70
@@ -327286,10 +327874,10 @@ rule SIGNATURE_BASE_Webshell_Ironshell
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L743-L757"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L743-L757"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8bfa2eeb8a3ff6afc619258e39fded56"
 		logic_hash = "7e4916010a33383cfc3cbbcd5d575ac2f3a579220b66bd07e3121f3db30da66d"
 		score = 70
@@ -327311,10 +327899,10 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_404
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L758-L771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L758-L771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ee94952dc53d9a29bdf4ece54c7a7aa7"
 		logic_hash = "0743d18bc5066c96cca8cc0883971d3bc876e6c2fbb996e55b6930c715e07395"
 		score = 70
@@ -327335,10 +327923,10 @@ rule SIGNATURE_BASE_Webshell_ASP_Aspydrv
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L772-L785"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L772-L785"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "de0a58f7d1e200d0b2c801a94ebce330"
 		logic_hash = "a4a6205ace49778ddc421b0f0e65c576e2ffe40ce2ab84debb939d5324420405"
 		score = 70
@@ -327359,10 +327947,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Web
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L786-L799"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L786-L799"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4bc11e28f5dccd0c45a37f2b541b2e98"
 		logic_hash = "ed0ace0ba5f8a9e763353c42e3e3a39da10596e8517aad33e5c5080b44e4d61a"
 		score = 70
@@ -327383,10 +327971,10 @@ rule SIGNATURE_BASE_Webshell_Mysqlwebsh
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L800-L813"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L800-L813"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "babfa76d11943a22484b3837f105fada"
 		logic_hash = "365d19c086b3bbb98cbe1e1ed1e7522ce98dc2614a39c747717c277cebef33d2"
 		score = 70
@@ -327407,10 +327995,10 @@ rule SIGNATURE_BASE_Webshell_Jspshell
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L814-L828"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L814-L828"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0d5b5a17552254be6c1c8f1eb3a5fdc1"
 		logic_hash = "058ddd64b142cada7144b9befa81ada314b72e6f23524d98efcb10136c23ed33"
 		score = 70
@@ -327432,10 +328020,10 @@ rule SIGNATURE_BASE_Webshell_Dx_Dx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L829-L843"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L829-L843"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9cfe372d49fe8bf2fac8e1c534153d9b"
 		logic_hash = "c2eddf58b25caff79460ab9a87ac0573d483866a87c1b1ec0984afce2c22b29f"
 		score = 70
@@ -327457,10 +328045,10 @@ rule SIGNATURE_BASE_Webshell_Asp_Ntdaddy
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L844-L858"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L844-L858"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c5e6baa5d140f73b4e16a6cfde671c68"
 		logic_hash = "7237eb7233c6affcc1f67a764f704b7d7e1d13f71c64893286c6c99318cc7c3e"
 		score = 70
@@ -327482,10 +328070,10 @@ rule SIGNATURE_BASE_Webshell_Mysql_Web_Interface_Version_0_8
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L859-L872"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L859-L872"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "36d4f34d0a22080f47bb1cb94107c60f"
 		logic_hash = "680d4368804ad21e46dbe400563beca3ef724711b5432dccce1276ecadc04f2c"
 		score = 70
@@ -327506,10 +328094,10 @@ rule SIGNATURE_BASE_Webshell_Elmaliseker_2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L873-L887"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L873-L887"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b32d1730d23a660fd6aa8e60c3dc549f"
 		logic_hash = "ca300cd142b3c8b820d3b5f5a56eeb834d9acb1d85916b932bd67fb4a25f4ed0"
 		score = 70
@@ -327531,10 +328119,10 @@ rule SIGNATURE_BASE_Webshell_ASP_Remexp
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L888-L902"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L888-L902"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "aa1d8491f4e2894dbdb91eec1abc2244"
 		logic_hash = "7a3b35c4a16f26167180cea81f67de101edabb9b35479f7e5acae7f3fe07f304"
 		score = 70
@@ -327556,10 +328144,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_List1
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L903-L917"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L903-L917"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8d9e5afa77303c9c01ff34ea4e7f6ca6"
 		logic_hash = "61ecafe477d98c5eb6887a9ff50960fc28b84512d09a36c02588159b08b395a4"
 		score = 70
@@ -327581,10 +328169,10 @@ rule SIGNATURE_BASE_Webshell_Phpkit_1_0_Odd
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L918-L933"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L918-L933"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "594d1b1311bbef38a0eb3d6cbb1ab538"
 		logic_hash = "bf99d6a71b9ef72574d928a09f3a479f2f819287d78c9a5435e45752e76a59bf"
 		score = 70
@@ -327607,10 +328195,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_123
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L934-L949"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L934-L949"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c691f53e849676cac68a38d692467641"
 		logic_hash = "48925d3a302bf09ecb3f031301ca8afc722c7ef53b87efa27a3c4b58ee15217d"
 		score = 70
@@ -327633,10 +328221,10 @@ rule SIGNATURE_BASE_Webshell_Asp_1
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L950-L964"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L950-L964"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8991148adf5de3b8322ec5d78cb01bdb"
 		logic_hash = "9cae40c8fc3966942a8fc3ee0f5d07081ba2d1c1c3156144488ba64015d6838b"
 		score = 70
@@ -327658,10 +328246,10 @@ rule SIGNATURE_BASE_Webshell_ASP_Tool
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L965-L980"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L965-L980"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4ab68d38527d5834e9c1ff64407b34fb"
 		logic_hash = "62ba39bac09cb403a47678cd38c519642cc3c20f43c470b828ec448c42e9bb73"
 		score = 70
@@ -327684,10 +328272,10 @@ rule SIGNATURE_BASE_Webshell_Cmd_Win32
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L981-L995"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L981-L995"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cc4d4d6cc9a25984aa9a7583c7def174"
 		logic_hash = "b90ba15b7b2c557f7b2303695b7f1f737f63df06d712c89e0cfea51c7d37e21d"
 		score = 70
@@ -327709,10 +328297,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Jshell
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L996-L1013"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L996-L1013"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "124b22f38aaaf064cef14711b2602c06"
 		logic_hash = "dfe3ac097de4ca406ab7ec967fdc03d1e87c74f84fc675b58438a842d80cccda"
 		score = 70
@@ -327737,10 +328325,10 @@ rule SIGNATURE_BASE_Webshell_ASP_Zehir4
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1014-L1027"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1014-L1027"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7f4e12e159360743ec016273c3b9108c"
 		logic_hash = "aa3e07ee6369dd5f86f28a53c8e45391de718d4935021339a7b47829b5196f54"
 		score = 70
@@ -327761,10 +328349,10 @@ rule SIGNATURE_BASE_Webshell_Wsb_Idc
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1028-L1042"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1028-L1042"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7c5b1b30196c51f1accbffb80296395f"
 		logic_hash = "f274061f1a02ab65bc574a6586343f74262a463c5200cd2c231a752f54967404"
 		score = 70
@@ -327786,10 +328374,10 @@ rule SIGNATURE_BASE_Webshell_Cpg_143_Incl_Xpl
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1043-L1057"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1043-L1057"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5937b131b67d8e0afdbd589251a5e176"
 		logic_hash = "7c2ce25c33e167761d72331d7c4d4f7cd6029ee0caf6e2008df8b12894faaaf8"
 		score = 70
@@ -327811,10 +328399,10 @@ rule SIGNATURE_BASE_Webshell_Mumaasp_Com
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1058-L1071"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1058-L1071"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cce32b2e18f5357c85b6d20f564ebd5d"
 		logic_hash = "75e2a056782190e9914264b9e34002faea75a35ab0f97bf1e05dec15432d064c"
 		score = 70
@@ -327835,10 +328423,10 @@ rule SIGNATURE_BASE_Webshell_Php_404
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1072-L1085"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1072-L1085"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ced050df5ca42064056a7ad610a191b3"
 		logic_hash = "3fc928e6edda8fdc4220f57215db61b7fbf8de5b00423b219a173c8ecde40b79"
 		score = 70
@@ -327859,10 +328447,10 @@ rule SIGNATURE_BASE_Webshell_Webshell_Cnseay_X
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1086-L1099"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1086-L1099"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a0f9f7f5cd405a514a7f3be329f380e5"
 		logic_hash = "59cb8b8a5873b716a25096c7b12f09293a812b63f31fea07d919b9c4d2bc9a19"
 		score = 70
@@ -327883,10 +328471,10 @@ rule SIGNATURE_BASE_Webshell_Asp_Up
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1100-L1114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1100-L1114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f775e721cfe85019fe41c34f47c0d67c"
 		logic_hash = "dff2896d2226ade08e74147121a0e0036e8545dfff36b48b5a0771c9c7d537e9"
 		score = 70
@@ -327908,10 +328496,10 @@ rule SIGNATURE_BASE_Webshell_Phpkit_0_1A_Odd
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1115-L1131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1115-L1131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3c30399e7480c09276f412271f60ed01"
 		logic_hash = "745734658ed4000e1399531ae44125f8462ecd37388e6223cfa9bf91dbb52bbc"
 		score = 70
@@ -327935,10 +328523,10 @@ rule SIGNATURE_BASE_Webshell_ASP_Cmd
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1132-L1145"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1132-L1145"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "97af88b478422067f23b001dd06d56a9"
 		logic_hash = "c1353e43876e18f18638a558a29a12d6e82603641fedd81b042adca91fea0d18"
 		score = 70
@@ -327959,10 +328547,10 @@ rule SIGNATURE_BASE_Webshell_PHP_Shell_X3
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1146-L1161"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1146-L1161"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a2f8fa4cce578fc9c06f8e674b9e63fd"
 		logic_hash = "7361a7eecf345b9c1809294b6b081db8769805ec3e6c656adc4ac87261193683"
 		score = 70
@@ -327985,10 +328573,10 @@ rule SIGNATURE_BASE_Webshell_PHP_G00Nv13
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1162-L1176"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1162-L1176"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "35ad2533192fe8a1a76c3276140db820"
 		logic_hash = "dd9f03a7ad0d2b73f7a8602ab267e0e8e5cb1f9250f9a25c86ded3797df2f8d5"
 		score = 70
@@ -328010,10 +328598,10 @@ rule SIGNATURE_BASE_Webshell_Php_H6Ss
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1177-L1190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1177-L1190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "272dde9a4a7265d6c139287560328cd5"
 		logic_hash = "c4001be111ff271335dd65c15c59da979a8e202bcf58a7f10de7f03644472153"
 		score = 70
@@ -328034,10 +328622,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Zx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1191-L1204"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1191-L1204"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "67627c264db1e54a4720bd6a64721674"
 		logic_hash = "d97df624801d0f24141dfe7074d290a56e639af7d867c907362ff4434c3eeac0"
 		score = 70
@@ -328058,10 +328646,10 @@ rule SIGNATURE_BASE_Webshell_Ani_Shell
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1205-L1220"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1205-L1220"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "889bfc9fbb8ee7832044fc575324d01a"
 		logic_hash = "c8caf8686c36a41b5aae093e88b8872350cf625c59a14389c5df93f284c8f05a"
 		score = 70
@@ -328084,10 +328672,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_K8Cmd
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1221-L1234"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1221-L1234"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b39544415e692a567455ff033a97a682"
 		logic_hash = "e523a5b1118c6f4d5798f130c00466c7945d27a6fbe0d4cb3a40b7f36da2a502"
 		score = 70
@@ -328108,10 +328696,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Cmd
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1236-L1249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1236-L1249"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5391c4a8af1ede757ba9d28865e75853"
 		logic_hash = "e48d4e2d14a3605fd9dda03630820a0fb53d893cc4d283739fde11f9ab7d9d1e"
 		score = 70
@@ -328132,10 +328720,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_K81
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1251-L1265"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1251-L1265"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "41efc5c71b6885add9c1d516371bd6af"
 		logic_hash = "f9c6b5bec9313c6fd059055fa18332675838419bba3348bb852b50806f26ccb2"
 		score = 70
@@ -328157,10 +328745,10 @@ rule SIGNATURE_BASE_Webshell_ASP_Zehir
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1266-L1279"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1266-L1279"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0061d800aee63ccaf41d2d62ec15985d"
 		logic_hash = "90920258017cf189da128dce477e71f0040bc66aefa6f018f64db64d22f60ae5"
 		score = 70
@@ -328181,11 +328769,11 @@ rule SIGNATURE_BASE_Webshell_Worse_Linux_Shell_1
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		old_rule_name = "webshell_Worse_Linux_Shell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1280-L1294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1280-L1294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8338c8d9eab10bd38a7116eb534b5fa2"
 		logic_hash = "a24e7ae7c722da7f265f032315b1e8e402c2fc4a2a54a685671a9e52124f6553"
 		score = 70
@@ -328206,10 +328794,10 @@ rule SIGNATURE_BASE_Webshell_Zacosmall
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1295-L1308"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1295-L1308"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5295ee8dc2f5fd416be442548d68f7a6"
 		logic_hash = "739d58e3ab6712c703e0cb0e0070afec3376844b77ed081a5d12407cabb62319"
 		score = 70
@@ -328230,10 +328818,10 @@ rule SIGNATURE_BASE_Webshell_Liz0Zim_Private_Safe_Mode_Command_Execuriton_Bypass
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1309-L1322"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1309-L1322"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c6eeacbe779518ea78b8f7ed5f63fc11"
 		logic_hash = "9630fc0371193bfbd0bd4fb15856477e7739fc9f11ee539d119ee837b1a54502"
 		score = 70
@@ -328254,10 +328842,10 @@ rule SIGNATURE_BASE_Webshell_Redirect
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1323-L1336"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1323-L1336"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "97da83c6e3efbba98df270cc70beb8f8"
 		logic_hash = "b16026623fe7802db9823ad4a3dab051747eea6bd41ce72a0c8c6757bfa2c6f7"
 		score = 70
@@ -328278,10 +328866,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Cmdjsp
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1337-L1350"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1337-L1350"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b815611cc39f17f05a73444d699341d4"
 		logic_hash = "b4822e47a27c598be746ac71bf9b60dafe08d50c83a2dfee5e40ea384fcff21a"
 		score = 70
@@ -328302,10 +328890,10 @@ rule SIGNATURE_BASE_Webshell_Java_Shell
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1351-L1365"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1351-L1365"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "36403bc776eb12e8b7cc0eb47c8aac83"
 		logic_hash = "0d313ff81a36b456326df0054853c31d69710fc142fcfa65747691238af4e635"
 		score = 70
@@ -328327,10 +328915,10 @@ rule SIGNATURE_BASE_Webshell_Asp_1D
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1366-L1379"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1366-L1379"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fad7504ca8a55d4453e552621f81563c"
 		logic_hash = "85b17fde8fb535b64e5eabc887428d9b73adc5bc6741a3a387f235a8b0c6089a"
 		score = 70
@@ -328351,10 +328939,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Ixrbe
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1380-L1393"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1380-L1393"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e26e7e0ebc6e7662e1123452a939e2cd"
 		logic_hash = "8710d092b81c5de1e328ad6e57e5c4a25748cc92844198038c103dabc1e76e77"
 		score = 70
@@ -328375,10 +328963,10 @@ rule SIGNATURE_BASE_Webshell_PHP_G5
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1394-L1407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1394-L1407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "95b4a56140a650c74ed2ec36f08d757f"
 		logic_hash = "2edffbea5142ef146cec57cb88b473532f56ab3e95151c5648eaeabe6a75feda"
 		score = 70
@@ -328399,10 +328987,10 @@ rule SIGNATURE_BASE_Webshell_PHP_R57142
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1408-L1421"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1408-L1421"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0911b6e6b8f4bcb05599b2885a7fe8a8"
 		logic_hash = "3afa0463de3acb12480dba1b2ab9cd53fca88216ba54c5e044e48ebd84bf17bd"
 		score = 70
@@ -328423,10 +329011,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Tree
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1422-L1436"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1422-L1436"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bcdf7bbf7bbfa1ffa4f9a21957dbcdfa"
 		logic_hash = "180aa4572a42d23f3e44589f876356ec973fd64cdd53bac69936b93699888ac2"
 		score = 70
@@ -328448,10 +329036,10 @@ rule SIGNATURE_BASE_Webshell_C99Madshell_V_3_0_Smowu
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1437-L1451"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1437-L1451"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "74e1e7c7a6798f1663efb42882b85bee"
 		logic_hash = "d84a5c573b89790efdbe67a684feb7db88521027e86b7588f090696fd90cbc87"
 		score = 70
@@ -328473,10 +329061,10 @@ rule SIGNATURE_BASE_Webshell_Simple_Backdoor
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1452-L1467"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1452-L1467"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f091d1b9274c881f8e41b2f96e6b9936"
 		logic_hash = "252285e8a796757235d775427e5a73980d065c1221190545428910a77f46bb9a"
 		score = 70
@@ -328499,10 +329087,10 @@ rule SIGNATURE_BASE_Webshell_PHP_404
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1468-L1481"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1468-L1481"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "078c55ac475ab9e028f94f879f548bca"
 		logic_hash = "b0524ecddf990048e3e40f471c24075c0e87654c6fe40f17dc3ff43743402e24"
 		score = 70
@@ -328523,10 +329111,10 @@ rule SIGNATURE_BASE_Webshell_Macker_S_Private_Phpshell
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1482-L1497"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1482-L1497"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e24cbf0e294da9ac2117dc660d890bb9"
 		logic_hash = "4bccc1aca8698e601133436a55538c08e3e1fa113a0776c04590eaf4a10fd309"
 		score = 70
@@ -328549,10 +329137,10 @@ rule SIGNATURE_BASE_Webshell_Antichat_Shell_V1_3_2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1498-L1511"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1498-L1511"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "40d0abceba125868be7f3f990f031521"
 		logic_hash = "d5a1dc31f442f8db7771ee64164436f6c562ef9f4a203a1e2006d37f9df91846"
 		score = 70
@@ -328573,10 +329161,10 @@ rule SIGNATURE_BASE_Webshell_Safe_Mode_Breaker
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1512-L1526"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1512-L1526"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5bd07ccb1111950a5b47327946bfa194"
 		logic_hash = "4adcefc05413a02653a2a405791345a1a76058a39f6e2b03765c4485f7c6b106"
 		score = 70
@@ -328598,10 +329186,10 @@ rule SIGNATURE_BASE_Webshell_Sst_Sheller
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1527-L1541"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1527-L1541"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d93c62a0a042252f7531d8632511ca56"
 		logic_hash = "4faac0b22fec809f2100bad200ba1f9fb9e16fab743e1b1cbfe0b80c6d2fee32"
 		score = 70
@@ -328623,10 +329211,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_List
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1542-L1557"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1542-L1557"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1ea290ff4259dcaeb680cec992738eda"
 		logic_hash = "5641bff0ec161fe72e502641b6138186d541ebfcbf499e0295a61f9f6f085654"
 		score = 70
@@ -328649,10 +329237,10 @@ rule SIGNATURE_BASE_Webshell_Phpjackal_V1_5
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1558-L1572"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1558-L1572"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d76dc20a4017191216a0315b7286056f"
 		logic_hash = "457bc71cb8e684dafb14b1c5d2faa4366cedce5eba9545493be2b1d49daf98b6"
 		score = 70
@@ -328674,10 +329262,10 @@ rule SIGNATURE_BASE_Webshell_Customize
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1573-L1586"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1573-L1586"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d55578eccad090f30f5d735b8ec530b1"
 		logic_hash = "462d97427793ef6e897b33f4fd02d452ad8cd11ddef21aa25d13efc981eb3afb"
 		score = 70
@@ -328698,10 +329286,10 @@ rule SIGNATURE_BASE_Webshell_S72_Shell_V1_1_Coding
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1587-L1600"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1587-L1600"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c2e8346a5515c81797af36e7e4a3828e"
 		logic_hash = "fd200d8aa347242546a1da311edc61ceebaec5f7d6b4fe2f49f069b36689f547"
 		score = 70
@@ -328722,10 +329310,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Sys3
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1601-L1616"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1601-L1616"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b3028a854d07674f4d8a9cf2fb6137ec"
 		logic_hash = "14b0ac1b1b8538b0c05dcd0a8b7129fdcad2e595ea00630bd55cee6dff596d4f"
 		score = 70
@@ -328748,10 +329336,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Guige02
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1617-L1631"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1617-L1631"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a3b8b2280c56eaab777d633535baf21d"
 		logic_hash = "c214e50b209970c03d389d97673901ec44b2727e5c7588e5e4d0a644cc691423"
 		score = 70
@@ -328773,10 +329361,10 @@ rule SIGNATURE_BASE_Webshell_Php_Ghost
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1632-L1647"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1632-L1647"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "38dc8383da0859dca82cf0c943dbf16d"
 		logic_hash = "9a7635d313345e7b7cb7424726ed62015afd78412b504e406155f85c4cdf623f"
 		score = 70
@@ -328799,10 +329387,10 @@ rule SIGNATURE_BASE_Webshell_Winx_Shell
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1648-L1662"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1648-L1662"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "17ab5086aef89d4951fe9b7c7a561dda"
 		logic_hash = "e6dd5178cafccca751dd3f2e36206acd214a65b2e0783a738a104b3dc680ca21"
 		score = 70
@@ -328824,10 +329412,10 @@ rule SIGNATURE_BASE_Webshell_Crystal_Crystal
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1663-L1677"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1663-L1677"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fdbf54d5bf3264eb1c4bff1fac548879"
 		logic_hash = "735332a2ec7df65cca4ca69e702c5893d302a01c7ee7b84d01a1e6ab9646de93"
 		score = 70
@@ -328849,10 +329437,10 @@ rule SIGNATURE_BASE_Webshell_R57_1_4_0
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1678-L1694"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1678-L1694"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "574f3303e131242568b0caf3de42f325"
 		logic_hash = "cb48621c572d529b8dc634e7b6360257ad4fce9664bfca7ee7c0101be42d2c24"
 		score = 70
@@ -328876,10 +329464,10 @@ rule SIGNATURE_BASE_Webshell_Asp_Ajn
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1696-L1710"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1696-L1710"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "aaafafc5d286f0bff827a931f6378d04"
 		logic_hash = "0a6c9a210c0337d6b984bcf6cd7f14103a0f6f5d38a26c789519c2b1629aaede"
 		score = 70
@@ -328901,10 +329489,10 @@ rule SIGNATURE_BASE_Webshell_Php_Cmd
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1711-L1726"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1711-L1726"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c38ae5ba61fd84f6bbbab98d89d8a346"
 		logic_hash = "d9a0802f6fd7047ba5477f6bba61c4ac02cabfce06270fdbd8e8e68a693ccf68"
 		score = 70
@@ -328927,10 +329515,10 @@ rule SIGNATURE_BASE_Webshell_Asp_List
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1727-L1741"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1727-L1741"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1cfa493a165eb4b43e6d4cc0f2eab575"
 		logic_hash = "9c8bdeb5992015b26fbee418ed6e6b7c6b0901f26bddf9dc26706c0b63ea9c95"
 		score = 70
@@ -328952,10 +329540,10 @@ rule SIGNATURE_BASE_Webshell_PHP_Co
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1742-L1756"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1742-L1756"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "62199f5ac721a0cb9b28f465a513874c"
 		logic_hash = "3fab3e97d10b6c56fb7df8bcd520bda318fc127a620c5aafba09cb36ffd6a8df"
 		score = 70
@@ -328977,10 +329565,10 @@ rule SIGNATURE_BASE_Webshell_PHP_150
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1757-L1771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1757-L1771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "400c4b0bed5c90f048398e1d268ce4dc"
 		logic_hash = "139e3d6aa3cd2b6a9731a6cc14c921f9fd82ff7ca79d156f1ff6bc544897fb12"
 		score = 70
@@ -329002,10 +329590,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Cmdjsp_2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1772-L1786"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1772-L1786"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1b5ae3649f03784e2a5073fa4d160c8b"
 		logic_hash = "83be82e260adcff9d3d11344c363f6b5da331339ffe78e561cea9ab09b209030"
 		score = 70
@@ -329027,10 +329615,10 @@ rule SIGNATURE_BASE_Webshell_PHP_C37
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1787-L1801"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1787-L1801"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d01144c04e7a46870a8dd823eb2fe5c8"
 		logic_hash = "b93394f4e05cc96c31a8adcb0981aa8b069780893c469b41ece3d3ce92c42251"
 		score = 70
@@ -329052,10 +329640,10 @@ rule SIGNATURE_BASE_Webshell_PHP_B37
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1802-L1815"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1802-L1815"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0421445303cfd0ec6bc20b3846e30ff0"
 		logic_hash = "ae0cca5723a1e885c26ece5082c24f4c95f0262b8e7baf6db5efde5cfee2cc42"
 		score = 70
@@ -329076,10 +329664,10 @@ rule SIGNATURE_BASE_Webshell_Php_Backdoor
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1816-L1830"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1816-L1830"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2b5cb105c4ea9b5ebc64705b4bd86bf7"
 		logic_hash = "1f754b4d29eb93316183cf904b375ded7ccdae1d2196fe05950c449ed0d690f4"
 		score = 70
@@ -329101,10 +329689,10 @@ rule SIGNATURE_BASE_Webshell_Asp_Dabao
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1831-L1845"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1831-L1845"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3919b959e3fa7e86d52c2b0a91588d5d"
 		logic_hash = "62cf46dc16a7365d196c2cb8ede8b1380a0877d134d3726d7c777096a4eda942"
 		score = 70
@@ -329126,10 +329714,10 @@ rule SIGNATURE_BASE_Webshell_Php_2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1846-L1859"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1846-L1859"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "267c37c3a285a84f541066fc5b3c1747"
 		logic_hash = "bd485c825ae7ac11ff67d109d3c07fb405272a5919e00af39788d1a9c94e754d"
 		score = 70
@@ -329150,10 +329738,10 @@ rule SIGNATURE_BASE_Webshell_Asp_Cmdasp
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1860-L1874"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1860-L1874"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "57b51418a799d2d016be546f399c2e9b"
 		logic_hash = "4259419b4db8e6a83df6f7d258d41028f7f76b0fd2308eeadb4555066c5a2940"
 		score = 70
@@ -329175,10 +329763,10 @@ rule SIGNATURE_BASE_Webshell_Spjspshell
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1875-L1888"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1875-L1888"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d39d51154aaad4ba89947c459a729971"
 		logic_hash = "7926eadd3ffb21de73a63e7a28a525037bf88396ea369599b41ac8c0b0d112ad"
 		score = 70
@@ -329199,10 +329787,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Action
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1889-L1903"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1889-L1903"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5a7d931094f5570aaf5b7b3b06c3d8c0"
 		logic_hash = "5ea7d074d0fe98cf2514a65231013a374532d6b3aa2487bcc34d4285f558752a"
 		score = 70
@@ -329224,10 +329812,10 @@ rule SIGNATURE_BASE_Webshell_Inderxer
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1904-L1917"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1904-L1917"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9ea82afb8c7070817d4cdf686abe0300"
 		logic_hash = "915f2f38c1ca1321980ac66ebb95b0c46443e0ba64cc4b2014200db43439c85e"
 		score = 70
@@ -329248,10 +329836,10 @@ rule SIGNATURE_BASE_Webshell_Asp_Rader
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1918-L1932"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1918-L1932"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ad1a362e0a24c4475335e3e891a01731"
 		logic_hash = "b578f3e844cbb361f455e55353fad2f0134ede7c3c468cebad9ae265e6e768b8"
 		score = 70
@@ -329273,10 +329861,10 @@ rule SIGNATURE_BASE_Webshell_C99_Madnet_Smowu
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1933-L1951"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1933-L1951"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3aaa8cad47055ba53190020311b0fb83"
 		logic_hash = "5c4f76bdbe535a899e40c890eb1ea65e070c781fe5dd44cf13d4832cfd6d2e13"
 		score = 70
@@ -329302,10 +329890,10 @@ rule SIGNATURE_BASE_Webshell_Php_Moon
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1952-L1967"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1952-L1967"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2a2b1b783d3a2fa9a50b1496afa6e356"
 		logic_hash = "4e26dbef647caee19a8707a067c228ba96bd986369e4c87c68964ae42c85b09a"
 		score = 70
@@ -329328,10 +329916,10 @@ rule SIGNATURE_BASE_Webshell_Minupload
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1969-L1983"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1969-L1983"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ec905a1395d176c27f388d202375bdf9"
 		logic_hash = "53dea3ea0e2cf83907273fa7f64b21b40e9a5c8e4aa34e5d46d2762396fa89ce"
 		score = 70
@@ -329353,10 +329941,10 @@ rule SIGNATURE_BASE_Webshell_ELMALISEKER_Backd00R
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1984-L1998"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1984-L1998"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3aa403e0a42badb2c23d4a54ef43e2f4"
 		logic_hash = "c5eea930dc386c60e60f052c4945c8d6c0125d3500e60794e21d5ea04f226628"
 		score = 70
@@ -329378,10 +329966,10 @@ rule SIGNATURE_BASE_Webshell_PHP_Bug_1_
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L1999-L2012"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L1999-L2012"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "91c5fae02ab16d51fc5af9354ac2f015"
 		logic_hash = "12b957b7e0d0823721273ab71a19ee62d84a8dc5f584a46691f0e0aef996386e"
 		score = 70
@@ -329402,10 +329990,10 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Hkmjj
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2013-L2026"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2013-L2026"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e7b994fe9f878154ca18b7cde91ad2d0"
 		logic_hash = "9a25df170ed165fe6528e6b9374ae572bcd26cd2e1f4014c7aa4953122671fac"
 		score = 70
@@ -329426,10 +330014,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Asd
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2027-L2041"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2027-L2041"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a042c2ca64176410236fcc97484ec599"
 		logic_hash = "6620b796b55a67010cd3edebc2ec84c2657717722129ea46288d262cfd1c7e1c"
 		score = 70
@@ -329451,10 +330039,10 @@ rule SIGNATURE_BASE_Webshell_Metaslsoft
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2043-L2056"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2043-L2056"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "aa328ed1476f4a10c0bcc2dde4461789"
 		logic_hash = "20d938fbe21bcf04f09c6450a9acd5db556e9c9f83149d3cdd098be7a905d5ca"
 		score = 70
@@ -329475,10 +330063,10 @@ rule SIGNATURE_BASE_Webshell_Asp_Ajan
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2057-L2070"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2057-L2070"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b6f468252407efc2318639da22b08af0"
 		logic_hash = "1817786725de61150f1b3ff57597c780323a7f4df1c046cfd473e1918decd7d2"
 		score = 70
@@ -329499,10 +330087,10 @@ rule SIGNATURE_BASE_Webshell_Config_Myxx_Zend
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2071-L2087"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2071-L2087"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "161dc712f279e73ea8cab4b0298cc2ca3799c6d9107050c4231a81021caed37f"
 		score = 70
 		quality = 85
@@ -329526,10 +330114,10 @@ rule SIGNATURE_BASE_Webshell_Browser_201_3_Ma_Download
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2088-L2107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2088-L2107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3605e1304fb314c13d6c94d6ac9337731c6ee4fef679444d599cb3ae29023b56"
 		score = 70
 		quality = 85
@@ -329556,10 +330144,10 @@ rule SIGNATURE_BASE_Webshell_Itsec_Itsecteam_Shell_Jhn
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2108-L2125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2108-L2125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2775d7e47a26e06ea716bdca32a0f768eccf4d269caa3d107b4a78f8684ce741"
 		score = 70
 		quality = 85
@@ -329584,10 +330172,10 @@ rule SIGNATURE_BASE_Webshell_Ghost_Source_Icesword_Silic
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2126-L2143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2126-L2143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "22879d5279866e3c25a5b41a98b44595f191cfcac6489208b0bdb6b7ca7201e5"
 		score = 70
 		quality = 85
@@ -329612,10 +330200,10 @@ rule SIGNATURE_BASE_Webshell_Jspspy_Jspspyjdk5_Jspspyjdk51_Luci_Jsp_Spy2009_M_Ma
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2144-L2187"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2144-L2187"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6c61e5ccd4800f0cfd20532ab43f917f39a7367cc09cbe92e5320eb2c97fabf3"
 		score = 70
 		quality = 85
@@ -329666,10 +330254,10 @@ rule SIGNATURE_BASE_Webshell_2_520_Job_Ma1_Ma4_2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2188-L2208"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2188-L2208"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "db76ff42079b20d9e5c40661d7b30206e6bffc828f55daa4dc210662068f8e27"
 		score = 70
 		quality = 85
@@ -329697,10 +330285,10 @@ rule SIGNATURE_BASE_Webshell_000_403_807_A_C5_Config_Css_Dm_He1P_Jspspy_Jspspyjd
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2209-L2255"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2209-L2255"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cda47d7967b0f4b2a274ff2196d27d2e108b00917812093bbb3f033a8a1d1c3c"
 		score = 70
 		quality = 85
@@ -329754,10 +330342,10 @@ rule SIGNATURE_BASE_Webshell_Wso2_5_1_Wso2_5_Wso2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2256-L2273"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2256-L2273"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f2dce52f1b8d2c33cd8478a468383a87f13712dc6e5c9050fea6ede4f0d24cc5"
 		score = 70
 		quality = 85
@@ -329782,10 +330370,10 @@ rule SIGNATURE_BASE_Webshell_000_403_C5_Querydong_Spyjsp2010_T00Ls
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2274-L2294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2274-L2294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6f507499304a7cf4d14a134a4c0781fed9a94c40fe3257a4168bacdf3910ffec"
 		score = 70
 		quality = 85
@@ -329813,10 +330401,10 @@ rule SIGNATURE_BASE_Webshell_404_Data_Suiyue
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2295-L2311"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2295-L2311"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7f4ab5dbd2a72574c5d188e14ae98e599359b2d662266fc4c3a39d3d4405c208"
 		score = 70
 		quality = 85
@@ -329840,10 +330428,10 @@ rule SIGNATURE_BASE_Webshell_R57Shell_R57Shell127_Sniper_SA_Shell_Egy_Spider_She
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2312-L2337"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2312-L2337"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "04a58352202538d5446f1000c07341ea70434f00403f116233f335213687636e"
 		score = 70
 		quality = 85
@@ -329876,10 +330464,10 @@ rule SIGNATURE_BASE_Webshell_807_A_Css_Dm_He1P_Jspspy_Xxx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2338-L2376"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2338-L2376"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eb045425a9f519dd7bf028a7795b16b89768682f5850b6a4d45f0991bfeb6431"
 		score = 70
 		quality = 85
@@ -329925,10 +330513,10 @@ rule SIGNATURE_BASE_Webshell_201_3_Ma_Download
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2377-L2396"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2377-L2396"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "14eccd07e7bef9d570f75fc4adc204d175dcfbb5b950bdb3e25a65d3c5bb0310"
 		score = 70
 		quality = 85
@@ -329955,10 +330543,10 @@ rule SIGNATURE_BASE_Webshell_Browser_201_3_400_In_Jfolder_Jfolder01_Jsp_Leo_Ma_W
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2397-L2424"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2397-L2424"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0bf0fd37b542c9362a47180ee03ea28995b48d483f72273e472292a320a3ddee"
 		score = 70
 		quality = 85
@@ -329993,10 +330581,10 @@ rule SIGNATURE_BASE_Webshell_Shell_Phpspy_2006_Arabicspy
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2425-L2442"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2425-L2442"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bd9f1ffdbf94dd5a871fc7c3b31d2357e99265d02bfe1c836f82d251053dce7d"
 		score = 70
 		quality = 85
@@ -330021,10 +330609,10 @@ rule SIGNATURE_BASE_Webshell_In_Jfolder_Jfolder01_Jsp_Leo_Warn
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2443-L2463"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2443-L2463"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "00c3667438a688b990cf1c8bb6db52be7c6d1b36192dece4e8b07edda68f4b72"
 		score = 70
 		quality = 85
@@ -330052,10 +330640,10 @@ rule SIGNATURE_BASE_Webshell_2_520_Icesword_Job_Ma1_Ma4_2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2464-L2486"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2464-L2486"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "765efb4f776d9ffe5dab1b5decbb60df654e1de9ab8ae7e0437c5c8f717642b9"
 		score = 70
 		quality = 85
@@ -330085,10 +330673,10 @@ rule SIGNATURE_BASE_Webshell_Phpspy_2005_Full_Phpspy_2005_Lite_PHPSPY
 		author = "Florian Roth (Nextron Systems)"
 		id = "41a0560a-b22e-5028-8ad1-710c5758cb1d"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2487-L2505"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2487-L2505"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "80c8e7b50aea91284a25ffd3a07d8705c24b6a95a58f42ec6043ececcff32dbb"
 		score = 70
 		quality = 85
@@ -330114,10 +330702,10 @@ rule SIGNATURE_BASE_Webshell_Shell_Phpspy_2006_Arabicspy_Hkrkoz
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2506-L2523"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2506-L2523"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "228e0a73f14da2957f75ae898fdbcf2386deb366df6ddc312162ab723bac44ba"
 		score = 70
 		quality = 85
@@ -330142,10 +330730,10 @@ rule SIGNATURE_BASE_Webshell_C99_Shell_Ci_Biz_Was_Here_C100_V_Xxx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2524-L2543"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2524-L2543"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ccc3cb553f7b5d089a43612d48522cc4a66b4a8ab433321ae1a716a8fa57b62c"
 		score = 70
 		quality = 85
@@ -330172,10 +330760,10 @@ rule SIGNATURE_BASE_Webshell_2008_2009Lite_2009Mssql
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2544-L2561"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2544-L2561"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ae33048856440e25972aa5483b60e775f50f60a9ef5e77a58edd60eacdcd9ee3"
 		score = 70
 		quality = 85
@@ -330200,10 +330788,10 @@ rule SIGNATURE_BASE_Webshell_Shell_Phpspy_2005_Full_Phpspy_2005_Lite_Phpspy_2006
 		author = "Florian Roth (Nextron Systems)"
 		id = "41a0560a-b22e-5028-8ad1-710c5758cb1d"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2562-L2583"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2562-L2583"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5da06481cf789e71969a5b54a33bfab41e08a1961cc056604a696203fef48422"
 		score = 70
 		quality = 85
@@ -330232,10 +330820,10 @@ rule SIGNATURE_BASE_Webshell_807_Dm_Jspspyjdk5_M_Cofigrue
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2584-L2603"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2584-L2603"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0fc7ac740e147bd3703dac74743b19148aa7bb359cc5f347acf3b0dbe26bf752"
 		score = 70
 		quality = 85
@@ -330262,10 +330850,10 @@ rule SIGNATURE_BASE_Webshell_Dive_Shell_1_0_Emperor_Hacking_Team_Xxx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2604-L2621"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2604-L2621"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8bf11041a16060fa32431adfe33727863355bae7fec2cf841dcc919092db5c80"
 		score = 70
 		quality = 85
@@ -330290,10 +330878,10 @@ rule SIGNATURE_BASE_Webshell_404_Data_In_Jfolder_Jfolder01_Xxx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2622-L2644"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2622-L2644"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "171b811c1b93f99f3070692a91a0462f80d9d52ecf26d7fb7297a8bdd9a4c014"
 		score = 70
 		quality = 85
@@ -330323,10 +330911,10 @@ rule SIGNATURE_BASE_Webshell_Jsp_Reverse_Jsp_Reverse_Jspbd
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2645-L2663"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2645-L2663"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cd7409bb6ace3044f3d0bf380133c4fe4a7c0c0309f9d800b397439aa95f81fc"
 		score = 50
 		quality = 85
@@ -330352,10 +330940,10 @@ rule SIGNATURE_BASE_Webshell_400_In_Jfolder_Jfolder01_Jsp_Leo_Warn_Webshell_Nc
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2664-L2688"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2664-L2688"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "74e31e51f2cb46a042e8591ffb44fe68fb591d202c8171c6afb556eddb381f6f"
 		score = 70
 		quality = 85
@@ -330387,10 +330975,10 @@ rule SIGNATURE_BASE_Webshell_2_520_Job_Jspwebshell_1_2_Ma1_Ma4_2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2689-L2711"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2689-L2711"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "49614b2a42210fa134f85fa52c66e12809f2bb9eaf56c17b69d21e5fbfc8888b"
 		score = 70
 		quality = 85
@@ -330420,10 +331008,10 @@ rule SIGNATURE_BASE_Webshell_Shell_2008_2009Mssql_Phpspy_2005_Full_Phpspy_2006_A
 		author = "Florian Roth (Nextron Systems)"
 		id = "41a0560a-b22e-5028-8ad1-710c5758cb1d"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2712-L2736"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2712-L2736"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "140af92ab61059649a872bef96b916f2c402fd9891301d4a1ba1f389a45af003"
 		score = 60
 		quality = 85
@@ -330455,10 +331043,10 @@ rule SIGNATURE_BASE_Webshell_Gfs_Sh_R57Shell_R57Shell127_Sniper_SA_Xxx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2737-L2762"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2737-L2762"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "24d93f9ae5e174873a32abdf8dca6c00f03cbb4c5e2ad531ac7fa34f8fc90794"
 		score = 70
 		quality = 85
@@ -330491,10 +331079,10 @@ rule SIGNATURE_BASE_Webshell_Itsec_Phpjackal_Itsecteam_Shell_Jhn
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2763-L2782"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2763-L2782"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0c97731c28f59a6fbab2b7882fae171da8d71add73ec92ab6093dec57fcd7207"
 		score = 70
 		quality = 85
@@ -330521,10 +331109,10 @@ rule SIGNATURE_BASE_Webshell_Shell_Ci_Biz_Was_Here_C100_V_Xxx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2783-L2803"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2783-L2803"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a7841dec442877648a589045849f7f1b80316a30dda5a44ccc4bb626dbd2cdea"
 		score = 70
 		quality = 85
@@ -330552,10 +331140,10 @@ rule SIGNATURE_BASE_Webshell_NIX_REMOTE_WEB_SHELL_NIX_REMOTE_WEB_Xxx1
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2804-L2823"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2804-L2823"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "95d25e9dc75a9af91e23b8c53acb384616f5d8a78605200bdb94f016a7f160f6"
 		score = 70
 		quality = 85
@@ -330582,10 +331170,10 @@ rule SIGNATURE_BASE_Webshell_C99_C99Shell_C99_W4Cking_Shell_Xxx
 		author = "Florian Roth (Nextron Systems)"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2824-L2852"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2824-L2852"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "731bbf06208d20874c1d8464472e6a66a2e9b0bc2dc0475783763b99eb70fefa"
 		score = 70
 		quality = 85
@@ -330621,10 +331209,10 @@ rule SIGNATURE_BASE_Webshell_2008_2009Mssql_Phpspy_2005_Full_Phpspy_2006_Arabics
 		author = "Florian Roth (Nextron Systems)"
 		id = "41a0560a-b22e-5028-8ad1-710c5758cb1d"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2853-L2875"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2853-L2875"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2d78db4d45a35d6a78d4288e00a382a0937e3806f0570bd353b88955664a47f6"
 		score = 70
 		quality = 85
@@ -330654,10 +331242,10 @@ rule SIGNATURE_BASE_Webshell_C99_C66_C99_Shadows_Mod_C99Shell
 		author = "Florian Roth (Nextron Systems)"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2876-L2898"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2876-L2898"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b50a6124f25bbb6fcc9d16d1de26d833a4b968db8e8033e76f3a74695577017e"
 		score = 70
 		quality = 85
@@ -330687,10 +331275,10 @@ rule SIGNATURE_BASE_Webshell_He1P_Jspspy_Nogfw_Ok_Style_1_Jspspy1
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2899-L2922"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2899-L2922"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "522ba5f797e33c27fef3ae8d89889c31799073ed3c770a49401f4d42ead04640"
 		score = 70
 		quality = 85
@@ -330721,10 +331309,10 @@ rule SIGNATURE_BASE_Webshell_000_403_C5_Config_Myxx_Querydong_Spyjsp2010_Zend
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2923-L2946"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2923-L2946"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7ca710973592718c5455508c5798b3c51dce994d5ebd33aa3a59d1b03c096bdf"
 		score = 70
 		quality = 85
@@ -330755,10 +331343,10 @@ rule SIGNATURE_BASE_Webshell_C99_C99Shell_C99_C99Shell
 		author = "Florian Roth (Nextron Systems)"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2947-L2965"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2947-L2965"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b999b1a8307e228fb97772799369e292fb806d614159f2b2abfc7a71c5bdb225"
 		score = 70
 		quality = 85
@@ -330784,10 +331372,10 @@ rule SIGNATURE_BASE_Webshell_R57Shell127_R57_Ifx_R57_Kartal_R57_Antichat
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2966-L2987"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2966-L2987"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "23887963068f7dd2e4c85b11079276a00786d1a753f22e3b63f01139087a7f4c"
 		score = 70
 		quality = 85
@@ -330816,10 +331404,10 @@ rule SIGNATURE_BASE_Webshell_NIX_REMOTE_WEB_SHELL_Nstview_Xxx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L2988-L3007"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L2988-L3007"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b10e89c6b1851f88a2bbb9116969ea3770366c162b911cb8a2c3a033da3a46bc"
 		score = 70
 		quality = 85
@@ -330846,10 +331434,10 @@ rule SIGNATURE_BASE_Webshell_000_403_807_A_C5_Config_Css_Dm_He1P_Xxx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3008-L3058"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3008-L3058"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "46eede3a1af29e344ed5107fc0af4bd13cd1492bff340d61063911bbb474e7b3"
 		score = 70
 		quality = 85
@@ -330907,10 +331495,10 @@ rule SIGNATURE_BASE_Webshell_2_520_Icesword_Job_Ma1
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3059-L3079"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3059-L3079"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "795eb586310d87a3c6b53117bf2c8cbcfadcb177f5a5129c17fd21f0b64c385c"
 		score = 70
 		quality = 85
@@ -330938,10 +331526,10 @@ rule SIGNATURE_BASE_Webshell_404_Data_In_Jfolder_Jfolder01_Jsp_Suiyue_Warn
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3080-L3104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3080-L3104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5e0da29499d76539fb1f5cfbe0a00331eeb0bb8fa861f2e2d686130ee4939fac"
 		score = 70
 		quality = 85
@@ -330973,10 +331561,10 @@ rule SIGNATURE_BASE_Webshell_Phpspy_2005_Full_Phpspy_2005_Lite_Phpspy_2006_PHPSP
 		author = "Florian Roth (Nextron Systems)"
 		id = "41a0560a-b22e-5028-8ad1-710c5758cb1d"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3106-L3126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3106-L3126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fc47a50c5964574fb9b9caf3fb94041f028998577bf4ccf21884a41fa1876572"
 		score = 70
 		quality = 85
@@ -331004,10 +331592,10 @@ rule SIGNATURE_BASE_Webshell_C99_Locus7S_C99_W4Cking_Xxx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3127-L3156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3127-L3156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4afadac41e729f77711eb3ea3ee8f6e8ce61e19294e90db024e5334e214d9647"
 		score = 70
 		quality = 85
@@ -331044,10 +331632,10 @@ rule SIGNATURE_BASE_Webshell_Browser_201_3_Ma_Ma2_Download
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3157-L3178"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3157-L3178"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3b8bb6ca2eb146f8c170d629612ba12d4663445d443b681f2859af25d50ab6fe"
 		score = 70
 		quality = 85
@@ -331076,10 +331664,10 @@ rule SIGNATURE_BASE_Webshell_000_403_C5_Querydong_Spyjsp2010
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3179-L3200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3179-L3200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dd01bb059d741fedaee17d46355c7cd8a845d714b20ae37db36424544b954d2f"
 		score = 70
 		quality = 85
@@ -331108,10 +331696,10 @@ rule SIGNATURE_BASE_Webshell_R57Shell127_R57_Kartal_R57
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-01-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3201-L3219"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3201-L3219"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fd849f76f8348ee57a9c96eed91c8cac416fdc45a08c93e93ebc952375de27a3"
 		score = 70
 		quality = 85
@@ -331137,10 +331725,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Con2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3221-L3235"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3221-L3235"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d3584159ab299d546bd77c9654932ae3"
 		logic_hash = "c681b04a1ee4d6af3275b6d772ef35f8bc888a5fcaf3b84f29f77c264e8ad9b9"
 		score = 70
@@ -331162,10 +331750,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Make2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3236-L3249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3236-L3249"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9af195491101e0816a263c106e4c145e"
 		logic_hash = "7c94c925b5fd7fbc37428c21a9ea3c5a73f4fa0a20a1f5d03f0d5a990bd6f45a"
 		score = 50
@@ -331186,10 +331774,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Aaa
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3250-L3265"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3250-L3265"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "68483788ab171a155db5266310c852b2"
 		logic_hash = "3c5b9dd86dc790b03a8540b2fb3a717c5ad17d34f366a319faa127479387eed9"
 		score = 70
@@ -331212,10 +331800,10 @@ rule SIGNATURE_BASE_Webshell_Expdoor_Com_ASP
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3266-L3283"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3266-L3283"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "caef01bb8906d909f24d1fa109ea18a7"
 		logic_hash = "838edb9d718b5e1a8be155c4569b4a291b37337e71b435c2b1cd6bcaa53c0dea"
 		score = 70
@@ -331240,10 +331828,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Php2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3284-L3297"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3284-L3297"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fbf2e76e6f897f6f42b896c855069276"
 		logic_hash = "0350df076a25af77fbd8d5db2b38438a10cd5b9237b23b2f64c6360607b41982"
 		score = 70
@@ -331264,10 +331852,10 @@ rule SIGNATURE_BASE_Webshell_Bypass_Iisuser_P
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3298-L3311"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3298-L3311"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "924d294400a64fa888a79316fb3ccd90"
 		logic_hash = "60d0609291e5def26ce949c903ac767db4157b4f9cf4eee315c69ee7a8d8e77b"
 		score = 70
@@ -331288,10 +331876,10 @@ rule SIGNATURE_BASE_Webshell_Sig_404Super
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3312-L3330"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3312-L3330"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7ed63176226f83d36dce47ce82507b28"
 		logic_hash = "01ecffc6bca2acf1ea4f4d965f3513f7b08ee3d5abbda29d53081f2931ecf9e9"
 		score = 70
@@ -331317,10 +331905,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_JSP
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3331-L3346"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3331-L3346"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "495f1a0a4c82f986f4bdf51ae1898ee7"
 		logic_hash = "bcb2f5d16ff3cc1454bf4653defe037e02a9228a5b7cf7428b1a577f4207c3c8"
 		score = 70
@@ -331345,8 +331933,8 @@ rule SIGNATURE_BASE_Webshell_Webshell_123
 		date = "2014-03-28"
 		modified = "2023-01-27"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3347-L3364"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3347-L3364"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2782bb170acaed3829ea9a04f0ac7218"
 		logic_hash = "1caccadf2bd7d265f9b5026c82acc31ade95313d57382651004db8b5e361312d"
 		score = 70
@@ -331370,10 +331958,10 @@ rule SIGNATURE_BASE_Webshell_Dev_Core
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3365-L3383"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3365-L3383"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "55ad9309b006884f660c41e53150fc2e"
 		logic_hash = "b3c7a9bdaa7e5bf76df9ffba94157777c32199edeaa1c8745e9400d138abc267"
 		score = 70
@@ -331399,10 +331987,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Php
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3384-L3401"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3384-L3401"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b0e842bdf83396c3ef8c71ff94e64167"
 		logic_hash = "a943f3b0d1d56194e250c7cf3e05b2bfec7b29f91ef56085d645efa3fe8995c9"
 		score = 70
@@ -331427,10 +332015,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Pppp
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3402-L3417"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3402-L3417"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cf01cb6e09ee594545693c5d327bdd50"
 		logic_hash = "bd09fc2ec88bea83b16e63afafa3d5f74f119a81046a663322f5b396b48da135"
 		score = 70
@@ -331453,10 +332041,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Code
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3418-L3435"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3418-L3435"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a444014c134ff24c0be5a05c02b81a79"
 		logic_hash = "5ae053a9afc1f720c56304c434cd89861e1df4060b7d813921e7f85978227020"
 		score = 70
@@ -331481,10 +332069,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Jspyyy
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3436-L3449"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3436-L3449"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b291bf3ccc9dac8b5c7e1739b8fa742e"
 		logic_hash = "0afe45556aa7b562672cc4b609cf001aaa617b03028322abac6524f666b069e1"
 		score = 70
@@ -331505,10 +332093,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Xxxx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3450-L3463"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3450-L3463"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5bcba70b2137375225d8eedcde2c0ebb"
 		logic_hash = "e14cc1eaf357389ca58193c77ce2f54774aebb42be9df15f12415df356c7ed42"
 		score = 70
@@ -331529,10 +332117,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Jjjsp3
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3464-L3477"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3464-L3477"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "949ffee1e07a1269df7c69b9722d293e"
 		logic_hash = "44889540effa2f71889e7f6d0c5d12486e256d83b9230c4902d56f6a59b7939b"
 		score = 70
@@ -331553,10 +332141,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_PHP1
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3478-L3493"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3478-L3493"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "14c7281fdaf2ae004ca5fec8753ce3cb"
 		logic_hash = "1c5eb355455c7fbd2b74d91f78e1d77f460dfeb4fe0ee65f18aa1453337b67a0"
 		score = 70
@@ -331579,10 +332167,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Jjjsp2
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3494-L3510"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3494-L3510"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5a9fec45236768069c99f0bfd566d754"
 		logic_hash = "47dca67c7a01035996d032cb3871da5532aea81ab6570c93c4a6b148fd95e9f9"
 		score = 70
@@ -331606,10 +332194,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Radhat
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3511-L3524"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3511-L3524"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "72cb5ef226834ed791144abaa0acdfd4"
 		logic_hash = "28d4d380b25da05a3be439bad72725fa49c947535dfeb5c24994a849c0592b81"
 		score = 70
@@ -331630,10 +332218,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Asp1
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3525-L3539"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3525-L3539"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b63e708cd58ae1ec85cf784060b69cad"
 		logic_hash = "6c76c5388825e29d333096d4cfa3782b7776f31b206a0ed5a8809428d698778b"
 		score = 70
@@ -331655,10 +332243,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Php6
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3540-L3555"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3540-L3555"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ea75280224a735f1e445d244acdfeb7b"
 		logic_hash = "495dc6c6769b8605ea946c012ad0ebb54685e7e91afd383027640753d90c6b3f"
 		score = 70
@@ -331681,10 +332269,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Xxx
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3556-L3569"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3556-L3569"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0e71428fe68b39b70adb6aeedf260ca0"
 		logic_hash = "837ed266af8a65ac683be39c32509df34bc8041b336a71c12700ca73bf210b4d"
 		score = 70
@@ -331705,10 +332293,10 @@ rule SIGNATURE_BASE_Webshell_Getpostphp
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3570-L3583"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3570-L3583"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "20ede5b8182d952728d594e6f2bb5c76"
 		logic_hash = "e75f66200593c3fdaadf1881235847f6c3f3caadcb7ffe13e8b01bce5f922702"
 		score = 70
@@ -331729,10 +332317,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Php5
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3584-L3597"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3584-L3597"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cf2ab009cbd2576a806bfefb74906fdf"
 		logic_hash = "280be378bc6cf52ef9454083180015ed00f9d0bc936620a4105c34c3a3002383"
 		score = 70
@@ -331753,10 +332341,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_PHP
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3598-L3615"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3598-L3615"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a524e7ae8d71e37d2fd3e5fbdab405ea"
 		logic_hash = "706f835f63e153f907ae8a5a48f1dc4b9d3b8511b21b7155bc045b0ebdc893fc"
 		score = 70
@@ -331781,10 +332369,10 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Asp
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
 		date = "2014-03-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3616-L3631"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3616-L3631"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "32c87744ea404d0ea0debd55915010b7"
 		logic_hash = "dd2e9f753e8fa781c28c2d5bb9336bb3f39ed8a496bd89eb54bc1812ef512ab5"
 		score = 70
@@ -331806,11 +332394,11 @@ rule SIGNATURE_BASE_Perlbot_Pl
 		description = "Semi-Auto-generated  - file perlbot.pl.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "378cb0e4-2069-50b7-ab3e-5a81055e9983"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3635-L3646"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3635-L3646"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7e4deb9884ffffa5d82c22f8dc533a45"
 		logic_hash = "784980d620e71fb0cf5aed9ef8bd171a8f50d850bc782645575070b75c42e426"
 		score = 75
@@ -331830,11 +332418,11 @@ rule SIGNATURE_BASE_Php_Backdoor_Php
 		description = "Semi-Auto-generated  - file php-backdoor.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "aca53071-f793-538d-bbeb-34469cdb4d1f"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3647-L3659"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3647-L3659"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2b5cb105c4ea9b5ebc64705b4bd86bf7"
 		logic_hash = "acab82b40760b45d49da51953f78c69166955de54918634c9bfe394208cdbb56"
 		score = 75
@@ -331855,11 +332443,11 @@ rule SIGNATURE_BASE_Liz0Zim_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_
 		description = "Semi-Auto-generated  - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "e91114ce-18f9-51cd-b41c-b796960ea4fe"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3660-L3672"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3660-L3672"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c6eeacbe779518ea78b8f7ed5f63fc11"
 		logic_hash = "a0606dad4474579354709fe6306d15427afc4dec8ad6760a0ee9e91c86c23e4d"
 		score = 75
@@ -331880,11 +332468,11 @@ rule SIGNATURE_BASE_Nshell__1__Php_Php
 		description = "Semi-Auto-generated  - file Nshell (1).php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "44e8b6c5-6f41-5c37-a083-26acedd91956"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3673-L3684"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3673-L3684"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "973fc89694097a41e684b43a21b1b099"
 		logic_hash = "53c7cd24c4eddbded1b4c16fd2758bdf66c0bbe396e487a56d56fc053cf3cc1a"
 		score = 75
@@ -331904,11 +332492,11 @@ rule SIGNATURE_BASE_Shankar_Php_Php
 		description = "Semi-Auto-generated  - file shankar.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "0c8ab3eb-574b-5e5a-8117-4efecef94f83"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3685-L3697"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3685-L3697"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6eb9db6a3974e511b7951b8f7e7136bb"
 		logic_hash = "58b365206c18b8394cf1e03b71b8e47be10bc933bc2c05b7b03b7dad94f6d6b8"
 		score = 75
@@ -331929,11 +332517,11 @@ rule SIGNATURE_BASE_Casus15_Php_Php
 		description = "Semi-Auto-generated  - file Casus15.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ba6748a2-fb80-5eda-816c-155bab9285e5"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3698-L3710"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3698-L3710"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5e2ede2d1c4fa1fcc3cbfe0c005d7b13"
 		logic_hash = "6ee7a07163d33ca329d3be2084406629711db14db4605e8413ee963eb0f9d5a7"
 		score = 75
@@ -331954,11 +332542,11 @@ rule SIGNATURE_BASE_Small_Php_Php
 		description = "Semi-Auto-generated  - file small.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "cf4fb88f-a312-560d-be0b-b55bfcb889be"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3711-L3723"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3711-L3723"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fcee6226d09d150bfa5f103bee61fbde"
 		logic_hash = "e0444aa604e8956d423037b70b9476f5653503055d0f1bc875d43de144ce5c44"
 		score = 75
@@ -331979,11 +332567,11 @@ rule SIGNATURE_BASE_Shellbot_Pl
 		description = "Semi-Auto-generated  - file shellbot.pl.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "07c145b1-c9f7-564a-b354-a6d2072f380c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3724-L3738"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3724-L3738"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b2a883bc3c03a35cfd020dd2ace4bab8"
 		logic_hash = "5db224e4fe8608bb53f044ca6c0361dc66cadd58c6d4ea5ab4f8ae14ebde0e6e"
 		score = 75
@@ -332006,11 +332594,11 @@ rule SIGNATURE_BASE_Fuckphpshell_Php
 		description = "Semi-Auto-generated  - file fuckphpshell.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "010db63b-ff72-5f97-8651-a1c7851471ff"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3739-L3752"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3739-L3752"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "554e50c1265bb0934fcc8247ec3b9052"
 		logic_hash = "0c993960b4ca880b818c7b7ba726479ed1c64c46ef8ca82d3c990d69ebe43f42"
 		score = 75
@@ -332032,11 +332620,11 @@ rule SIGNATURE_BASE_Ngh_Php_Php
 		description = "Semi-Auto-generated  - file ngh.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "2d8ff3c1-d6b3-57ce-8213-232b376dbd05"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3753-L3767"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3753-L3767"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c372b725419cdfd3f8a6371cfeebc2fd"
 		logic_hash = "c794b216bafdaecf5bd138cc8c7552efbb8c3c571a441489d02a19793a4c294f"
 		score = 75
@@ -332059,11 +332647,11 @@ rule SIGNATURE_BASE_Jsp_Reverse_Jsp
 		description = "Semi-Auto-generated  - file jsp-reverse.jsp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "4953b230-4cd9-55d6-a3cb-8d3713e7fb0c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3768-L3780"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3768-L3780"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8b0e6779f25a17f0ffb3df14122ba594"
 		logic_hash = "bdd2db4c032b25faaaf3a3a8e769000013f643ecfcb8b0374165a244ad2162a6"
 		score = 75
@@ -332084,11 +332672,11 @@ rule SIGNATURE_BASE_Tool_Asp
 		description = "Semi-Auto-generated  - file Tool.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "e5e727bd-836b-5540-8755-40f37904bc03"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3781-L3794"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3781-L3794"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8febea6ca6051ae5e2ad4c78f4b9c1f2"
 		logic_hash = "d6bd782302b2c614fc572babb3825c0e1fcd0de5841ca8541ca27580ccc274d4"
 		score = 75
@@ -332110,11 +332698,11 @@ rule SIGNATURE_BASE_NT_Addy_Asp
 		description = "Semi-Auto-generated  - file NT Addy.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "18f5f360-8690-5e09-ac18-b8cc4f678811"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3795-L3807"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3795-L3807"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2e0d1bae844c9a8e6e351297d77a1fec"
 		logic_hash = "0fc61d5e276786b8be822712cdcfc81146998e535532e44d3da92e0668713a48"
 		score = 75
@@ -332135,11 +332723,11 @@ rule SIGNATURE_BASE_Simattacker___Vrsion_1_0_0___Priv8_4_My_Friend_Php
 		description = "Semi-Auto-generated  - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "8a34f4fd-337d-5eb4-b7b7-4adb1c2b7937"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3808-L3820"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3808-L3820"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "089ff24d978aeff2b4b2869f0c7d38a3"
 		logic_hash = "46bc4063d06b4af3e4e61e1e998d489e974e76f17363c9777b8afc39ff21f698"
 		score = 75
@@ -332160,11 +332748,11 @@ rule SIGNATURE_BASE_Remexp_Asp
 		description = "Semi-Auto-generated  - file RemExp.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "900036ce-ff13-5441-bb77-906ea08a4ca0"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3821-L3833"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3821-L3833"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "aa1d8491f4e2894dbdb91eec1abc2244"
 		logic_hash = "c7da9908a0252e95b47dbc8fbb36aeac1661dc464123aaca036bd51047a31584"
 		score = 75
@@ -332185,11 +332773,11 @@ rule SIGNATURE_BASE_Phvayvv_Php_Php
 		description = "Semi-Auto-generated  - file phvayvv.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "76351a59-8f52-5110-a9b8-36edd59026df"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3834-L3846"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3834-L3846"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "35fb37f3c806718545d97c6559abd262"
 		logic_hash = "503a69a7e2c30cc82eba430082627bb93c459a95f675b968126bf4524c598863"
 		score = 75
@@ -332210,11 +332798,11 @@ rule SIGNATURE_BASE_Klasvayv_Asp
 		description = "Semi-Auto-generated  - file klasvayv.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "3ca4c20c-f879-55a0-9070-d40fc903f9ae"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3847-L3860"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3847-L3860"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2b3e64bf8462fc3d008a3d1012da64ef"
 		logic_hash = "eb1b11e02b075a4e7d28b77cf91ad596a85e4c697a36304ee177d46735965e75"
 		score = 75
@@ -332236,11 +332824,11 @@ rule SIGNATURE_BASE_R57Shell_Php_Php
 		description = "Semi-Auto-generated  - file r57shell.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "1f1070e8-e82c-5cae-a64a-cd5028adae97"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3861-L3874"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3861-L3874"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d28445de424594a5f14d0fe2a7c4e94f"
 		logic_hash = "658eec4f3c463ec1a480bcb7ba995b8d81d1fb846832e569751d9f505f0fa87e"
 		score = 75
@@ -332262,11 +332850,11 @@ rule SIGNATURE_BASE_Rst_Sql_Php_Php
 		description = "Semi-Auto-generated  - file rst_sql.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "41730336-0dce-5ed9-95b0-c911a4e3cb48"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3875-L3888"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3875-L3888"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0961641a4ab2b8cb4d2beca593a92010"
 		logic_hash = "d15cf69d9ad8683d2ac1ff09b08b0b26ecaf35df8e45bbd5c3a02c393f88cb34"
 		score = 75
@@ -332288,11 +332876,11 @@ rule SIGNATURE_BASE_Wh_Bindshell_Py
 		description = "Semi-Auto-generated  - file wh_bindshell.py.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "b7acbfe7-fd28-5832-9af2-1c5befe4bbab"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3889-L3901"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3889-L3901"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fab20902862736e24aaae275af5e049c"
 		logic_hash = "e38a4f5c23371705f9bbf2db8e65d68074554edc1022576166e76d40e06bc039"
 		score = 75
@@ -332313,11 +332901,11 @@ rule SIGNATURE_BASE_Lurm_Safemod_On_Cgi
 		description = "Semi-Auto-generated  - file lurm_safemod_on.cgi.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "74e77260-a547-5553-8430-2620f8549f50"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3902-L3914"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3902-L3914"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5ea4f901ce1abdf20870c214b3231db3"
 		logic_hash = "d308ad6cda92fa437b9a4c46cd1b97fb0138aa8d0010256bda56a64ced1c7875"
 		score = 75
@@ -332338,11 +332926,11 @@ rule SIGNATURE_BASE_C99Madshell_V2_0_Php_Php
 		description = "Semi-Auto-generated  - file c99madshell_v2.0.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "b0724920-dc1e-5819-a99b-618a9a7e1eca"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3915-L3925"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3915-L3925"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d27292895da9afa5b60b9d3014f39294"
 		logic_hash = "07922511d9dfdd32f6b1f47479fca2063b773024a20dcab6f5cf4d56d66c3397"
 		score = 75
@@ -332361,11 +332949,11 @@ rule SIGNATURE_BASE_Backupsql_Php_Often_With_C99Shell
 		description = "Semi-Auto-generated  - file backupsql.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3926-L3937"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3926-L3937"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ab1a06ab1a1fe94e3f3b7f80eedbc12f"
 		logic_hash = "7c64e3d4e5815859c51f05cb376f72ea266b31193f3f4588526005e167ebabad"
 		score = 75
@@ -332385,11 +332973,11 @@ rule SIGNATURE_BASE_Uploader_Php_Php
 		description = "Semi-Auto-generated  - file uploader.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "62aa783b-f12f-5bb5-9d96-7aee1666788b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3938-L3950"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3938-L3950"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0b53b67bb3b004a8681e1458dd1895d0"
 		logic_hash = "6e6ffc4cad2a956cb2b6667928bac5996cf95cd36f43ba789144c46726471f07"
 		score = 75
@@ -332410,11 +332998,11 @@ rule SIGNATURE_BASE_Telnet_Pl
 		description = "Semi-Auto-generated  - file telnet.pl.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "be4de017-e929-5dd3-a60e-f187456b1a55"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3951-L3962"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3951-L3962"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dd9dba14383064e219e29396e242c1ec"
 		logic_hash = "2d1abc52fc70ce664a19e49e6fa4175bc8d8785dee332d5273323479d9628a8c"
 		score = 75
@@ -332434,11 +333022,11 @@ rule SIGNATURE_BASE_W3D_Php_Php
 		description = "Semi-Auto-generated  - file w3d.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "1a4e3c84-2d3b-5245-bccc-9a5f59b9fc17"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3963-L3975"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3963-L3975"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "987f66b29bfb209a0b4f097f84f57c3b"
 		logic_hash = "33f948a1ae4474daddd788df84fa8baabf4390ec242cad9a6a51dac0152d3b75"
 		score = 75
@@ -332459,11 +333047,11 @@ rule SIGNATURE_BASE_Webshell_Cgi
 		description = "Semi-Auto-generated  - file WebShell.cgi.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "b768bb72-64e8-545a-9123-3d5889b58a82"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3976-L3987"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3976-L3987"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bc486c2e00b5fc3e4e783557a2441e6f"
 		logic_hash = "8908ced96284de6b6d5ae693ba54c49a6333bbe5780d951cbacc91b4dde027df"
 		score = 75
@@ -332483,11 +333071,11 @@ rule SIGNATURE_BASE_Winx_Shell_Html
 		description = "Semi-Auto-generated  - file WinX Shell.html.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "fe02d995-4375-5ce9-aabe-fae5d29278d3"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L3988-L4000"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L3988-L4000"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "17ab5086aef89d4951fe9b7c7a561dda"
 		logic_hash = "4248f807d66990946523ba7b92d795c2c40429182389d9bf3f4a972e246b50c6"
 		score = 75
@@ -332508,11 +333096,11 @@ rule SIGNATURE_BASE_Dx_Php_Php
 		description = "Semi-Auto-generated  - file Dx.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "67d0bccb-d39a-5e30-bdc0-801525ebddd7"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4001-L4013"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4001-L4013"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9cfe372d49fe8bf2fac8e1c534153d9b"
 		logic_hash = "ab43ddcf317eb4db890ca9750dc6bbc19b06b806339a67c82216df02bc2e8446"
 		score = 75
@@ -332533,11 +333121,11 @@ rule SIGNATURE_BASE_Csh_Php_Php
 		description = "Semi-Auto-generated  - file csh.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "da691516-d6c9-5c4b-85c3-f1cd7fc96ae7"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4014-L4027"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4014-L4027"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "194a9d3f3eac8bc56d9a7c55c016af96"
 		logic_hash = "2a74e06a9fd59d7a577041b49403738904239fb011f9bfe2fb665165991b9c98"
 		score = 75
@@ -332559,11 +333147,11 @@ rule SIGNATURE_BASE_Phpinj_Php_Php
 		description = "Semi-Auto-generated  - file pHpINJ.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "7bf54ef4-a3d8-51c6-8db7-bf8947e992ed"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4028-L4040"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4028-L4040"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d7a4b0df45d34888d5a09f745e85733f"
 		logic_hash = "5d39fd31cdaae7765267ce8a35a2fdcf86e7f0de40d4f303fb0f219c0fc04e40"
 		score = 75
@@ -332584,11 +333172,11 @@ rule SIGNATURE_BASE_Sig_2008_Php_Php
 		description = "Semi-Auto-generated  - file 2008.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "bfa3caa9-70a5-536b-a887-58427eee43df"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4041-L4054"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4041-L4054"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3e4ba470d4c38765e4b16ed930facf2c"
 		logic_hash = "a437dc3dc836e93c7a691f7a000c4a4ae574ba95b3a216394ba42538beb9c0f7"
 		score = 75
@@ -332610,11 +333198,11 @@ rule SIGNATURE_BASE_Ak74Shell_Php_Php
 		description = "Semi-Auto-generated  - file ak74shell.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "eaf243cb-fa26-5f34-a724-60a08acff636"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4055-L4067"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4055-L4067"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7f83adcb4c1111653d30c6427a94f66f"
 		logic_hash = "64eb7e72679fc9ee81af6f46d0ab604357710716b93b1ddfaebc5596c968fce8"
 		score = 75
@@ -332635,11 +333223,11 @@ rule SIGNATURE_BASE_Rem_View_Php_Php
 		description = "Semi-Auto-generated  - file Rem View.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "6137434c-89e9-537b-9b26-b56178022b76"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4068-L4080"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4068-L4080"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "29420106d9a81553ef0d1ca72b9934d9"
 		logic_hash = "bcd5c86e793748ffe0ce4415ee68101e8183e1f97477b49843938d254f08695a"
 		score = 75
@@ -332660,11 +333248,11 @@ rule SIGNATURE_BASE_Java_Shell_Js
 		description = "Semi-Auto-generated  - file Java Shell.js.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "eff52c3a-fc3a-5e80-8da9-786168159ebc"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4081-L4093"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4081-L4093"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "36403bc776eb12e8b7cc0eb47c8aac83"
 		logic_hash = "f312298ac30ab57b21222a529b1566b9a66909806e4bc88120ac3992cfd3c6fb"
 		score = 75
@@ -332685,11 +333273,11 @@ rule SIGNATURE_BASE_STNC_Php_Php
 		description = "Semi-Auto-generated  - file STNC.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "8a7167f6-fa62-574f-a37c-3ceadc7f92ec"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4094-L4107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4094-L4107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2e56cfd5b5014cbbf1c1e3f082531815"
 		logic_hash = "b4118dc45ac109bde1cafda24cc103370db57c1993690f450cff828c1633af3c"
 		score = 75
@@ -332711,11 +333299,11 @@ rule SIGNATURE_BASE_Azrailphp_V1_0_Php
 		description = "Semi-Auto-generated  - file aZRaiLPhp v1.0.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "60152b96-e8d3-5b06-a855-fb64a490742b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4108-L4120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4108-L4120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "26b2d3943395682e36da06ed493a3715"
 		logic_hash = "4385f294e59b644fe86d8380db4f7926924eb744ad80735b78ef778d2f7e8ae0"
 		score = 75
@@ -332736,11 +333324,11 @@ rule SIGNATURE_BASE_Moroccan_Spamers_Ma_Edition_By_Ghost_Php
 		description = "Semi-Auto-generated  - file Moroccan Spamers Ma-EditioN By GhOsT.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "721d6e9f-a237-5462-a8d3-f838d7fda420"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4121-L4133"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4121-L4133"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d1b7b311a7ffffebf51437d7cd97dc65"
 		logic_hash = "e755e4ea467861e5217d532b161bf4c582ff71aa1e4720dfa4b75d6e8d7629d8"
 		score = 75
@@ -332761,11 +333349,11 @@ rule SIGNATURE_BASE_Zacosmall_Php
 		description = "Semi-Auto-generated  - file zacosmall.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "25946aa7-7c56-5670-ae2f-c55e65a3b911"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4134-L4146"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4134-L4146"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5295ee8dc2f5fd416be442548d68f7a6"
 		logic_hash = "5a2125fc447344f8cc708503d9e4dd82f9b873e40ded497ef9e01974d08bf043"
 		score = 75
@@ -332786,11 +333374,11 @@ rule SIGNATURE_BASE_Cmdasp_Asp
 		description = "Semi-Auto-generated  - file CmdAsp.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "79e0ba85-ed4b-5909-a2fd-9b4125598078"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4147-L4160"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4147-L4160"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "64f24f09ec6efaa904e2492dffc518b9"
 		logic_hash = "95dc25ecd47b43edbd7e7e36966377aa09da769aff2bc1c33a7df87989611bfa"
 		score = 75
@@ -332812,11 +333400,11 @@ rule SIGNATURE_BASE_Simple_Backdoor_Php
 		description = "Semi-Auto-generated  - file simple-backdoor.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "5607f501-a750-59be-9595-5ac71ea6f74b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4161-L4173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4161-L4173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f091d1b9274c881f8e41b2f96e6b9936"
 		logic_hash = "e2e98580b59727313de298fab0009704f621b1b6556220d5065118d960f7a068"
 		score = 75
@@ -332837,11 +333425,11 @@ rule SIGNATURE_BASE_Mysql_Shell_Php
 		description = "Semi-Auto-generated  - file mysql_shell.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "e517984b-575c-5ead-a438-9767d2c74099"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4174-L4186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4174-L4186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d42aec2891214cace99b3eb9f3e21a63"
 		logic_hash = "dbd825e1056c41efaf80c0495ba7b6cf1c88403b997ea7ac1378512a19f7ed8a"
 		score = 75
@@ -332862,11 +333450,11 @@ rule SIGNATURE_BASE_Dive_Shell_1_0___Emperor_Hacking_Team_Php
 		description = "Semi-Auto-generated  - file Dive Shell 1.0 - Emperor Hacking Team.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "d75294a4-a0a7-5c74-bb7a-766db477633c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4187-L4200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4187-L4200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1b5102bdc41a7bc439eea8f0010310a5"
 		logic_hash = "bd51b625359799178ad3c8e02ba5bb5fca89e6e14769b86dd35c2b8a1049599f"
 		score = 75
@@ -332888,11 +333476,11 @@ rule SIGNATURE_BASE_Asmodeus_V0_1_Pl
 		description = "Semi-Auto-generated  - file Asmodeus v0.1.pl.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "cfd082a8-56fa-54bc-a683-c0052f78e12e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4201-L4214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4201-L4214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0978b672db0657103c79505df69cb4bb"
 		logic_hash = "be0130c9d2a5d29e6ef8749b0058c96c2ca1ecb9823fd14a8a2c82978cf3d104"
 		score = 75
@@ -332914,11 +333502,11 @@ rule SIGNATURE_BASE_Backup_Php_Often_With_C99Shell
 		description = "Semi-Auto-generated  - file backup.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4215-L4227"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4215-L4227"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "aeee3bae226ad57baf4be8745c3f6094"
 		logic_hash = "e27d00ebfbac2565568b9a97552a331db91b4e9aa318febb048937f5c3a1a1ba"
 		score = 75
@@ -332939,11 +333527,11 @@ rule SIGNATURE_BASE_Reader_Asp
 		description = "Semi-Auto-generated  - file Reader.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "70094d24-fa3a-503c-b9b6-294a883fc52c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4228-L4240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4228-L4240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ad1a362e0a24c4475335e3e891a01731"
 		logic_hash = "ec0dc3b050d84e852e0c18bd00961f109d3506fa7f2e8656448bd5edd28d9305"
 		score = 75
@@ -332964,11 +333552,11 @@ rule SIGNATURE_BASE_Phpshell17_Php
 		description = "Semi-Auto-generated  - file phpshell17.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ea1f657c-2023-50bb-a2ee-33c53ee8fb5e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4241-L4253"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4241-L4253"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9a928d741d12ea08a624ee9ed5a8c39d"
 		logic_hash = "a9306747a5c9756f393c61562ed4a601c75c3a9491ad19a7b7dbae1fbd505e9a"
 		score = 75
@@ -332989,11 +333577,11 @@ rule SIGNATURE_BASE_Myshell_Php_Php
 		description = "Semi-Auto-generated  - file myshell.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "eaf243cb-fa26-5f34-a724-60a08acff636"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4254-L4266"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4254-L4266"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "62783d1db52d05b1b6ae2403a7044490"
 		logic_hash = "dd7b0fa637a8317986de0c2312b4b552f1110fb5a64590a9a21c854e5985fbb6"
 		score = 75
@@ -333014,11 +333602,11 @@ rule SIGNATURE_BASE_Simshell_1_0___Simorgh_Security_MGZ_Php
 		description = "Semi-Auto-generated  - file SimShell 1.0 - Simorgh Security MGZ.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "51565555-a17b-59c7-b433-c3166fe0d7f0"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4267-L4280"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4267-L4280"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "37cb1db26b1b0161a4bf678a6b4565bd"
 		logic_hash = "590a1572877fafcd4425a04c12cd56194f03a63b7acad93c39d4b16dc5a1902d"
 		score = 75
@@ -333040,11 +333628,11 @@ rule SIGNATURE_BASE_Jspshall_Jsp
 		description = "Semi-Auto-generated  - file jspshall.jsp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "4bccad33-d26e-52c2-b7f8-802f2c8f3889"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4281-L4293"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4281-L4293"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "efe0f6edaa512c4e1fdca4eeda77b7ee"
 		logic_hash = "94c458d3f38ba21348b0202e2b81bbbc3859e97d64f101a9ea7ec6f036e38bc5"
 		score = 75
@@ -333065,11 +333653,11 @@ rule SIGNATURE_BASE_Webshell_Php
 		description = "Semi-Auto-generated  - file webshell.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4294-L4305"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4294-L4305"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e425241b928e992bde43dd65180a4894"
 		logic_hash = "7b0f4f4afde7dcb44c9d877a72c961f3666278ce28a24ae8068cfbc32639e307"
 		score = 75
@@ -333089,11 +333677,11 @@ rule SIGNATURE_BASE_Rootshell_Php
 		description = "Semi-Auto-generated  - file rootshell.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "aec6621e-f23a-5f9f-91f1-d2f1b1ab58d0"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4306-L4319"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4306-L4319"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "265f3319075536030e59ba2f9ef3eac6"
 		logic_hash = "f836dd1825dc84212d32a034c0dde45d60ccd1eb667018abb60d671b61192666"
 		score = 75
@@ -333115,11 +333703,11 @@ rule SIGNATURE_BASE_Connectback2_Pl
 		description = "Semi-Auto-generated  - file connectback2.pl.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "4ddebc62-17d2-577e-84bd-207367078327"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4320-L4332"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4320-L4332"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "473b7d226ea6ebaacc24504bd740822e"
 		logic_hash = "7316c93f12dbbf6d0235601d8be88c199e37955507925222d00041d0ceaf01c7"
 		score = 75
@@ -333140,11 +333728,11 @@ rule SIGNATURE_BASE_Defacekeeper_0_2_Php
 		description = "Semi-Auto-generated  - file DefaceKeeper_0.2.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "671323e2-42cb-5ce0-9839-5d01c446471c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4333-L4345"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4333-L4345"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "713c54c3da3031bc614a8a55dccd7e7f"
 		logic_hash = "0ee3fed3441e9561867508e324d7a6b1808a8923513bf1c9b82f8238224c994c"
 		score = 75
@@ -333165,11 +333753,11 @@ rule SIGNATURE_BASE_Shells_PHP_Wso
 		description = "Semi-Auto-generated  - file wso.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "fdce6094-a88e-5da6-aeb0-bc97b15bf397"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4346-L4357"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4346-L4357"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "33e2891c13b78328da9062fbfcf898b6"
 		logic_hash = "31ef69228b66b30300006f63b1e4d6e92c2512caca4bd915d418b48564b39c47"
 		score = 75
@@ -333189,11 +333777,11 @@ rule SIGNATURE_BASE_Backdoor1_Php
 		description = "Semi-Auto-generated  - file backdoor1.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "89f44a1c-8a42-58f6-9308-371f4e652bff"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4358-L4370"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4358-L4370"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e1adda1f866367f52de001257b4d6c98"
 		logic_hash = "7c8840dc91c16b9fa19fee16e0159a7f13db23c96596e18da0cdab07931ce35b"
 		score = 75
@@ -333214,11 +333802,11 @@ rule SIGNATURE_BASE_Elmaliseker_Asp
 		description = "Semi-Auto-generated  - file elmaliseker.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "7ecf3d5c-be91-579e-905b-5f2ad03a0e42"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4371-L4384"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4371-L4384"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b32d1730d23a660fd6aa8e60c3dc549f"
 		logic_hash = "969f0f12449375a9ebbb8a68fd4b3db395927416d5cceccdb7f2c64310430880"
 		score = 75
@@ -333240,11 +333828,11 @@ rule SIGNATURE_BASE_Indexer_Asp
 		description = "Semi-Auto-generated  - file indexer.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "84ff60f9-36f7-5d29-9f38-8088fb42582e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4385-L4396"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4385-L4396"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9ea82afb8c7070817d4cdf686abe0300"
 		logic_hash = "0a51f15bfb4289dcb70e1e0b96d100be12901ebf26ed9c0e543eda5f4aa91f1c"
 		score = 75
@@ -333264,11 +333852,11 @@ rule SIGNATURE_BASE_Dxshell_Php_Php
 		description = "Semi-Auto-generated  - file DxShell.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "b89930b7-acf3-5078-8429-d59e27e4b00c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4397-L4408"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4397-L4408"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "33a2b31810178f4c2e71fbdeb4899244"
 		logic_hash = "821f9295eba6119ad08349e769d1909cd7836b4e35795915e94095cf715dc6e5"
 		score = 75
@@ -333288,11 +333876,11 @@ rule SIGNATURE_BASE_S72_Shell_V1_1_Coding_Html
 		description = "Semi-Auto-generated  - file s72 Shell v1.1 Coding.html.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "dfd3b80e-6245-5f74-9d6a-6006218891ac"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4409-L4421"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4409-L4421"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c2e8346a5515c81797af36e7e4a3828e"
 		logic_hash = "aef8840b72e5c435c11150007d6b3af2943126fefdc6df343d0f73755340e260"
 		score = 75
@@ -333313,11 +333901,11 @@ rule SIGNATURE_BASE_Kacak_Asp
 		description = "Semi-Auto-generated  - file kacak.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "1ae15174-b84a-5826-b768-7afed65196db"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4422-L4435"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4422-L4435"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "907d95d46785db21331a0324972dda8c"
 		logic_hash = "8542a3985dff2d1eb42f4d2c9f30405a4817a8e30075225c518ec52381f1f7df"
 		score = 75
@@ -333339,11 +333927,11 @@ rule SIGNATURE_BASE_PHP_Backdoor_Connect_Pl_Php
 		description = "Semi-Auto-generated  - file PHP Backdoor Connect.pl.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "96c9258e-3894-5ee9-b52c-eb7ba7454416"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4436-L4448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4436-L4448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "57fcd9560dac244aeaf95fd606621900"
 		logic_hash = "b141546f45767884f9c8b1cc4c09ea25f90c0f3a3633bfeecad78b60e7f20306"
 		score = 75
@@ -333364,11 +333952,11 @@ rule SIGNATURE_BASE_Antichat_Socks5_Server_Php_Php
 		description = "Semi-Auto-generated  - file Antichat Socks5 Server.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "35d0930c-ef07-5fd4-9d7a-c0d685f92339"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4449-L4461"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4449-L4461"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cbe9eafbc4d86842a61a54d98e5b61f1"
 		logic_hash = "d6b203561f95f431b3d2c241011ae08c05619d45c5900a28137481c029e8297e"
 		score = 75
@@ -333389,11 +333977,11 @@ rule SIGNATURE_BASE_Antichat_Shell_V1_3_Php
 		description = "Semi-Auto-generated  - file Antichat Shell v1.3.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "856cf977-24da-58e0-b6d2-820c92075ecc"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4462-L4474"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4462-L4474"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "40d0abceba125868be7f3f990f031521"
 		logic_hash = "566c324f3bf44ce9f32ddad82a8d3daa87a8a75b5ca0c8286bc912a8ae4ac8e9"
 		score = 75
@@ -333414,11 +334002,11 @@ rule SIGNATURE_BASE_Safe_Mode_Bypass_PHP_4_4_2_And_PHP_5_1_2_Php
 		description = "Semi-Auto-generated  - file Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "3e81f628-31b4-5c22-943e-62c8cb4c0c4d"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4475-L4487"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4475-L4487"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "49ad9117c96419c35987aaa7e2230f63"
 		logic_hash = "d6d2a3999f2e8ceb70f57697c0a845edbbcfce0aba151ec6a0ac23f55265cd47"
 		score = 75
@@ -333439,11 +334027,11 @@ rule SIGNATURE_BASE_Mysql_Php_Php
 		description = "Semi-Auto-generated  - file mysql.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "41730336-0dce-5ed9-95b0-c911a4e3cb48"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4488-L4500"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4488-L4500"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "12bbdf6ef403720442a47a3cc730d034"
 		logic_hash = "60e235310f378698ffcc3ae6a07ab5dd94a660ca4b1504cc878d9741f751d5d1"
 		score = 75
@@ -333464,11 +334052,11 @@ rule SIGNATURE_BASE_Worse_Linux_Shell_Php
 		description = "Semi-Auto-generated  - file Worse Linux Shell.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "e223e2a9-7c7a-597a-8b90-a63ee11805ea"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4501-L4512"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4501-L4512"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8338c8d9eab10bd38a7116eb534b5fa2"
 		logic_hash = "47801296b700e85f9e08857eb06f845ef8ed3f88b7d0de34d4b7c47cef6cc7fb"
 		score = 75
@@ -333488,11 +334076,11 @@ rule SIGNATURE_BASE_Cyberlords_Sql_Php_Php
 		description = "Semi-Auto-generated  - file cyberlords_sql.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "41730336-0dce-5ed9-95b0-c911a4e3cb48"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4513-L4526"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4513-L4526"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "03b06b4183cb9947ccda2c3d636406d4"
 		logic_hash = "b3286f9fd86c90c5afc79801b6d65c9ae52ee1c37da93ff15461d84f37ef8019"
 		score = 75
@@ -333514,11 +334102,11 @@ rule SIGNATURE_BASE_Cmd_Asp_5_1_Asp
 		description = "Semi-Auto-generated  - file cmd-asp-5.1.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "fc204ab8-892d-5435-a737-a185ca32e938"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4527-L4538"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4527-L4538"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8baa99666bf3734cbdfdd10088e0cd9f"
 		logic_hash = "a41c83da1a65e67b6f4ac6ad7cc8702486957ab0c7dda658d071e603338c324b"
 		score = 75
@@ -333538,11 +334126,11 @@ rule SIGNATURE_BASE_Pws_Php_Php
 		description = "Semi-Auto-generated  - file pws.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "1ec47c33-dbec-50bd-b4b0-8f00b704a816"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4539-L4551"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4539-L4551"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ecdc6c20f62f99fa265ec9257b7bf2ce"
 		logic_hash = "98dae8aab5bfd58f4264e318f5a5b5900b38687386f9d7f09c31da0f51d57bc0"
 		score = 75
@@ -333563,11 +334151,11 @@ rule SIGNATURE_BASE_PHP_Shell_Php_Php
 		description = "Semi-Auto-generated  - file PHP Shell.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "6978126c-5414-52d2-b085-6e5589716d93"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4552-L4563"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4552-L4563"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a2f8fa4cce578fc9c06f8e674b9e63fd"
 		logic_hash = "2d5b6e08bfe9e1551dab12b01189dadc924c097427c996684bab96c48d528395"
 		score = 75
@@ -333587,11 +334175,11 @@ rule SIGNATURE_BASE_Ayyildiz_Tim___AYT__Shell_V_2_1_Biz_Html
 		description = "Semi-Auto-generated  - file Ayyildiz Tim  -AYT- Shell v 2.1 Biz.html.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "d50a8669-fd28-59d2-9f00-f4fe2b85dc22"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4564-L4577"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4564-L4577"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8a8c8bb153bd1ee097559041f2e5cf0a"
 		logic_hash = "9e2d56b49df65a2c13e15f97ec91cdbb6852d86e86f921d7c8a4db82cbea12f5"
 		score = 75
@@ -333613,11 +334201,11 @@ rule SIGNATURE_BASE_EFSO_2_Asp
 		description = "Semi-Auto-generated  - file EFSO_2.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "f0566790-b41c-5167-b7ec-19e7d04256d1"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4578-L4589"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4578-L4589"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b5fde9682fd63415ae211d53c6bfaa4d"
 		logic_hash = "15e5419854bcbb08f28fff1e266cca7a004f01ec0a5c313c107ec17c3aa7ffee"
 		score = 75
@@ -333637,11 +334225,11 @@ rule SIGNATURE_BASE_Lamashell_Php
 		description = "Semi-Auto-generated  - file lamashell.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "cbbb3377-ef9c-5fd1-a8b8-2b730fb5ef28"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4590-L4602"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4590-L4602"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "de9abc2e38420cad729648e93dfc6687"
 		logic_hash = "5e156c3057338fa7b306b91dd979851dd56b8b698cfe99e1d7b6d096a4c580e7"
 		score = 75
@@ -333662,11 +334250,11 @@ rule SIGNATURE_BASE_Ajax_PHP_Command_Shell_Php
 		description = "Semi-Auto-generated  - file Ajax_PHP Command Shell.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "cae2e035-ae7b-589b-b2d9-e709028274c5"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4603-L4615"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4603-L4615"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "93d1a2e13a3368a2472043bd6331afe9"
 		logic_hash = "37cba26018f3d37194a143871012a61a7bcee6775d2cf5f93a52b779010d3260"
 		score = 75
@@ -333687,11 +334275,11 @@ rule SIGNATURE_BASE_Jspwebshell_1_2_Jsp
 		description = "Semi-Auto-generated  - file JspWebshell 1.2.jsp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "edfe6a3d-7d56-52ad-a376-cec5722e87b7"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4616-L4629"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4616-L4629"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "70a0ee2624e5bbe5525ccadc467519f6"
 		logic_hash = "32b3ddb00f89a3540118fe8ce5fc070556b00030dcf2b21245d38ae66e6cbc14"
 		score = 75
@@ -333713,11 +334301,11 @@ rule SIGNATURE_BASE_Sincap_Php_Php
 		description = "Semi-Auto-generated  - file Sincap.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "8c4dc7b1-94ce-5528-8442-eae05d2c9980"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4630-L4642"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4630-L4642"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b68b90ff6012a103e57d141ed38a7ee9"
 		logic_hash = "e708a7dcb26ff7d0208c1f092e14e701f2ae94c4ffca019f13064bbe04ef74d7"
 		score = 75
@@ -333738,11 +334326,11 @@ rule SIGNATURE_BASE_Test_Php_Php
 		description = "Semi-Auto-generated  - file Test.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "58d73264-6507-5560-ad3e-0cc86c2ee291"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4643-L4655"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4643-L4655"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "77e331abd03b6915c6c6c7fe999fcb50"
 		logic_hash = "575a2eeadc8113d779057f98e978ed4f8914546117b57944bf65f1d6d84c9521"
 		score = 50
@@ -333763,11 +334351,11 @@ rule SIGNATURE_BASE_Phyton_Shell_Py
 		description = "Semi-Auto-generated  - file Phyton Shell.py.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "2f55d60d-94f3-508d-a2d0-5ab59e3fdab3"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4656-L4669"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4656-L4669"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "92b3c897090867c65cc169ab037a0f55"
 		logic_hash = "ac16a95cd1fb09c93b315e3cd7d57c1ebec322b641f515854fb73a61393dd365"
 		score = 75
@@ -333789,11 +334377,11 @@ rule SIGNATURE_BASE_Mysql_Tool_Php_Php
 		description = "Semi-Auto-generated  - file mysql_tool.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "c67197d1-6e40-5bf2-9e1b-6ada43529435"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4670-L4682"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4670-L4682"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5fbe4d8edeb2769eda5f4add9bab901e"
 		logic_hash = "9f49bd6c56c919f678ecada82ff3d801c82c98a8abdee85cda1ec7e5b6756012"
 		score = 75
@@ -333814,11 +334402,11 @@ rule SIGNATURE_BASE_Zehir_4_Asp
 		description = "Semi-Auto-generated  - file Zehir 4.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ea7df4e1-d4e2-5a58-a014-d12cb9afaf79"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4683-L4694"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4683-L4694"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7f4e12e159360743ec016273c3b9108c"
 		logic_hash = "69063d866daf1709df81fa22d76177bf8d552e19725a94db4a1b2fca79387faf"
 		score = 75
@@ -333838,11 +334426,11 @@ rule SIGNATURE_BASE_Sh_Php_Php
 		description = "Semi-Auto-generated  - file sh.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "da691516-d6c9-5c4b-85c3-f1cd7fc96ae7"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4695-L4706"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4695-L4706"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "330af9337ae51d0bac175ba7076d6299"
 		logic_hash = "b0c3307d451e5d7dadece114e2888503a46038e2edb2ff32bf566ce47b300e76"
 		score = 75
@@ -333862,11 +334450,11 @@ rule SIGNATURE_BASE_Phpbackdoor15_Php
 		description = "Semi-Auto-generated  - file phpbackdoor15.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "a93b881b-3050-5f43-803c-4a571aaaef82"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4707-L4719"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4707-L4719"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0fdb401a49fc2e481e3dfd697078334b"
 		logic_hash = "cdd105f36593e8326ca32bf7cf1fba6fb754e7305c91fe6c078323db8f59b23c"
 		score = 75
@@ -333887,11 +334475,11 @@ rule SIGNATURE_BASE_Phpjackal_Php
 		description = "Semi-Auto-generated  - file phpjackal.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ae46cb97-1ff8-50ba-856f-c38fbb1e5163"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4720-L4731"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4720-L4731"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ab230817bcc99acb9bdc0ec6d264d76f"
 		logic_hash = "6e2ff262aecd08e5feaa274a7fd128d75565d6cc03341da7cbeb2949070705e5"
 		score = 75
@@ -333911,11 +334499,11 @@ rule SIGNATURE_BASE_Sql_Php_Php : FILE
 		description = "Semi-Auto-generated  - file sql.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "41730336-0dce-5ed9-95b0-c911a4e3cb48"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4732-L4745"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4732-L4745"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8334249cbb969f2d33d678fec2b680c5"
 		logic_hash = "016ea01e9b53add0799f5c105fb3d54e6ee07d01c950772a618b2a780f14254f"
 		score = 75
@@ -333936,11 +334524,11 @@ rule SIGNATURE_BASE_Cgi_Python_Py
 		description = "Semi-Auto-generated  - file cgi-python.py.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "75e99d10-3cdf-5f87-9933-4ce5ebe18b09"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4746-L4758"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4746-L4758"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0a15f473e2232b89dae1075e1afdac97"
 		logic_hash = "37c6c7db32a52c8a83ff85f0a50c6fa71e833b9e6d20b1f95e9512fe8bbd0aee"
 		score = 75
@@ -333961,11 +334549,11 @@ rule SIGNATURE_BASE_Ru24_Post_Sh_Php_Php
 		description = "Semi-Auto-generated  - file ru24_post_sh.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "78669d3e-629b-591a-a766-923e37d1fdba"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4759-L4771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4759-L4771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5b334d494564393f419af745dc1eeec7"
 		logic_hash = "e81e5345bbe07ca85c94a3d8411f0dd3c418689ccae7115c098f718f9093b3bf"
 		score = 75
@@ -333986,11 +334574,11 @@ rule SIGNATURE_BASE_Dtool_Pro_Php
 		description = "Semi-Auto-generated  - file DTool Pro.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "c02c522c-8418-5760-869a-52b41785bebc"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4772-L4784"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4772-L4784"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "366ad973a3f327dfbfb915b0faaea5a6"
 		logic_hash = "e8f8b4ca2ab4607e700e897671fd230280763a70897b8ccfc31b3bcb7f2a1f4a"
 		score = 75
@@ -334011,11 +334599,11 @@ rule SIGNATURE_BASE_Telnetd_Pl
 		description = "Semi-Auto-generated  - file telnetd.pl.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "05b5d247-3133-5902-a2ee-b84fa89c7f32"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4785-L4799"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4785-L4799"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5f61136afd17eb025109304bd8d6d414"
 		logic_hash = "faf21758b311fa4c2d11cd60169e6c9a67282cf739b73664456691361a480419"
 		score = 75
@@ -334038,11 +334626,11 @@ rule SIGNATURE_BASE_Php_Include_W_Shell_Php
 		description = "Semi-Auto-generated  - file php-include-w-shell.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ddcf9031-2ec8-5a86-8326-60e4a699f494"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4800-L4811"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4800-L4811"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4e913f159e33867be729631a7ca46850"
 		logic_hash = "a63910d97b7ef447b2cadb7de12943d3dbb6eada27d3097b8acf58d9b65b6f60"
 		score = 75
@@ -334062,11 +334650,11 @@ rule SIGNATURE_BASE_Safe0Ver_Shell__Safe_Mod_Bypass_By_Evilc0Der_Php
 		description = "Semi-Auto-generated  - file Safe0ver Shell -Safe Mod Bypass By Evilc0der.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "25971f62-33ee-5ed6-8d72-118be5bd2deb"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4812-L4824"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4812-L4824"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6163b30600f1e80d2bb5afaa753490b6"
 		logic_hash = "46f6bb38f1175e02b03047c06a7aed968b1c1ce2e28cc4b88e15703040e91592"
 		score = 75
@@ -334087,11 +334675,11 @@ rule SIGNATURE_BASE_Shell_Php_Php
 		description = "Semi-Auto-generated  - file shell.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "eaf243cb-fa26-5f34-a724-60a08acff636"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4825-L4837"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4825-L4837"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1a95f0163b6dea771da1694de13a3d8d"
 		logic_hash = "dbd08e71dc512f8dcf009150fb4448cd3608291ef9078c7e6b86e6f8d820bd94"
 		score = 75
@@ -334112,11 +334700,11 @@ rule SIGNATURE_BASE_Telnet_Cgi
 		description = "Semi-Auto-generated  - file telnet.cgi.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "4ca3dace-cd80-58e4-a4de-47dcc64dac0e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4838-L4850"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4838-L4850"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dee697481383052980c20c48de1598d1"
 		logic_hash = "689c1d43c64aa7469989686c60fc9ab46acde42fdf3c1157bae1e2b8373c845f"
 		score = 75
@@ -334137,11 +334725,11 @@ rule SIGNATURE_BASE_Ironshell_Php
 		description = "Semi-Auto-generated  - file ironshell.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "0d63ad03-4d1d-535f-8afe-3edaf1bf4010"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4851-L4865"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4851-L4865"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8bfa2eeb8a3ff6afc619258e39fded56"
 		logic_hash = "23574299ee2bb33c3f71102adf71ac8f09b6f8ece5f798beacb9b2432d297ee7"
 		score = 75
@@ -334164,11 +334752,11 @@ rule SIGNATURE_BASE_Backdoorfr_Php
 		description = "Semi-Auto-generated  - file backdoorfr.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "5ba2b617-a873-5e80-9cfc-c61cc8d605f3"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4866-L4877"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4866-L4877"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "91e4afc7444ed258640e85bcaf0fecfc"
 		logic_hash = "40a6fb41a65fd35acb7cdc36fdda90f5dc54b641adc3ba9eaae29c5e46622206"
 		score = 75
@@ -334188,11 +334776,11 @@ rule SIGNATURE_BASE_Aspydrv_Asp
 		description = "Semi-Auto-generated  - file aspydrv.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "4420d13e-7015-5083-ba08-b41bf28b00c2"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4878-L4891"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4878-L4891"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1c01f8a88baee39aa1cebec644bbcb99"
 		logic_hash = "64912d7521d4bff33b5f3a78525bf4ed94246f5933753bed7ca02bedffc85f0f"
 		score = 60
@@ -334213,11 +334801,11 @@ rule SIGNATURE_BASE_Cmdjsp_Jsp
 		description = "Semi-Auto-generated  - file cmdjsp.jsp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "048478a8-9622-54c7-80ed-e4e223d14500"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4892-L4905"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4892-L4905"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b815611cc39f17f05a73444d699341d4"
 		logic_hash = "8b0e425c7d71ea2c536192ff186665e7f0fbdbc0e0d195d7107ac57cf9bd1773"
 		score = 75
@@ -334239,11 +334827,11 @@ rule SIGNATURE_BASE_H4Ntu_Shell__Powered_By_Tsoi_
 		description = "Semi-Auto-generated  - file h4ntu shell [powered by tsoi].txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "186358e6-88a3-5fad-b1ba-a49b2a5dea1c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4906-L4917"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4906-L4917"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "06ed0b2398f8096f1bebf092d0526137"
 		logic_hash = "32c620a4ed3f7a8640928e2211516978c12cfbdedb7d96e923303740407b5a1c"
 		score = 75
@@ -334263,11 +334851,11 @@ rule SIGNATURE_BASE_Ajan_Asp
 		description = "Semi-Auto-generated  - file Ajan.asp.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "6040fd88-b992-5110-8b37-7711ace30b1a"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4918-L4930"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4918-L4930"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b6f468252407efc2318639da22b08af0"
 		logic_hash = "13988af864a62ca04501288d4f2d830815ab453b14cef6795fe993db1dd1a9ef"
 		score = 75
@@ -334288,11 +334876,11 @@ rule SIGNATURE_BASE_PHANTASMA_Php
 		description = "Semi-Auto-generated  - file PHANTASMA.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "21ff4cee-9cdc-57d1-9c43-e033fdb47de0"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4931-L4944"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4931-L4944"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "52779a27fa377ae404761a7ce76a5da7"
 		logic_hash = "d4a2a1bcc1ff3264b35f2b05d7de664b56807977f2a793fd87206f046a185d3b"
 		score = 75
@@ -334314,11 +334902,11 @@ rule SIGNATURE_BASE_Mysql_Web_Interface_Version_0_8_Php
 		description = "Semi-Auto-generated  - file MySQL Web Interface Version 0.8.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "90616d2d-082b-5983-a859-62d1c5b8066e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4945-L4958"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4945-L4958"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "36d4f34d0a22080f47bb1cb94107c60f"
 		logic_hash = "f0a20870a3240948e3ef1ad61685b00c5fc90d6098b87af9ac43ab44ccd13c9e"
 		score = 75
@@ -334340,11 +334928,11 @@ rule SIGNATURE_BASE_Simple_Cmd_Html
 		description = "Semi-Auto-generated  - file simple_cmd.html.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "30990574-02a0-5eed-8317-847b6be13300"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4959-L4972"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4959-L4972"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c6381412df74dbf3bcd5a2b31522b544"
 		logic_hash = "56b5b9e5518fa8a4be8c48735e997a538b0e534ad8fd72c1419dc0e8353bbc00"
 		score = 75
@@ -334366,11 +334954,11 @@ rule SIGNATURE_BASE__1_C2007_Php_Php_C100_Php
 		description = "Semi-Auto-generated  - from files 1.txt, c2007.php.php.txt, c100.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "00ada6a4-a32a-5184-867d-e10a8c95c41c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4973-L4987"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4973-L4987"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6f6cb7c210bcd0f84c2ccff52850b1d673622ae49b83d614d63b5bbba7392327"
 		score = 75
 		quality = 85
@@ -334393,11 +334981,11 @@ rule SIGNATURE_BASE__Nst_Php_Php_Img_Php_Php_Nstview_Php_Php
 		description = "Semi-Auto-generated  - from files nst.php.php.txt, img.php.php.txt, nstview.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "238242f5-4e57-5edb-8806-ea5e06f1f637"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L4988-L5003"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L4988-L5003"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b1e13f75edbbc8f9263e0e516a54330ce57190ba0b45813dad4bafeaeefa389b"
 		score = 75
 		quality = 85
@@ -334421,11 +335009,11 @@ rule SIGNATURE_BASE__Network_Php_Php_Xinfo_Php_Php_Nfm_Php_Php
 		description = "Semi-Auto-generated  - from files network.php.php.txt, xinfo.php.php.txt, nfm.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "4fd11db6-902d-5f1a-96c5-9dfcccce7488"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5004-L5018"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5004-L5018"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "913ff19b6448d3b074440c2a5f85d85813fdf010d33dc57c89ba1e5db6455e11"
 		score = 75
 		quality = 85
@@ -334448,11 +335036,11 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_Specials
 		description = "Semi-Auto-generated "
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ee1fd555-f1bc-59a5-998c-f6098de8623e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5019-L5034"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5019-L5034"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a4bae5456baf0d8d894165c84d66118f2b16cfc040e299c2032eccb6a9eb4822"
 		score = 75
 		quality = 85
@@ -334476,11 +335064,11 @@ rule SIGNATURE_BASE__R577_Php_Php_Sniper_SA_Shell_Php_R57_Php_Php_R57_Shell_Php_
 		description = "Semi-Auto-generated "
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "44b53124-c8b6-545b-819f-77fd65e5d61b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5035-L5052"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5035-L5052"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0df3e00f752f85aa1f150c01e3ef41b9a5cd3d3ce2060965992320cb3c4d87ae"
 		score = 75
 		quality = 85
@@ -334506,11 +335094,11 @@ rule SIGNATURE_BASE__C99Shell_V1_0_Php_Php_C99Php_Sses_Php_Php_Ctt_Sh_Php_Php
 		description = "Semi-Auto-generated  - from files c99shell_v1.0.php.php.txt, c99php.txt, SsEs.php.php.txt, ctt_sh.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5053-L5069"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5053-L5069"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "137f98b636ec012d7d5e687f7d24ae88e8d3261360e60a4bbc03da248cce381e"
 		score = 75
 		quality = 85
@@ -334535,11 +335123,11 @@ rule SIGNATURE_BASE__R577_Php_Php_Spy_Php_Php_S_Php_Php
 		description = "Semi-Auto-generated  - from files r577.php.php.txt, spy.php.php.txt, s.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "d287136c-534b-51a4-88fc-40ef9f22d910"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5070-L5084"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5070-L5084"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "09892789e8dad16f9fc7c4e22525e5d0af3af401a4b2655b70f7a6856888875c"
 		score = 75
 		quality = 85
@@ -334562,11 +335150,11 @@ rule SIGNATURE_BASE_Webshell_C99_Generic
 		description = "Semi-Auto-generated "
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5085-L5105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5085-L5105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "422bc3a0d9b04b1e37ad954faacb1ec7841fe529c1eb19634bdbfe83da374c73"
 		score = 75
 		quality = 85
@@ -334595,11 +335183,11 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_C99Shell
 		description = "Semi-Auto-generated "
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5106-L5123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5106-L5123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b133cf947476a1c94ed90b5cd3757ca8aa429be4284d75664625896d9cfa687f"
 		score = 75
 		quality = 85
@@ -334625,11 +335213,11 @@ rule SIGNATURE_BASE__W_Php_Php_Wacking_Php_Php_Specialshell_99_Php_Php
 		description = "Semi-Auto-generated  - from files w.php.php.txt, wacking.php.php.txt, SpecialShell_99.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "c01ad0e5-1aff-5128-9d0c-5d0967532a4b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5124-L5138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5124-L5138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7bdaebfb093b58a2fd33b4bbeea8465d0f724383b4855eb521a3e339ee153781"
 		score = 75
 		quality = 85
@@ -334652,11 +335240,11 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_Sses_Php
 		description = "Semi-Auto-generated "
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ee1fd555-f1bc-59a5-998c-f6098de8623e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5139-L5155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5139-L5155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6dbd40e19d4d5753dbd1f7e627bccc08a60430de8138a923f13e836d19dde65c"
 		score = 75
 		quality = 85
@@ -334681,11 +335269,11 @@ rule SIGNATURE_BASE__R577_Php_Php_Sniper_SA_Shell_Php_R57_Php_Php_Spy_Php_Php_S_
 		description = "Semi-Auto-generated "
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "44b53124-c8b6-545b-819f-77fd65e5d61b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5156-L5172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5156-L5172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "834c33059e08e8075a8d3f69187b74f3b53afabfc37ae1f13a2f579f0948a363"
 		score = 75
 		quality = 85
@@ -334710,11 +335298,11 @@ rule SIGNATURE_BASE__R577_Php_Php_Sniper_SA_Shell_Php_R57_Php_Php
 		description = "Semi-Auto-generated  - from files r577.php.php.txt, SnIpEr_SA Shell.php.txt, r57.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "44b53124-c8b6-545b-819f-77fd65e5d61b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5173-L5188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5173-L5188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f97846fdaac949185b4ce6a25cc276f4ae4243d891acb18c3a3ce0c18b540976"
 		score = 75
 		quality = 85
@@ -334738,11 +335326,11 @@ rule SIGNATURE_BASE__R577_Php_Php_R57_Shell_Php_Php_Spy_Php_Php_S_Php_Php
 		description = "Semi-Auto-generated  - from files r577.php.php.txt, r57 Shell.php.php.txt, spy.php.php.txt, s.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "7a31b923-15e5-5af4-9ad0-8d261fedf7c4"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5189-L5205"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5189-L5205"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "764a374c1e4acec8978db1e7e7e326c4fa95c6f92e1ca5a6d7f892bb05ecd289"
 		score = 75
 		quality = 85
@@ -334767,11 +335355,11 @@ rule SIGNATURE_BASE__Wacking_Php_Php_1_Specialshell_99_Php_Php_C100_Php
 		description = "Semi-Auto-generated  - from files wacking.php.php.txt, 1.txt, SpecialShell_99.php.php.txt, c100.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "3dac5550-598a-5a0f-95c3-2e0162a686ee"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5206-L5222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5206-L5222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0d32fc00ba2602a1140dc9030894bb9524c55b95c445a08f2bf6f8fc60108e64"
 		score = 75
 		quality = 85
@@ -334796,11 +335384,11 @@ rule SIGNATURE_BASE__R577_Php_Php_R57_Php_Php_R57_Shell_Php_Php_Spy_Php_Php_S_Ph
 		description = "Semi-Auto-generated  - from files r577.php.php.txt, r57.php.php.txt, r57 Shell.php.php.txt, spy.php.php.txt, s.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "093892f6-ff53-5bd1-b7b2-fea21a9258aa"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5223-L5240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5223-L5240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "afbd2103b0c953d6aec070ba450f43e567560bc9743423a5731cd4d6e5e36bb6"
 		score = 75
 		quality = 85
@@ -334826,11 +335414,11 @@ rule SIGNATURE_BASE__W_Php_Php_Wacking_Php_Php_Sses_Php_Php_Specialshell_99_Php_
 		description = "Semi-Auto-generated  - from files w.php.php.txt, wacking.php.php.txt, SsEs.php.php.txt, SpecialShell_99.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "81480945-b684-50b6-9431-4ab7a786b214"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5241-L5257"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5241-L5257"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9bbcb687c83c01ad52e8978a60e604a74f10c33a63af3b91d0286b30dea42890"
 		score = 75
 		quality = 85
@@ -334855,11 +335443,11 @@ rule SIGNATURE_BASE_Multiple_Php_Webshells
 		description = "Semi-Auto-generated  - from files multiple_php_webshells"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5259-L5280"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5259-L5280"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d55c96febd64107273001edadbda6d0a1b4b00e35fb41b46561b49fca6a9bd1b"
 		score = 75
 		quality = 85
@@ -334889,11 +335477,11 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php
 		description = "Semi-Auto-generated  - from files w.php.php.txt, c99madshell_v2.1.php.php.txt, wacking.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ee1fd555-f1bc-59a5-998c-f6098de8623e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5281-L5296"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5281-L5296"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c089f8175532ddc0e2d256b4972f7db32683bd213a456622ed27ab4844d1e435"
 		score = 75
 		quality = 85
@@ -334917,11 +335505,11 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_C99Shell
 		description = "Semi-Auto-generated "
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5297-L5314"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5297-L5314"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e82882e89a1aeb256768f2af7a6d3674c89f9abc358710b33b8d3d425defcef1"
 		score = 75
 		quality = 85
@@ -334947,11 +335535,11 @@ rule SIGNATURE_BASE__GFS_Web_Shell_Ver_3_1_7___Priv8_Php_Nshell_Php_Php_Gfs_Sh_P
 		description = "Semi-Auto-generated  - from files GFS web-shell ver 3.1.7 - PRiV8.php.txt, nshell.php.php.txt, gfs_sh.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "4d1dd87b-1ffd-564d-9411-c5d2fc01ae0f"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5315-L5330"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5315-L5330"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9df5b6df25574b303044a0799c5eb5f38f9ebfbc6f6114275fe1e34adbde1f7c"
 		score = 75
 		quality = 85
@@ -334975,11 +335563,11 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_C99Shell
 		description = "Semi-Auto-generated "
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5331-L5349"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5331-L5349"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0f44dc1ff243b234a718e8dbd5cc8c4dc8eb9d3b63300a5c6ff72b86280607bf"
 		score = 75
 		quality = 85
@@ -335006,11 +335594,11 @@ rule SIGNATURE_BASE__W_Php_Php_Wacking_Php_Php_C99Shell_V1_0_Php_Php_C99Php_Spec
 		description = "Semi-Auto-generated "
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5350-L5366"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5350-L5366"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e9cd7425b806f71d8889f5df7f3fc2f4a692279fc4e495104646cfe28c5b5fe5"
 		score = 75
 		quality = 85
@@ -335035,11 +335623,11 @@ rule SIGNATURE_BASE__Antichat_Php_Php_Fatalshell_Php_Php_A_Gedit_Php_Php
 		description = "Semi-Auto-generated  - from files antichat.php.php.txt, Fatalshell.php.php.txt, a_gedit.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "6bf5640f-0773-5d93-8d27-0844062017c7"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5367-L5383"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5367-L5383"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "789340845aeed4accaef02afa1a1fe420e73b6f5af1b621f4ec2342994045278"
 		score = 75
 		quality = 85
@@ -335064,11 +335652,11 @@ rule SIGNATURE_BASE__C99Shell_V1_0_Php_Php_C99Php_Sses_Php_Php
 		description = "Semi-Auto-generated  - from files c99shell_v1.0.php.php.txt, c99php.txt, SsEs.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5384-L5397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5384-L5397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b2bdf4187ff3d63e4af5c70e8cc93cd8fac3257b33c38764ad2bb2e206066162"
 		score = 75
 		quality = 85
@@ -335090,11 +335678,11 @@ rule SIGNATURE_BASE__Crystal_Php_Nshell_Php_Php_Load_Shell_Php_Php
 		description = "Semi-Auto-generated  - from files Crystal.php.txt, nshell.php.php.txt, load_shell.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "a92134cd-7f10-589f-bcda-508bc7a20efe"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5398-L5413"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5398-L5413"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "71a9310b19b66e3699f75f551cc604f535ea843eb9c50f4a009edcd9c11e01b9"
 		score = 75
 		quality = 85
@@ -335118,11 +335706,11 @@ rule SIGNATURE_BASE__Nst_Php_Php_Cybershell_Php_Php_Img_Php_Php_Nstview_Php_Php
 		description = "Semi-Auto-generated  - from files nst.php.php.txt, cybershell.php.php.txt, img.php.php.txt, nstview.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "cc4dc0e9-dbb1-560b-ae36-23d3e16a407f"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5414-L5430"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5414-L5430"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "afc0b1c83644aa323d308471e5978b6b03f444f5f46fbaddac28ff42d524df1e"
 		score = 75
 		quality = 85
@@ -335147,11 +335735,11 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_Dc3_Secu
 		description = "Semi-Auto-generated "
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "d22c4cc3-842b-5a24-bf4b-a8024b447b9e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5431-L5447"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5431-L5447"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7a4c74912caa1855efc3a2ea7fa6d0082f62776d77a211e59f12892d4883f240"
 		score = 75
 		quality = 85
@@ -335176,11 +335764,11 @@ rule SIGNATURE_BASE__C99Shell_V1_0_Php_Php_C99Php_1_C2007_Php_Php_C100_Php
 		description = "Semi-Auto-generated  - from files c99shell_v1.0.php.php.txt, c99php.txt, 1.txt, c2007.php.php.txt, c100.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5448-L5463"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5448-L5463"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a5dc73a12d8c8b89bab77b90cb3b561e9daf9db5f5ad550326a2fbce52c1c8da"
 		score = 75
 		quality = 85
@@ -335204,11 +335792,11 @@ rule SIGNATURE_BASE_Multiple_Php_Webshells_2
 		description = "Semi-Auto-generated "
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5464-L5484"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5464-L5484"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "26fe586ba7f4d1931b2df81aa27543ff422e699fd56b6b1be289a0f8d6954691"
 		score = 75
 		quality = 85
@@ -335237,11 +335825,11 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_1_Specia
 		description = "Semi-Auto-generated "
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "4915146e-141c-5515-ac5a-61901d42dc40"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5485-L5503"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5485-L5503"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "160adf93d4f9e51022c427b2b0601207dd9ca917e98d99e2013fe83e09a85d21"
 		score = 75
 		quality = 85
@@ -335268,11 +335856,11 @@ rule SIGNATURE_BASE__R577_Php_Php_R57_Php_Php_Spy_Php_Php_S_Php_Php
 		description = "Semi-Auto-generated  - from files r577.php.php.txt, r57.php.php.txt, spy.php.php.txt, s.php.php.txt"
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "022d2255-50cd-500b-8d91-8e34f3c46fcf"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5504-L5520"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5504-L5520"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7ba3d6927dc06bfcd98ee9d7146164ca9a9024ef26eac60fabc8ed1375db618d"
 		score = 75
 		quality = 85
@@ -335297,11 +335885,11 @@ rule SIGNATURE_BASE__Nixrem_Php_Php_C99Shell_V1_0_Php_Php_C99Php_NIX_REMOTE_WEB_
 		description = "Semi-Auto-generated "
 		author = "Neo23x0 Yara BRG + customization by Stefan -dfate- Molls"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5521-L5538"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5521-L5538"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f7575db2c8f147d03d5b93b431d1a73c4182b5db6e801e672914778b2042a712"
 		score = 75
 		quality = 85
@@ -335327,11 +335915,11 @@ rule SIGNATURE_BASE_Darksecurityteam_Webshell
 		description = "Dark Security Team Webshell"
 		author = "Florian Roth (Nextron Systems)"
 		id = "78dcd62f-9215-5571-a5ef-5f811ce9672f"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5542-L5554"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5542-L5554"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f1c95b13a71ca3629a0bb79601fcacf57cdfcf768806a71b26f2448f8c1d5d24"
 		logic_hash = "0c58ed8845cb04d785322b280647d424e1028a3be7e92b2493fd907fae36b16d"
 		score = 50
@@ -335351,11 +335939,11 @@ rule SIGNATURE_BASE_PHP_Cloaked_Webshell_Superfetchexec
 		description = "Looks like a webshell cloaked as GIF - http://goo.gl/xFvioC"
 		author = "Florian Roth (Nextron Systems)"
 		id = "4611129a-9865-5603-b1ec-7db0058a80d7"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "http://goo.gl/xFvioC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5556-L5568"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5556-L5568"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "320b85b1ad39a90578f53c69838b6264af1e6a71c509aefc0986c7f0c77fdae9"
 		score = 50
 		quality = 85
@@ -335374,11 +335962,11 @@ rule SIGNATURE_BASE_Webshell_Remexp_Asp_Php
 		description = "PHP Webshells Github Archive - file RemExp.asp.php.txt"
 		author = "Florian Roth (Nextron Systems)"
 		id = "274c8816-2711-5f12-937e-549ec2d57ce1"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5572-L5587"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5572-L5587"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d9919dcf94a70d5180650de8b81669fa1c10c5a2"
 		logic_hash = "b3cfa44898629ffa20630436ae10a94ad72f0e793d61e1157a4de649aa048fe2"
 		score = 75
@@ -335402,11 +335990,11 @@ rule SIGNATURE_BASE_Webshell_Dc3_Security_Crew_Shell_Priv
 		description = "PHP Webshells Github Archive - file dC3_Security_Crew_Shell_PRiV.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "c83bb4ba-6b4e-5a88-925b-b93d08b304e4"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5588-L5604"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5588-L5604"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1b2a4a7174ca170b4e3a8cdf4814c92695134c8a"
 		logic_hash = "f93a5d87d4a490844de578067dc0b7bac6b01ceb9130cd7c70a227566e18f16c"
 		score = 75
@@ -335431,11 +336019,11 @@ rule SIGNATURE_BASE_Webshell_Simattacker
 		description = "PHP Webshells Github Archive - file simattacker.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "2408fad8-780f-50de-a309-99d14a1d87b6"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5605-L5623"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5605-L5623"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "258297b62aeaf4650ce04642ad5f19be25ec29c9"
 		logic_hash = "323b68f1d31df647775ad16a85b9f90bce4eac89188160a1e4853f8fec680160"
 		score = 75
@@ -335462,11 +336050,11 @@ rule SIGNATURE_BASE_Webshell_Dtool_Pro
 		description = "PHP Webshells Github Archive - file DTool Pro.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "9f2922d1-b2af-58ae-b194-ecb33577effa"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5624-L5642"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5624-L5642"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e2ee1c7ba7b05994f65710b7bbf935954f2c3353"
 		logic_hash = "da744efb521415fb8817c0982d8d538e1e38b1c0995f43716611df37bf371c38"
 		score = 75
@@ -335493,12 +336081,12 @@ rule SIGNATURE_BASE_Webshell_Ironshell_4
 		description = "PHP Webshells Github Archive - file ironshell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "06e87e02-372b-5d4e-be52-5515a068665b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		old_rule_name = "WebShell_ironshell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5643-L5662"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5643-L5662"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d47b8ba98ea8061404defc6b3a30839c4444a262"
 		logic_hash = "1810071f261ad7390532b07ef24115726f236131aa8ffd29adbde9ebe5085e9d"
 		score = 75
@@ -335525,11 +336113,11 @@ rule SIGNATURE_BASE_Webshell_Indexer_Asp_Php
 		description = "PHP Webshells Github Archive - file indexer.asp.php.txt"
 		author = "Florian Roth (Nextron Systems)"
 		id = "d6e17429-1b58-5a1b-846d-f5dbfd74cf3a"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5663-L5679"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5663-L5679"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e9a7aa5eb1fb228117dc85298c7d3ecd8e288a2d"
 		logic_hash = "c576925c95b5bd2549e8039a1fc6ac228bfab5ddee8c4e12264ea78e9828ba5c"
 		score = 75
@@ -335554,11 +336142,11 @@ rule SIGNATURE_BASE_Webshell_Toolaspshell
 		description = "PHP Webshells Github Archive - file toolaspshell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "016af030-4991-583c-aab5-a2933ae0eeec"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5680-L5693"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5680-L5693"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "11d236b0d1c2da30828ffd2f393dd4c6a1022e3f"
 		logic_hash = "cb46d3170a9c144a22ef8c91b381495a471d2aa178a4a123eb9a1e32e1db7683"
 		score = 75
@@ -335580,11 +336168,11 @@ rule SIGNATURE_BASE_Webshell_B374K_Mini_Shell_Php_Php
 		description = "PHP Webshells Github Archive - file b374k-mini-shell-php.php.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "d5b0dfa5-46b5-5323-a8e8-b119d8c2c8e5"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5694-L5707"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5694-L5707"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "afb88635fbdd9ebe86b650cc220d3012a8c35143"
 		logic_hash = "553bd775d9662f9410d9ab946ccffe4b2ee92e367bcc6345fa595527653280cf"
 		score = 75
@@ -335606,11 +336194,11 @@ rule SIGNATURE_BASE_Webshell_Sincap_1_0
 		description = "PHP Webshells Github Archive - file Sincap 1.0.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "38d39739-660f-596d-a297-1f0dfe530797"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5708-L5723"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5708-L5723"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9b72635ff1410fa40c4e15513ae3a496d54f971c"
 		logic_hash = "0cb8851285bd55b0b613ec4c46ab88142e2cbba7e527ad510b008cfb342af221"
 		score = 75
@@ -335634,11 +336222,11 @@ rule SIGNATURE_BASE_Webshell_B374K_Php
 		description = "PHP Webshells Github Archive - file b374k.php.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "73eb7d8d-14bb-5bc2-90b2-90b6bd603bd1"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5724-L5739"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5724-L5739"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "04c99efd187cf29dc4e5603c51be44170987bce2"
 		logic_hash = "f44ecdcf327cf417a90a91c8d23f6137b80c2006bea2ca2e214f2bfdf5793771"
 		score = 75
@@ -335662,11 +336250,11 @@ rule SIGNATURE_BASE_Webshell_Simattacker___Vrsion_1_0_0___Priv8_4_My_Friend
 		description = "PHP Webshells Github Archive - file SimAttacker - Vrsion 1.0.0 - priv8 4 My friend.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "3e0bae7d-77a1-5439-bbe7-177bec23cea0"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5740-L5757"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5740-L5757"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6454cc5ab73143d72cf0025a81bd1fe710351b44"
 		logic_hash = "63ebb0c673a5aee05d2d9d571ebf63942d826b5148a5f7ed587ba1efbb0dc923"
 		score = 75
@@ -335696,8 +336284,8 @@ rule SIGNATURE_BASE_WEBSHELL_H4Ntu_Shell_Powered_Tsoi_2 : FILE
 		modified = "2025-03-21"
 		old_rule_name = "WebShell_h4ntu_shell__powered_by_tsoi_"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5759-L5774"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5759-L5774"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cbca8cd000e705357e2a7e0cf8262678706f18f9"
 		logic_hash = "c731f2f430e61277ec6c8e292aa50a31eea46fe67eb455811b3fbe9e8967a8c1"
 		score = 75
@@ -335719,11 +336307,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Myshell
 		description = "PHP Webshells Github Archive - file MyShell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5776-L5794"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5776-L5794"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "42e283c594c4d061f80a18f5ade0717d3fb2f76d"
 		logic_hash = "2c39ffecb44ce2f936ba3563c6086d8b2ed75aec3b57b45e2a1f5e7321ac9a3f"
 		score = 75
@@ -335750,11 +336338,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Pws
 		description = "PHP Webshells Github Archive - file pws.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5795-L5811"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5795-L5811"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7a405f1c179a84ff8ac09a42177a2bcd8a1a481b"
 		logic_hash = "4b2eeb80200cc5dffa80cddc74f1902c0e8a5d2313d9a20d02eeb99ccb668ec0"
 		score = 75
@@ -335779,11 +336367,11 @@ rule SIGNATURE_BASE_Webshell_Reader_Asp_Php
 		description = "PHP Webshells Github Archive - file reader.asp.php.txt"
 		author = "Florian Roth (Nextron Systems)"
 		id = "80ec18e1-6f41-5188-b2d5-f4228c975fa1"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5812-L5826"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5812-L5826"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "70656f3495e2b3ad391a77d5208eec0fb9e2d931"
 		logic_hash = "6ffda38584b6cdec818af8e09c62bb4a46f40230ffd5c1a68993a91c37f67680"
 		score = 75
@@ -335806,12 +336394,12 @@ rule SIGNATURE_BASE_Webshell_Safe_Mode_Bypass_PHP_4_4_2_And_PHP_5_1_2_3
 		description = "PHP Webshells Github Archive - file Safe_Mode_Bypass_PHP_4.4.2_and_PHP_5.1.2.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "349cf6ac-92b3-59f7-a6e4-c23e69b454c6"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		old_rule_name = "WebShell_Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5827-L5844"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5827-L5844"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "db076b7c80d2a5279cab2578aa19cb18aea92832"
 		logic_hash = "6840af0d9f99277277edce93deb54e9a319c8938169701c89fdeb65207590951"
 		score = 75
@@ -335836,12 +336424,12 @@ rule SIGNATURE_BASE_Webshell_Liz0Zim_Private_Safe_Mode_Command_Execuriton_Bypass
 		description = "PHP Webshells Github Archive - file Liz0ziM Private Safe Mode Command Execuriton Bypass Exploit.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "b647f529-be81-51ad-b671-84aec410e133"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		old_rule_name = "WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5845-L5861"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5845-L5861"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b2b797707e09c12ff5e632af84b394ad41a46fa4"
 		logic_hash = "92bfac3516a448bbb3e78cf8950c6e816bf35d0ae2f3d32bc9b9b2836309999b"
 		score = 75
@@ -335865,12 +336453,12 @@ rule SIGNATURE_BASE_Webshell_PHP_Backdoor_2
 		description = "PHP Webshells Github Archive - file php-backdoor.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "65e1305b-4fc7-5885-b3df-92846bb57fe3"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		old_rule_name = "WebShell_php_backdoor"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5862-L5878"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5862-L5878"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b190c03af4f3fb52adc20eb0f5d4d151020c74fe"
 		logic_hash = "4228bcbfff5d7756615347196270f7916843e2aceacc7298610070b8b923381b"
 		score = 75
@@ -335894,12 +336482,12 @@ rule SIGNATURE_BASE_Webshell_Worse_Linux_Shell_2
 		description = "PHP Webshells Github Archive - file Worse Linux Shell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "04ed7464-29d1-54b9-98ff-afc03475b220"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		old_rule_name = "WebShell_Worse_Linux_Shell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5879-L5896"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5879-L5896"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "64623ab1246bc8f7d256b25f244eb2b41f543e96"
 		logic_hash = "6480c524213583511253ea1d37820994bba8a86f58a3775d4a9e4325725289d8"
 		score = 75
@@ -335924,11 +336512,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Phpinj
 		description = "PHP Webshells Github Archive - file pHpINJ.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5897-L5914"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5897-L5914"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "75116bee1ab122861b155cc1ce45a112c28b9596"
 		logic_hash = "271efaa8f370376f971d3d59256658b341599ac554cc216e09401e44b16bdede"
 		score = 75
@@ -335954,11 +336542,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_NGH
 		description = "PHP Webshells Github Archive - file NGH.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5915-L5932"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5915-L5932"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c05b5deecfc6de972aa4652cb66da89cfb3e1645"
 		logic_hash = "572b026545b012951136bdb9b1101e38f27bc3321b895799bc853ea1190877f9"
 		score = 75
@@ -335984,11 +336572,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Matamu
 		description = "PHP Webshells Github Archive - file matamu.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5933-L5949"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5933-L5949"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d477aae6bd2f288b578dbf05c1c46b3aaa474733"
 		logic_hash = "c0101dab5fe7c3a2652b2e23e1ef0274364137895a402a0367c6b5474c0e8a1f"
 		score = 75
@@ -336013,11 +336601,11 @@ rule SIGNATURE_BASE_Webshell_Ru24_Post_Sh
 		description = "PHP Webshells Github Archive - file ru24_post_sh.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "86a45d72-c42d-58d5-9969-d3ebfc22853d"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5950-L5965"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5950-L5965"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d2c18766a1cd4dda928c12ff7b519578ccec0769"
 		logic_hash = "6cf15a67c311979d32edfb443701cef34ee32d7a672314fc7b60b262b6b2c402"
 		score = 75
@@ -336041,11 +336629,11 @@ rule SIGNATURE_BASE_Webshell_Hiddens_Shell_V1
 		description = "PHP Webshells Github Archive - file hiddens shell v1.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "7194998e-c84c-5f59-92fe-857ecf7e8e88"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5966-L5977"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5966-L5977"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1674bd40eb98b48427c547bf9143aa7fbe2f4a59"
 		logic_hash = "b76400c320e6294b0c831fbbb8e08a9d2097fbb027065f9c4b496d4b005ba016"
 		score = 75
@@ -336065,11 +336653,11 @@ rule SIGNATURE_BASE_Webshell_C99_Madnet
 		description = "PHP Webshells Github Archive - file c99_madnet.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "f2b9c3d1-1c55-59cb-a9bf-8b4011f86a3b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5978-L5993"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5978-L5993"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "17613df393d0a99fd5bea18b2d4707f566cff219"
 		logic_hash = "cd4048f28405f106302643656ae5f8a257aaec0184a8057a9dffbda9bb857027"
 		score = 75
@@ -336093,11 +336681,11 @@ rule SIGNATURE_BASE_Webshell_C99_Locus7S
 		description = "PHP Webshells Github Archive - file c99_locus7s.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "f92fe5a2-e465-56ed-a77b-b32ea4c2c105"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L5994-L6009"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L5994-L6009"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d413d4700daed07561c9f95e1468fb80238fbf3c"
 		logic_hash = "5ecfc5f6da471bd3037228c0bc762d50762933af3cf6674210c7b2017a45a646"
 		score = 75
@@ -336121,11 +336709,11 @@ rule SIGNATURE_BASE_Webshell_Jspwebshell_1_2
 		description = "PHP Webshells Github Archive - file JspWebshell_1.2.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "dfd8c88d-4fe2-5786-9d71-65dba525c358"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6010-L6026"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6010-L6026"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0bed4a1966117dd872ac9e8dceceb54024a030fa"
 		logic_hash = "13e696c1c671d7fda832c84f150e3f41ed55bf888c4bebfeb06ea68d6be65527"
 		score = 75
@@ -336150,11 +336738,11 @@ rule SIGNATURE_BASE_Webshell_Safe0Ver
 		description = "PHP Webshells Github Archive - file safe0ver.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "a7fc8c89-f7a1-5958-823a-763dedb3066d"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6027-L6044"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6027-L6044"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "366639526d92bd38ff7218b8539ac0f154190eb8"
 		logic_hash = "ae5de63b79804cf8c99bc5ea0c8862cf05e4085451d2b516cf95565bf32f3876"
 		score = 75
@@ -336180,11 +336768,11 @@ rule SIGNATURE_BASE_Webshell_Uploader
 		description = "PHP Webshells Github Archive - file Uploader.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "c68e15d9-865e-5269-a91c-00619fe76305"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6045-L6056"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6045-L6056"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e216c5863a23fde8a449c31660fd413d77cce0b7"
 		logic_hash = "c4b915f60a952131caa2c4f5bb2eea85ef25f27cabb8ad36a6bb928433558954"
 		score = 75
@@ -336204,11 +336792,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Kral
 		description = "PHP Webshells Github Archive - file kral.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6057-L6073"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6057-L6073"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4cd1d1a2fd448cecc605970e3a89f3c2e5c80dfc"
 		logic_hash = "0aded226f4e54c0169b9fbda91458f581ea47f9f8bda61a350b5e6f8b60931f3"
 		score = 75
@@ -336233,11 +336821,11 @@ rule SIGNATURE_BASE_Webshell_Cgitelnet
 		description = "PHP Webshells Github Archive - file cgitelnet.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "b02d8549-ebfe-522c-9a6d-8657273da3ed"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6074-L6088"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6074-L6088"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "72e5f0e4cd438e47b6454de297267770a36cbeb3"
 		logic_hash = "e9b7096d5a19c9d5423bbfe125ae0347853919ab092efa98f0687a5d0cf68953"
 		score = 75
@@ -336260,12 +336848,12 @@ rule SIGNATURE_BASE_Webshell_Simple_Backdoor_2
 		description = "PHP Webshells Github Archive - file simple-backdoor.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "faddd38e-d0c6-5299-9983-53351af1ece5"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		old_rule_name = "WebShell_simple_backdoor"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6089-L6109"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6089-L6109"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "edcd5157a68fa00723a506ca86d6cbb8884ef512"
 		logic_hash = "655e445e51ec0f1bdce006a72acf3bce95941a349c279c14768760fa9f6f9d76"
 		score = 75
@@ -336293,11 +336881,11 @@ rule SIGNATURE_BASE_Webshell_Safe_Mode_Bypass_PHP_4_4_2_And_PHP_5_1_2_2
 		description = "PHP Webshells Github Archive - file Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "a504442f-85f2-55a1-8a07-1e0faccf8bc0"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6110-L6124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6110-L6124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8fdd4e0e87c044177e9e1c97084eb5b18e2f1c25"
 		logic_hash = "fbe1f77e00fbc4e58cbad564e2d96c0381765ac799dfdf6cc2580428c68f97a5"
 		score = 75
@@ -336320,11 +336908,11 @@ rule SIGNATURE_BASE_Webshell_Ntdaddy_V1_9
 		description = "PHP Webshells Github Archive - file NTDaddy v1.9.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "a175fd28-5dc2-5827-87f0-4117e889e90e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6125-L6139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6125-L6139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "79519aa407fff72b7510c6a63c877f2e07d7554b"
 		logic_hash = "fdf8b4bb4980e588ad5ccee2d047660980d39f38617f887c5762dcdb0b858267"
 		score = 75
@@ -336347,11 +336935,11 @@ rule SIGNATURE_BASE_Webshell_Lamashell
 		description = "PHP Webshells Github Archive - file lamashell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "60e39eed-baa2-5999-8560-0a0242ce2608"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6140-L6156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6140-L6156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b71181e0d899b2b07bc55aebb27da6706ea1b560"
 		logic_hash = "e58dbd6b9c65a139828890a3fadfad9031580fe189066489d266d37d7078ad98"
 		score = 75
@@ -336376,11 +336964,11 @@ rule SIGNATURE_BASE_Webshell_Simple_PHP_Backdoor_By_DK
 		description = "PHP Webshells Github Archive - file Simple_PHP_backdoor_by_DK.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "2c424714-1d2c-5b89-b1bc-a201e37a0a5d"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6157-L6172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6157-L6172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "03f6215548ed370bec0332199be7c4f68105274e"
 		logic_hash = "1f65f759ec4045c521085aad84d0aea4dcfcf26eac4357751cf1dde6886d1718"
 		score = 75
@@ -336404,11 +336992,11 @@ rule SIGNATURE_BASE_Webshell_Moroccan_Spamers_Ma_Edition_By_Ghost
 		description = "PHP Webshells Github Archive - file Moroccan Spamers Ma-EditioN By GhOsT.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "4fa9ce70-d300-55fe-bf98-636f026317ec"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6173-L6186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6173-L6186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "31e5473920a2cc445d246bc5820037d8fe383201"
 		logic_hash = "0e3d2d97665b8849d121d63a22baf7393047a814dde3753e395418c1868b59be"
 		score = 75
@@ -336430,11 +337018,11 @@ rule SIGNATURE_BASE_Webshell_C99Madshell_V__2_0_Madnet_Edition
 		description = "PHP Webshells Github Archive - file C99madShell v. 2.0 madnet edition.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "51db0495-14f3-527e-865b-1405db57ff27"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6187-L6202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6187-L6202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f99f8228eb12746847f54bad45084f19d1a7e111"
 		logic_hash = "7cf825a604783ebc74b1dca53aaff5c886957c562e11276f2acce5ff1f6ab991"
 		score = 75
@@ -336458,11 +337046,11 @@ rule SIGNATURE_BASE_Webshell_Cmdasp_Asp_Php
 		description = "PHP Webshells Github Archive - file CmdAsp.asp.php.txt"
 		author = "Florian Roth (Nextron Systems)"
 		id = "184b1731-31a9-5040-aa25-d145e8064758"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6203-L6222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6203-L6222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cb18e1ac11e37e236e244b96c2af2d313feda696"
 		logic_hash = "0fd9c7e83ad9ddf5cf88f1d1573324d9f24ae03a1951446fe11c116fd0cf4932"
 		score = 75
@@ -336490,11 +337078,11 @@ rule SIGNATURE_BASE_Webshell_NCC_Shell
 		description = "PHP Webshells Github Archive - file NCC-Shell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "3a2dab3d-faf0-52a5-b114-db402885c618"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6223-L6239"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6223-L6239"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "64d4495875a809b2730bd93bec2e33902ea80a53"
 		logic_hash = "c58edc548b7804be25f6956e9407cc9f8c74dfd8651f601a87ba639284e612d9"
 		score = 75
@@ -336519,11 +337107,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_README
 		description = "PHP Webshells Github Archive - file README.md"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6240-L6252"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6240-L6252"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ef2c567b4782c994db48de0168deb29c812f7204"
 		logic_hash = "aa8a9be74bbac08518d5ba442aa6fa37d3f1b255df48b49ccb9842f5728a49d5"
 		score = 75
@@ -336544,11 +337132,11 @@ rule SIGNATURE_BASE_Webshell_Backupsql
 		description = "PHP Webshells Github Archive - file backupsql.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "15d6e967-1e53-53b4-a2cf-7786452495d4"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6253-L6268"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6253-L6268"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "863e017545ec8e16a0df5f420f2d708631020dd4"
 		logic_hash = "0126bfad6eb3861e8322ac3e11b4fd95bc8b88597d916e66c6646d7d5529c1d5"
 		score = 75
@@ -336572,11 +337160,11 @@ rule SIGNATURE_BASE_Webshell_AK_74_Security_Team_Web_Shell_Beta_Version
 		description = "PHP Webshells Github Archive - file AK-74 Security Team Web Shell Beta Version.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "e93a6ac3-080f-53d3-8368-b9feb509a2ea"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6269-L6282"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6269-L6282"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c90b0ba575f432ecc08f8f292f3013b5532fe2c4"
 		logic_hash = "4fbf8f5cab8593fd88e5a430b849e61d7d663c13700f459aa516c5b337d5438b"
 		score = 75
@@ -336598,11 +337186,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Cpanel
 		description = "PHP Webshells Github Archive - file cpanel.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6283-L6299"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6283-L6299"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "433dab17106b175c7cf73f4f094e835d453c0874"
 		logic_hash = "e4dc90c52648f1e5b7dc2d77dcb94feb774ec9e3c156c923c54a9e8f537bbf07"
 		score = 75
@@ -336627,11 +337215,11 @@ rule SIGNATURE_BASE_Webshell_Accept_Language
 		description = "PHP Webshells Github Archive - file accept_language.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "343ed2a4-4bed-5e73-8d05-f9573b0147af"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6300-L6311"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6300-L6311"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "180b13576f8a5407ab3325671b63750adbcb62c9"
 		logic_hash = "6d45071722268f5b39b1486a7dce883ecefb2b3c9993357b7b58bd603ff1c40d"
 		score = 75
@@ -336651,11 +337239,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_529
 		description = "PHP Webshells Github Archive - file 529.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6312-L6329"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6312-L6329"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ba3fb2995528307487dff7d5b624d9f4c94c75d3"
 		logic_hash = "f46b84d51077f157c83cd01534dfe7f9cd0d9ef04ad9935ced22d2abc873c171"
 		score = 75
@@ -336681,11 +337269,11 @@ rule SIGNATURE_BASE_Webshell_STNC_Webshell_V0_8
 		description = "PHP Webshells Github Archive - file STNC WebShell v0.8.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "5dc300a2-9965-52e3-a382-b8d327eb7029"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6330-L6343"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6330-L6343"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "52068c9dff65f1caae8f4c60d0225708612bb8bc"
 		logic_hash = "c2067a1b78c441aa05366b612090e0df895c621843038cc9e65beb6719c0cb9a"
 		score = 75
@@ -336707,11 +337295,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Tryag
 		description = "PHP Webshells Github Archive - file tryag.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6344-L6359"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6344-L6359"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "42d837e9ab764e95ed11b8bd6c29699d13fe4c41"
 		logic_hash = "2af3bbe8d1940e60843f3f5d40c9c6550e76df21568c374f7a871f73aeefae44"
 		score = 75
@@ -336735,11 +337323,11 @@ rule SIGNATURE_BASE_Webshell_Dc3_Security_Crew_Shell_Priv_2
 		description = "PHP Webshells Github Archive - file dC3 Security Crew Shell PRiV.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "1d4a95c4-8128-504d-958f-dcc5c68f4975"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6360-L6375"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6360-L6375"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9077eb05f4ce19c31c93c2421430dd3068a37f17"
 		logic_hash = "52dc0449c205ff9105e2dedc3cb4858f83a2efc7bae579656a26da493dc59500"
 		score = 75
@@ -336763,11 +337351,11 @@ rule SIGNATURE_BASE_Webshell_Qsd_Php_Backdoor
 		description = "PHP Webshells Github Archive - file qsd-php-backdoor.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "f8208851-159c-5d0b-91ad-478aeb4fc9fd"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6376-L6390"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6376-L6390"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4856bce45fc5b3f938d8125f7cdd35a8bbae380f"
 		logic_hash = "3ef7b67cd60370a99fdfa6fd614f71ee314af27c9d983383dde8f03a127a28b3"
 		score = 75
@@ -336790,11 +337378,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Spygrup
 		description = "PHP Webshells Github Archive - file spygrup.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6391-L6405"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6391-L6405"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "12f9105332f5dc5d6360a26706cd79afa07fe004"
 		logic_hash = "5981f8cc1a98f799b1573cf73297383f995acf1c40f0227ac10302dc4d6fd6cc"
 		score = 75
@@ -336817,11 +337405,11 @@ rule SIGNATURE_BASE_Webshell_Web_Shell__C_Shankar
 		description = "PHP Webshells Github Archive - file Web-shell (c)ShAnKaR.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "966f5580-21c5-5ecf-b500-bde3d1ba4494"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6406-L6420"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6406-L6420"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3dd4f25bd132beb59d2ae0c813373c9ea20e1b7a"
 		logic_hash = "9d320eed18a5d76a87cee4ea0fa9caf08f096f7eeaab55420540aa082b596e0f"
 		score = 75
@@ -336844,11 +337432,11 @@ rule SIGNATURE_BASE_Webshell_Ayyildiz_Tim___AYT__Shell_V_2_1_Biz
 		description = "PHP Webshells Github Archive - file Ayyildiz Tim  -AYT- Shell v 2.1 Biz.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "fdd9bae9-80f3-5200-b922-e7d194009af8"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6421-L6435"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6421-L6435"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5fe8c1d01dc5bc70372a8a04410faf8fcde3cb68"
 		logic_hash = "2d096baad162c0e3e01732007a3be2804155e614a8fa4cd2d5dd3a7ac808fb49"
 		score = 75
@@ -336871,11 +337459,11 @@ rule SIGNATURE_BASE_Webshell_Gamma_Web_Shell
 		description = "PHP Webshells Github Archive - file Gamma Web Shell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "43b4fc9f-8897-5553-8846-29d307efa885"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6436-L6450"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6436-L6450"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7ef773df7a2f221468cc8f7683e1ace6b1e8139a"
 		logic_hash = "1de868c4948a95272d288aeba3ac38b84bf6b33ede6b3b600b32530c85586404"
 		score = 75
@@ -336898,11 +337486,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Aspydrv
 		description = "PHP Webshells Github Archive - file aspydrv.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6451-L6466"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6451-L6466"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3d8996b625025dc549d73cdb3e5fa678ab35d32a"
 		logic_hash = "314fd671b163b9904cc78cb3a5858f5b1e3dfae9d520d5ebc545a7abd922e9f7"
 		score = 75
@@ -336926,11 +337514,11 @@ rule SIGNATURE_BASE_Webshell_Jspwebshell_1_2_2
 		description = "PHP Webshells Github Archive - file JspWebshell 1.2.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "659f5c7d-0a9c-554d-a0ad-e3bcb8c5a1e9"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6467-L6482"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6467-L6482"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "184fc72b51d1429c44a4c8de43081e00967cf86b"
 		logic_hash = "41d937fce969a850a2e4e07eb168becc96a036317a78d620e812707be9466dfc"
 		score = 75
@@ -336954,11 +337542,11 @@ rule SIGNATURE_BASE_Webshell_G00Nshell_V1_3
 		description = "PHP Webshells Github Archive - file g00nshell-v1.3.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "61a09576-7e62-5a30-a52c-492b81b96322"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6483-L6498"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6483-L6498"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "70fe072e120249c9e2f0a8e9019f984aea84a504"
 		logic_hash = "2ecb3ce2aa43a99552fb26e610c35bdb04f4ff0dc75c867e4327d6e27eed0177"
 		score = 75
@@ -336982,12 +337570,12 @@ rule SIGNATURE_BASE_Webshell_Winx_Shell_2
 		description = "PHP Webshells Github Archive - file WinX Shell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "ebad4f2e-96c3-5cb7-b228-de3a6a39ae55"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		old_rule_name = "WebShell_WinX_Shell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6499-L6515"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6499-L6515"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a94d65c168344ad9fa406d219bdf60150c02010e"
 		logic_hash = "f953c297763e41d197ce186dc818b656951dfa8c855c5063fc4abb54eeefc7bb"
 		score = 75
@@ -337011,11 +337599,11 @@ rule SIGNATURE_BASE_Webshell_PHANTASMA
 		description = "PHP Webshells Github Archive - file PHANTASMA.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "b36a7dbb-7d40-5fca-8409-c8822298005c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6516-L6530"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6516-L6530"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cd12d42abf854cd34ff9e93a80d464620af6d75e"
 		logic_hash = "355be62807182f9a53bac20a6dead8f0a3bee83b6bdc4566502c157f16076b9b"
 		score = 75
@@ -337038,11 +337626,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Cw
 		description = "PHP Webshells Github Archive - file cw.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6531-L6547"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6531-L6547"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e65e0670ef6edf0a3581be6fe5ddeeffd22014bf"
 		logic_hash = "52bfb14f4d5d3df787ce7782cbbee25ea1556758eed48e3001c8a3f35a541526"
 		score = 75
@@ -337067,11 +337655,11 @@ rule SIGNATURE_BASE_Webshell_Php_Include_W_Shell
 		description = "PHP Webshells Github Archive - file php-include-w-shell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "a80ca446-6612-51b4-99a7-8a8d8e6ee196"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6548-L6561"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6548-L6561"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1a7f4868691410830ad954360950e37c582b0292"
 		logic_hash = "2be144060d4fdaee38214dc2eba80c2a6fd3699060d274e66356fd5a08c9be4b"
 		score = 75
@@ -337093,11 +337681,11 @@ rule SIGNATURE_BASE_Webshell_Mysql_Tool
 		description = "PHP Webshells Github Archive - file mysql_tool.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "a22a0a5c-a686-517e-b1f9-279edab0616b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6562-L6574"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6562-L6574"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c9cf8cafcd4e65d1b57fdee5eef98f0f2de74474"
 		logic_hash = "611636b3fa9a3163574b18cf8eacebea9733a1ad381261387f79a532b003e8fd"
 		score = 75
@@ -337118,11 +337706,11 @@ rule SIGNATURE_BASE_Webshell_Phpspy_Ver_2006
 		description = "PHP Webshells Github Archive - file PhpSpy Ver 2006.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "adbb1963-31c8-5540-a679-c75b1101c163"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6575-L6589"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6575-L6589"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "34a89e0ab896c3518d9a474b71ee636ca595625d"
 		logic_hash = "69bd2c387b0e676168116f3b3c3c081e08fd555cc6bc9a94b9c8ef97f194b09f"
 		score = 75
@@ -337145,11 +337733,11 @@ rule SIGNATURE_BASE_Webshell_Zyklonshell
 		description = "PHP Webshells Github Archive - file ZyklonShell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "4d7ff3e5-4940-52c8-b045-5db1523f70c2"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6590-L6604"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6590-L6604"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3fa7e6f3566427196ac47551392e2386a038d61c"
 		logic_hash = "5d49f2599781836156f6bbb0c50cfcffdb2ca51c7cb688abbc6245d7f856ad01"
 		score = 75
@@ -337172,12 +337760,12 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Myshell_2
 		description = "PHP Webshells Github Archive - file myshell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		old_rule_name = "WebShell_php_webshells_myshell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6605-L6620"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6605-L6620"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5bd52749872d1083e7be076a5e65ffcde210e524"
 		logic_hash = "7765e43189d6ec0cda0b58d00cfd7fc8cec89287dbac7487083b6ce1ce55f306"
 		score = 75
@@ -337200,11 +337788,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Lolipop
 		description = "PHP Webshells Github Archive - file lolipop.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6621-L6634"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6621-L6634"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "86f23baabb90c93465e6851e40104ded5a5164cb"
 		logic_hash = "8b0dcf76a244f80d4bee0c62189df55c1f8d71cf0900cd8ebb5916f5fe972bed"
 		score = 75
@@ -337226,11 +337814,11 @@ rule SIGNATURE_BASE_Webshell_Simple_Cmd
 		description = "PHP Webshells Github Archive - file simple_cmd.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "1fd0c01a-c265-5e30-ab36-e8e93e316fbe"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6635-L6649"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6635-L6649"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "466a8caf03cdebe07aa16ad490e54744f82e32c2"
 		logic_hash = "82a65f4bbdcd2fc626aa9f36fe530d19aa19a48389e970c26e525597818914ee"
 		score = 75
@@ -337253,11 +337841,11 @@ rule SIGNATURE_BASE_Webshell_Go_Shell
 		description = "PHP Webshells Github Archive - file go-shell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "63eaf530-050a-5db7-8885-d4a1e86d62de"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6650-L6665"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6650-L6665"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3dd85981bec33de42c04c53d081c230b5fc0e94f"
 		logic_hash = "f2fcefb9a0536c80fa74ceb002e113f95de53d1f56e22c81b542c395dd11071d"
 		score = 75
@@ -337281,12 +337869,12 @@ rule SIGNATURE_BASE_Webshell_Azrailphp_V1_0_2
 		description = "PHP Webshells Github Archive - file aZRaiLPhp v1.0.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "10546549-e16d-567d-9d88-3d37fe8ff03f"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		old_rule_name = "WebShell_aZRaiLPhp_v1_0"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6666-L6681"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6666-L6681"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a2c609d1a8c8ba3d706d1d70bef69e63f239782b"
 		logic_hash = "8309338bb327cc14ae5970bd921b3dba68353d55be31b9dbbc5374ded24ed563"
 		score = 75
@@ -337309,11 +337897,11 @@ rule SIGNATURE_BASE_Webshell_Webshells_Zehir4
 		description = "Webshells Github Archive - file zehir4"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6682-L6695"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6682-L6695"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "788928ae87551f286d189e163e55410acbb90a64"
 		logic_hash = "36b6940ffecd9be190cce62252ec7d87f1c0bc0d19b4442df63f4404eb316364"
 		score = 55
@@ -337334,11 +337922,11 @@ rule SIGNATURE_BASE_Webshell_Zehir4_Asp_Php
 		description = "PHP Webshells Github Archive - file zehir4.asp.php.txt"
 		author = "Florian Roth (Nextron Systems)"
 		id = "7a849bc6-fff5-5bb6-aff7-660889fd077b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6696-L6709"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6696-L6709"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1d9b78b5b14b821139541cc0deb4cbbd994ce157"
 		logic_hash = "dfaf685ac3b364143bfbe289b05f066b09f01622fec3e9157f4b4791f7567619"
 		score = 75
@@ -337360,11 +337948,11 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Lostdc
 		description = "PHP Webshells Github Archive - file lostDC.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6710-L6725"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6710-L6725"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d54fe07ea53a8929620c50e3a3f8fb69fdeb1cde"
 		logic_hash = "e3cd28f4a72f5a8a92c728fe76a7159c28256e87daf4c1dd10190a57263f5b45"
 		score = 75
@@ -337388,11 +337976,11 @@ rule SIGNATURE_BASE_Webshell_Casus_1_5
 		description = "PHP Webshells Github Archive - file CasuS 1.5.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "cf89d8f8-d498-57fe-98eb-a98350db182f"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6726-L6739"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6726-L6739"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7eee8882ad9b940407acc0146db018c302696341"
 		logic_hash = "0dbaa39bd33047d24e5bc9716108c5581da3f54e93d90f9c550b3d84de1ebfe2"
 		score = 75
@@ -337414,11 +338002,11 @@ rule SIGNATURE_BASE_Webshell_Ftpsearch
 		description = "PHP Webshells Github Archive - file ftpsearch.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "9db8f00a-1843-5057-b8c7-a7f7b63e0659"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6740-L6754"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6740-L6754"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c945f597552ccb8c0309ad6d2831c8cabdf4e2d6"
 		logic_hash = "6b32553be4fdf26776e3cbb8a5d4d011d88f2bd50949b65934df72b89065aeec"
 		score = 75
@@ -337441,11 +338029,11 @@ rule SIGNATURE_BASE_Webshell__Cyber_Shell_Cybershell_Cyber_Shell__V_1_0_
 		description = "PHP Webshells Github Archive - from files Cyber Shell.php, cybershell.php, Cyber Shell (v 1.0).php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "79146f25-87b9-5216-af88-4e433bb08b90"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6755-L6772"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6755-L6772"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fc2cf9a25ccc5aa3d9dc287ef9600b065ba9025cfb0a1ccca1bce9120ea03ff4"
 		score = 75
 		quality = 85
@@ -337471,11 +338059,11 @@ rule SIGNATURE_BASE_Webshell__Ajax_PHP_Command_Shell_Ajax_PHP_Command_Shell_Sold
 		description = "PHP Webshells Github Archive - from files Ajax_PHP Command Shell.php, Ajax_PHP_Command_Shell.php, soldierofallah.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "a158d158-d48d-514c-8b7b-4b6a4a10d021"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6773-L6793"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6773-L6793"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0b9e0d96c8a618a4883235e8c5c9a03a1e0b586cb4b30e0273e24c35ee5ee502"
 		score = 75
 		quality = 85
@@ -337504,11 +338092,11 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_7
 		description = "PHP Webshells Github Archive"
 		author = "Florian Roth (Nextron Systems)"
 		id = "506373d6-31b4-5a14-b009-f2b43028a98b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6794-L6812"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6794-L6812"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9d9b6b1333f2061c357fad110b5cc508288c70aea1212aa2fcbf283a2ce4fb2c"
 		score = 75
 		quality = 85
@@ -337535,11 +338123,11 @@ rule SIGNATURE_BASE_Webshell__Small_Web_Shell_By_Zaco_Small_Zaco_Zacosmall
 		description = "PHP Webshells Github Archive - from files Small Web Shell by ZaCo.php, small.php, zaco.php, zacosmall.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "99dbcea6-7208-5bbe-b200-9ea3074d7855"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6813-L6831"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6813-L6831"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "840c58043e39014e90e7621c1d2417d5a970c744560738abc4fea3db3cbb8d5a"
 		score = 75
 		quality = 85
@@ -337566,11 +338154,11 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_8
 		description = "PHP Webshells Github Archive"
 		author = "Florian Roth (Nextron Systems)"
 		id = "40c6f69f-9963-5e4f-af44-041d47738519"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6832-L6851"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6832-L6851"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "346df2686c4d43b3210b07a30845477e057602500e67baba69b50c41e8d501fa"
 		score = 75
 		quality = 85
@@ -337598,11 +338186,11 @@ rule SIGNATURE_BASE_Webshell__PH_Vayv_Phvayv_PH_Vayv_Klasvayv_Asp_Php
 		description = "PHP Webshells Github Archive - from files PH Vayv.php, PHVayv.php, PH_Vayv.php, klasvayv.asp.php.txt"
 		author = "Florian Roth (Nextron Systems)"
 		id = "1575591b-3245-5c3d-b2a4-6def89e77032"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6852-L6870"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6852-L6870"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "42959ba1e3c0f7f198f953e98b9df87059999f5526df4338c109828d0a5a518a"
 		score = 75
 		quality = 85
@@ -337632,8 +338220,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_9
 		date = "2014-04-06"
 		modified = "2022-12-06"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6872-L6892"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6872-L6892"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9f8768f609ccd464f7c2b9d10ce8ea423355e11b05b39e629e5e3de0787e212b"
 		score = 70
 		quality = 77
@@ -337658,11 +338246,11 @@ rule SIGNATURE_BASE_Webshell__PH_Vayv_Phvayv_PH_Vayv
 		description = "PHP Webshells Github Archive - from files PH Vayv.php, PHVayv.php, PH_Vayv.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "1575591b-3245-5c3d-b2a4-6def89e77032"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6894-L6910"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6894-L6910"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b2f2b95415bc990adac38eada20cbc793f286d51f2054bc969e9c667f16717f9"
 		score = 75
 		quality = 85
@@ -337690,8 +338278,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_1
 		date = "2014-04-06"
 		modified = "2022-12-06"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6912-L6931"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6912-L6931"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9e3759d45d13e33481b962c4b59a019647a3e80bdd3885c4404169af74288b89"
 		score = 70
 		quality = 79
@@ -337716,11 +338304,11 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_2
 		description = "PHP Webshells Github Archive - from files CrystalShell v.1.php, load_shell.php, Loaderz WEB Shell.php, stres.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "be335331-34d7-5abc-b29b-eac7a5ec3915"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6933-L6952"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6933-L6952"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0a63d3b00ad9719140da9bb5dcb49981c4d3758fac13c392d016b47e54f356c8"
 		score = 75
 		quality = 85
@@ -337748,11 +338336,11 @@ rule SIGNATURE_BASE_Webshell__Crystalshell_V_1_Erne_Stres
 		description = "PHP Webshells Github Archive - from files CrystalShell v.1.php, erne.php, stres.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "4e73e42e-b968-5b68-a00d-d2a8a1f3541c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6953-L6974"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6953-L6974"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a0484a5a71715d6a79c89e20919ab89aaa7e85a18ee502651f1f6b29153847a3"
 		score = 75
 		quality = 85
@@ -337782,11 +338370,11 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_3
 		description = "PHP Webshells Github Archive"
 		author = "Florian Roth (Nextron Systems)"
 		id = "ff7c6534-efcf-565e-bfc0-1eaa2e9d7b7d"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6975-L6994"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6975-L6994"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5c264a294fc75cf2cadd3dba61bc64658989ffe5ddecfa18ba18e66492ad3c71"
 		score = 75
 		quality = 85
@@ -337814,11 +338402,11 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_4
 		description = "PHP Webshells Github Archive - from files CrystalShell v.1.php, load_shell.php, nshell.php, Loaderz WEB Shell.php, stres.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "2932cb85-927e-536b-b8d8-a0ac0d1ef8ec"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L6995-L7017"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L6995-L7017"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "18db4c6728f0575b4d8388dab9563ee98ca9aa5fdc8534bf76856a87820b4596"
 		score = 75
 		quality = 85
@@ -337849,11 +338437,11 @@ rule SIGNATURE_BASE_Webshell_GFS
 		description = "PHP Webshells Github Archive - from files GFS web-shell ver 3.1.7 - PRiV8.php, Predator.php, GFS_web-shell_ver_3.1.7_-_PRiV8.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "bde6cfd8-466f-528a-b1e3-f874aa778010"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7019-L7035"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7019-L7035"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "72a3f117cb11e1461b760c47a3de74283640b6e1daa87b24e45210213bb76609"
 		score = 75
 		quality = 85
@@ -337878,11 +338466,11 @@ rule SIGNATURE_BASE_Webshell__Crystalshell_V_1_Sosyete_Stres
 		description = "PHP Webshells Github Archive - from files CrystalShell v.1.php, sosyete.php, stres.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "774f7f4c-724a-5eb0-b5de-44b389fd593d"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7036-L7056"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7036-L7056"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "78aeabe38f7457060d81c3863098b5e424bc38f13e9e86bbb6ea54827f27afcd"
 		score = 75
 		quality = 85
@@ -337911,11 +338499,11 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_10
 		description = "PHP Webshells Github Archive - from files Cyber Shell.php, cybershell.php, Cyber Shell (v 1.0).php, PHPRemoteView.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "f52013d6-72ce-544c-a7ef-ae2a2ea87108"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7057-L7077"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7057-L7077"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0bf731edef55cde5d2ad16510fb9f1a240c1a06b535af7e13300fdbea470df74"
 		score = 75
 		quality = 85
@@ -337944,11 +338532,11 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_11
 		description = "PHP Webshells Github Archive - from files rootshell.php, Rootshell.v.1.0.php, s72 Shell v1.1 Coding.php, s72_Shell_v1.1_Coding.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "590c5320-ef85-5522-94fd-4619749f7eb1"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7078-L7100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7078-L7100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5a559a26314ce603d6454efb71f1243bf89daed920ca2a495a51b94a4cca0045"
 		score = 75
 		quality = 85
@@ -337979,11 +338567,11 @@ rule SIGNATURE_BASE_Webshell__Findsock_Php_Findsock_Shell_Php_Reverse_Shell
 		description = "PHP Webshells Github Archive - from files findsock.c, php-findsock-shell.php, php-reverse-shell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "6567c8f1-bd7f-5844-b937-3db2d8eb7408"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7101-L7115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7101-L7115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2459f7114482e17f087bda4b638c29e237f2f3cb5a9e41e326ed65fc1834b6be"
 		score = 75
 		quality = 85
@@ -338006,11 +338594,11 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_6
 		description = "PHP Webshells Github Archive"
 		author = "Florian Roth (Nextron Systems)"
 		id = "e61ec617-565a-5b24-82f4-3677ef379a06"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7116-L7137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7116-L7137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7b3f2ca3cb9516ddda1b9cac2ca5eb5d9e62e1839dad041f69a3dc7a2a186897"
 		score = 75
 		quality = 85
@@ -338040,11 +338628,11 @@ rule SIGNATURE_BASE_Unpack_Injectt
 		description = "Webshells Auto-generated - file Injectt.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "80dc3086-41a6-5e30-bbf4-463500fe5e33"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7139-L7152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7139-L7152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8a5d2158a566c87edc999771e12d42c5"
 		logic_hash = "d8e9ed4f2604617bd6410f36ab827affa3cc6729ba996d0d9cd9c8eb0fd96533"
 		score = 75
@@ -338066,11 +338654,11 @@ rule SIGNATURE_BASE_Hytop_Devpack_Fso
 		description = "Webshells Auto-generated - file fso.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "094eeff9-0da0-5a44-a45c-f8ee57861e7a"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7153-L7165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7153-L7165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b37f3cde1a08890bd822a182c3a881f6"
 		logic_hash = "9d071c1e2e0725091a2abe24759e6e71d78e29caa76b4fff77c44e3bb381b1a2"
 		score = 75
@@ -338091,11 +338679,11 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_Ssh
 		description = "Webshells Auto-generated - file ssh.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "0b971065-df16-5092-beff-c55608447f19"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7166-L7177"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7166-L7177"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1aa5307790d72941589079989b4f900e"
 		logic_hash = "40c5a5d1d714947454f4aa9f7ed09d777cb60c23933201ac8eaf0d49452af8c6"
 		score = 75
@@ -338115,11 +338703,11 @@ rule SIGNATURE_BASE_Debug_Bdoor
 		description = "Webshells Auto-generated - file BDoor.dll"
 		author = "Florian Roth (Nextron Systems)"
 		id = "0938efe7-2b6d-5749-af9a-967cca85defb"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7178-L7190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7178-L7190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e4e8e31dd44beb9320922c5f49739955"
 		logic_hash = "ed8caeb96a6fc48fe23d5db078bbb8ba5aec3c5d4ee382cbc6bc4e01630f1460"
 		score = 75
@@ -338140,11 +338728,11 @@ rule SIGNATURE_BASE_Bin_Client
 		description = "Webshells Auto-generated - file Client.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "8564d787-5edc-59b0-b1ef-2f33c8a24f82"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7191-L7205"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7191-L7205"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5f91a5b46d155cacf0cc6673a2a5461b"
 		logic_hash = "28ce9aa136b5d41bb580e6b5b8580d3ccbb7eeec31007e68241d23c5a0f40d40"
 		score = 75
@@ -338167,11 +338755,11 @@ rule SIGNATURE_BASE_Zxshell2_0_Rar_Folder_Zxshell
 		description = "Webshells Auto-generated - file ZXshell.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "621ac87e-b1f8-58d7-9328-54af5ca9b605"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7206-L7218"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7206-L7218"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "246ce44502d2f6002d720d350e26c288"
 		logic_hash = "72eaf90551144eccb7329e0a0e05bcc955ea2bfdb37aa87e9cae7b5f5a26bea0"
 		score = 75
@@ -338192,11 +338780,11 @@ rule SIGNATURE_BASE_Rkntload
 		description = "Webshells Auto-generated - file RkNTLoad.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "fd4b1343-5fa9-5ad8-bee1-6b06b93ddfbe"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7219-L7237"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7219-L7237"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "262317c95ced56224f136ba532b8b34f"
 		logic_hash = "ab767a7016318633055a85195ca2bab08a8c68222d46018aaf8772ab27a373c4"
 		score = 75
@@ -338223,11 +338811,11 @@ rule SIGNATURE_BASE_Binder2_Binder2
 		description = "Webshells Auto-generated - file binder2.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "29269dc0-f2e4-56ec-ad64-0dff00e339b7"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7238-L7254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7238-L7254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d594e90ad23ae0bc0b65b59189c12f11"
 		logic_hash = "fbe56b7d37fc7863fcf55761c0b5b671d661a713ac95f90d65b79eee9a447a9b"
 		score = 75
@@ -338252,11 +338840,11 @@ rule SIGNATURE_BASE_Thelast_Orice2
 		description = "Webshells Auto-generated - file orice2.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "968cef9e-0163-5f4a-91e3-07510f9f4fcd"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7255-L7267"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7255-L7267"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "aa63ffb27bde8d03d00dda04421237ae"
 		logic_hash = "075f3377a9b90c6c1ba74682415b9c0832a839afe647fa6d3c85d4e987618405"
 		score = 75
@@ -338277,11 +338865,11 @@ rule SIGNATURE_BASE_FSO_S_Sincap
 		description = "Webshells Auto-generated - file sincap.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "fcee20a3-e71b-5f69-ac67-8660fd270703"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7268-L7280"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7268-L7280"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dc5c2c2392b84a1529abd92e98e9aa5b"
 		logic_hash = "705030e93248f5ea6744f78bd7a1816aaa9772880059286b8d686e05b193d4a0"
 		score = 75
@@ -338302,11 +338890,11 @@ rule SIGNATURE_BASE_Phpshell
 		description = "Webshells Auto-generated - file PhpShell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "887264d3-5704-5e38-b0a6-44d529258ea2"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7281-L7292"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7281-L7292"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "539baa0d39a9cf3c64d65ee7a8738620"
 		logic_hash = "95b3cedac370bf9b06092035a738722f3ec97e6cbafe3d4f742429a865576ad8"
 		score = 75
@@ -338326,11 +338914,11 @@ rule SIGNATURE_BASE_Hytop_Devpack_Config
 		description = "Webshells Auto-generated - file config.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "da1b8ce1-8b17-53f6-a86b-ad3fe918084e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7293-L7306"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7293-L7306"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b41d0e64e64a685178a3155195921d61"
 		logic_hash = "b2806c30db413bca518943352f233c9d2915356a41eceed5e352b88ee34fbbd3"
 		score = 75
@@ -338352,11 +338940,11 @@ rule SIGNATURE_BASE_Sendmail
 		description = "Webshells Auto-generated - file sendmail.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "dd33c2bb-61bf-57b7-82b9-d864097f7a56"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7307-L7319"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7307-L7319"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "75b86f4a21d8adefaf34b3a94629bd17"
 		logic_hash = "bcca9a9380d2695bc277afc9fa72c24cb26ac44c6fbcc87113b017cfe190bdab"
 		score = 75
@@ -338377,11 +338965,11 @@ rule SIGNATURE_BASE_FSO_S_Zehir4
 		description = "Webshells Auto-generated - file zehir4.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "9f1adcd6-b721-54ef-a20f-c3a353629a40"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7320-L7331"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7320-L7331"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5b496a61363d304532bcf52ee21f5d55"
 		logic_hash = "6bcfb1ee40403394bf996ecbe1bb17f9afa0c3ba9e1906881b94bbc785b4a510"
 		score = 75
@@ -338401,11 +338989,11 @@ rule SIGNATURE_BASE_Hkshell_Hkshell
 		description = "Webshells Auto-generated - file hkshell.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "7436cd7c-7027-56dc-bb62-fac0f70c27d8"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7332-L7345"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7332-L7345"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "168cab58cee59dc4706b3be988312580"
 		logic_hash = "bee4d4c957ede41c771d690d52ac2fd3655238cc1fc106d30fb2721084b38aa1"
 		score = 75
@@ -338427,11 +339015,11 @@ rule SIGNATURE_BASE_Imhapftp
 		description = "Webshells Auto-generated - file iMHaPFtp.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "c810c630-ce08-5059-ad49-f65b244f4d19"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7346-L7357"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7346-L7357"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "12911b73bc6a5d313b494102abcf5c57"
 		logic_hash = "c24bb80a0ae4284b4303450e9103c5dda30c41b41f323641ac1175461f741ced"
 		score = 75
@@ -338451,11 +339039,11 @@ rule SIGNATURE_BASE_Unpack_Tback
 		description = "Webshells Auto-generated - file TBack.dll"
 		author = "Florian Roth (Nextron Systems)"
 		id = "b5f93621-e1e9-5aed-b574-471b4c1f9570"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7358-L7369"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7358-L7369"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a9d1007823bf96fb163ab38726b48464"
 		logic_hash = "0fb43766c305f4235cc0987f411fdc3b3674723687f0b63d346429f4a7b5b87f"
 		score = 75
@@ -338475,11 +339063,11 @@ rule SIGNATURE_BASE_Darkspy105
 		description = "Webshells Auto-generated - file DarkSpy105.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "9d519ccf-fe52-5b82-a39d-c9f86c1089e1"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7370-L7381"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7370-L7381"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f0b85e7bec90dba829a3ede1ab7d8722"
 		logic_hash = "0f1c9dba4525f9c30f309500652ed6af647ddf492f483e101fc23c891e15fc85"
 		score = 75
@@ -338499,11 +339087,11 @@ rule SIGNATURE_BASE_Editserver_EXE
 		description = "Webshells Auto-generated - file EditServer.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "97928144-0112-5288-8f95-acf7a0d56e71"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7382-L7395"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7382-L7395"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f945de25e0eba3bdaf1455b3a62b9832"
 		logic_hash = "d440669b0c0bf575cf9dea946edf55f724300a4c765e90c631fc1eee062bf006"
 		score = 75
@@ -338525,11 +339113,11 @@ rule SIGNATURE_BASE_FSO_S_Reader
 		description = "Webshells Auto-generated - file reader.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "d596f7f4-5b0d-5f17-94d3-2582ec041eb1"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7396-L7407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7396-L7407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b598c8b662f2a1f6cc61f291fb0a6fa2"
 		logic_hash = "89a948f8da66173965884cd525615c8eeb91cf98a4984c05be7472034bb72f76"
 		score = 75
@@ -338549,11 +339137,11 @@ rule SIGNATURE_BASE_ASP_Cmdasp
 		description = "Webshells Auto-generated - file CmdAsp.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "e4b48843-1936-5717-b2b6-add5b4a14d04"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7408-L7421"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7408-L7421"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "79d4f3425f7a89befb0ef3bafe5e332f"
 		logic_hash = "84c3148fe74b1afaa6e3bbff0aca8df1f1775759a36a673cc13d35ef7658929c"
 		score = 75
@@ -338575,11 +339163,11 @@ rule SIGNATURE_BASE_KA_Ushell
 		description = "Webshells Auto-generated - file KA_uShell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "34e220db-2fb5-59dc-b5e8-d88f844d3977"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7422-L7434"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7422-L7434"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "685f5d4f7f6751eaefc2695071569aab"
 		logic_hash = "58d25e19e2e14a909b4b623a85dfd8c62974121d3b23574d1e94b62385e42b45"
 		score = 75
@@ -338600,11 +339188,11 @@ rule SIGNATURE_BASE_PHP_Backdoor_V1
 		description = "Webshells Auto-generated - file PHP Backdoor v1.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "f47298a9-a47c-5088-ab1f-1bd76bfd0ca8"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7435-L7448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7435-L7448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0506ba90759d11d78befd21cabf41f3d"
 		logic_hash = "396ae1ee34a06ab4863f4f54257a9020b8747fb99dff15372f0aa54fa4598e43"
 		score = 75
@@ -338625,11 +339213,11 @@ rule SIGNATURE_BASE_Svchostdll
 		description = "Webshells Auto-generated - file svchostdll.dll"
 		author = "Florian Roth (Nextron Systems)"
 		id = "b369d702-1f29-56ec-a742-f87d9c42c775"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7449-L7468"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7449-L7468"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0f6756c8cb0b454c452055f189e4c3f4"
 		logic_hash = "4a7a7bb7d827c2e7801f8c33b292bb3d312428fc4ae79f07e103f456984c3b83"
 		score = 75
@@ -338657,11 +339245,11 @@ rule SIGNATURE_BASE_Hytop_Devpack_Server
 		description = "Webshells Auto-generated - file server.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "0e4fee1b-8a16-5738-9600-fa965f8c84c2"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7469-L7480"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7469-L7480"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1d38526a215df13c7373da4635541b43"
 		logic_hash = "66b8513a532f64af535c948da28674795ae6495b9844165c3b039bf61c25eb46"
 		score = 75
@@ -338681,11 +339269,11 @@ rule SIGNATURE_BASE_Vanquish
 		description = "Webshells Auto-generated - file vanquish.dll"
 		author = "Florian Roth (Nextron Systems)"
 		id = "143e5e46-ffbc-5aee-9f9b-13374a6c3c10"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7481-L7494"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7481-L7494"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "684450adde37a93e8bb362994efc898c"
 		logic_hash = "223c59d06a9389f380fa29959c54e53a17b53080f704189ae519b9527b2c6384"
 		score = 75
@@ -338707,11 +339295,11 @@ rule SIGNATURE_BASE_Winshell
 		description = "Webshells Auto-generated - file winshell.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "24edd03a-df71-5d84-9764-ba7903b68064"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7495-L7514"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7495-L7514"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3144410a37dd4c29d004a814a294ea26"
 		logic_hash = "addbfa598039af09c0e4c50138fcfabd16c35c5516259cf9595cf49855da518d"
 		score = 75
@@ -338739,11 +339327,11 @@ rule SIGNATURE_BASE_FSO_S_Remview
 		description = "Webshells Auto-generated - file remview.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "5040ddbc-2e61-50ca-b738-a4ac8feec3f1"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7515-L7528"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7515-L7528"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b4a09911a5b23e00b55abe546ded691c"
 		logic_hash = "19719e8c9215ec9ba9fab55b604907e0a6d0a0507a5662926acff1e9dc03440e"
 		score = 75
@@ -338765,11 +339353,11 @@ rule SIGNATURE_BASE_Saphpshell
 		description = "Webshells Auto-generated - file saphpshell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "42bcd739-714e-5dbf-a3a1-929f3d16ed6f"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7529-L7540"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7529-L7540"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d7bba8def713512ddda14baf9cd6889a"
 		logic_hash = "24d558292a709bb29334b1acdc53cdb6c5bc6803caec527edcacd6a19f6dc7c9"
 		score = 75
@@ -338789,11 +339377,11 @@ rule SIGNATURE_BASE_Hytop2006_Rar_Folder_2006Z
 		description = "Webshells Auto-generated - file 2006Z.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "bda89055-27f5-50b7-86a3-2c75a5f3eadc"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7541-L7553"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7541-L7553"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fd1b6129abd4ab177fed135e3b665488"
 		logic_hash = "4b427132541cd26ee47c387a98f6f46f86808f9a775068e1d114c9ef4abca9f6"
 		score = 75
@@ -338814,11 +339402,11 @@ rule SIGNATURE_BASE_Admin_Ad
 		description = "Webshells Auto-generated - file admin-ad.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "7d87b4f6-3227-53cb-803c-4f9c7327f203"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7554-L7566"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7554-L7566"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e6819b8f8ff2f1073f7d46a0b192f43b"
 		logic_hash = "0febd10979a959af73332a8e064a510e949109abf863b5fd0fef19b635968d1d"
 		score = 75
@@ -338839,11 +339427,11 @@ rule SIGNATURE_BASE_FSO_S_Casus15
 		description = "Webshells Auto-generated - file casus15.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "305842e4-26ad-573d-8df3-e32e239e434b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7567-L7578"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7567-L7578"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8d155b4239d922367af5d0a1b89533a3"
 		logic_hash = "58921290952f23ff5b828d8c92c818ebd91b726cdbbc9137b0f55a0e5ca90636"
 		score = 75
@@ -338863,11 +339451,11 @@ rule SIGNATURE_BASE_BIN_Client
 		description = "Webshells Auto-generated - file Client.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "515ab1b3-7923-55de-8c19-71ef5d9b4366"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7579-L7595"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7579-L7595"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9f0a74ec81bc2f26f16c5c172b80eca7"
 		logic_hash = "e1277f6b7adc2e832a3aad96c7e44796596d2e61eb9247977da3c3569777e0b2"
 		score = 75
@@ -338892,11 +339480,11 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Uptime
 		description = "Webshells Auto-generated - file uptime.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "4f649757-9502-5640-bc17-11cad6c779f4"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7596-L7611"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7596-L7611"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d1f56102bc5d3e2e37ab3ffa392073b9"
 		logic_hash = "5d91dda859a63a965250bd4d76565c6adf18e4ee306be3b91965e5d35bc521e8"
 		score = 75
@@ -338920,11 +339508,11 @@ rule SIGNATURE_BASE_Simple_PHP_Backdoor
 		description = "Webshells Auto-generated - file Simple_PHP_BackDooR.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "bd7c19b9-e035-5e70-b626-1d210cadc055"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7612-L7625"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7612-L7625"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a401132363eecc3a1040774bec9cb24f"
 		logic_hash = "9739217c23f583452fbf1d7a8e20b2f1379ebf430e0a4fd73ad62e88d544670a"
 		score = 75
@@ -338946,11 +339534,11 @@ rule SIGNATURE_BASE_Sig_2005Gray
 		description = "Webshells Auto-generated - file 2005Gray.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "978fb04e-517d-51cf-98ca-5fd6b421365e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7626-L7640"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7626-L7640"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "75dbe3d3b70a5678225d3e2d78b604cc"
 		logic_hash = "927ed5cdaa14b6cd63a6ca7d7bec6635b69fa19d88808890e7d198fb7a0b57b4"
 		score = 75
@@ -338973,11 +339561,11 @@ rule SIGNATURE_BASE_Dllinjection
 		description = "Webshells Auto-generated - file DllInjection.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "8a57e122-fd00-57f3-94db-736c5bfd76db"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7641-L7652"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7641-L7652"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a7b92283a5102886ab8aee2bc5c8d718"
 		logic_hash = "6e01ae1cc8a91a5e0d22bdf477aa72bf0116dbe31752a069b1e34d8a09ec6213"
 		score = 75
@@ -338997,11 +339585,11 @@ rule SIGNATURE_BASE_Mithril_V1_45_Mithril
 		description = "Webshells Auto-generated - file Mithril.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "3c160017-0332-532a-bb7f-390a4a34dc4e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7653-L7665"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7653-L7665"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f1484f882dc381dde6eaa0b80ef64a07"
 		logic_hash = "a3e74bfb34762553eccaddd745d9e17dc3a5a25201e4bc9e2ea9a49342295c78"
 		score = 75
@@ -339022,11 +339610,11 @@ rule SIGNATURE_BASE_Hkshell_Hkrmv
 		description = "Webshells Auto-generated - file hkrmv.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "986fad12-9198-5e0a-88d6-a9be6963ff8c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7666-L7678"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7666-L7678"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bd3a0b7a6b5536f8d96f50956560e9bf"
 		logic_hash = "f1da0778456272e6d93633a564018bdf0fa74f1db1c9e963a03a59c69c752b6e"
 		score = 75
@@ -339047,12 +339635,12 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_1
 		description = "Webshells Auto-generated - file phpshell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "d0107af3-e484-54cf-a238-dd1e71efd3f6"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		old_rule_name = "phpshell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7679-L7693"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7679-L7693"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1dccb1ea9f24ffbd085571c88585517b"
 		logic_hash = "eed450ae6668bbee01ea2689e9864f10a66714ec4c91afabb12609ad4ebdac8c"
 		score = 75
@@ -339074,11 +339662,11 @@ rule SIGNATURE_BASE_FSO_S_Cmd
 		description = "Webshells Auto-generated - file cmd.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "f7a74f21-aec9-5ee7-a80e-0fe34b977a71"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7694-L7706"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7694-L7706"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cbe8e365d41dd3cd8e462ca434cf385f"
 		logic_hash = "43f3379a57210f0e3b70575313115a7ba3d71359de7c5ac9a6a178b93af3545e"
 		score = 75
@@ -339099,11 +339687,11 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_Phpft
 		description = "Webshells Auto-generated - file phpft.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "00bc690b-4977-5076-a40a-edd39c37233f"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7707-L7719"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7707-L7719"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "60ef80175fcc6a879ca57c54226646b1"
 		logic_hash = "741536acafdc4da618d69bdae2f0a3e8c004a4027cc76c796158ee111c006414"
 		score = 75
@@ -339124,11 +339712,11 @@ rule SIGNATURE_BASE_FSO_S_Indexer
 		description = "Webshells Auto-generated - file indexer.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "fba053d7-5413-563f-8c27-0554349500b2"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7720-L7731"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7720-L7731"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "135fc50f85228691b401848caef3be9e"
 		logic_hash = "a1bfba9c24819f5c1574aa179d853a6cc2fcf58c7b9a14eeab2639248178549c"
 		score = 75
@@ -339148,11 +339736,11 @@ rule SIGNATURE_BASE_R57Shell
 		description = "Webshells Auto-generated - file r57shell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "1f1070e8-e82c-5cae-a64a-cd5028adae97"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7732-L7743"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7732-L7743"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8023394542cddf8aee5dec6072ed02b5"
 		logic_hash = "40ff6bceb3f9bd95fbf5e75681fadadaa64243007e10fcc86bb909282b8161c5"
 		score = 75
@@ -339172,11 +339760,11 @@ rule SIGNATURE_BASE_Bdcli100
 		description = "Webshells Auto-generated - file bdcli100.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "c74e8822-9556-5596-a130-c6e0120d7103"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7744-L7756"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7744-L7756"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b12163ac53789fb4f62e4f17a8c2e028"
 		logic_hash = "48c70413c71d5a84f8cea48c77935b7cc26d9e1348d7ab257de4540d69f0f817"
 		score = 75
@@ -339197,11 +339785,11 @@ rule SIGNATURE_BASE_Hytop_Devpack_2005Red
 		description = "Webshells Auto-generated - file 2005Red.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "963effd9-f31d-5238-9419-b5dd11822e56"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7757-L7770"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7757-L7770"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d8ccda2214b3f6eabd4502a050eb8fe8"
 		logic_hash = "716b6faa8d1216f592d63b658cdd65d7be0226bf746b5fdf1827bdf881562711"
 		score = 75
@@ -339223,11 +339811,11 @@ rule SIGNATURE_BASE_Hytop2006_Rar_Folder_2006X2
 		description = "Webshells Auto-generated - file 2006X2.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "bda89055-27f5-50b7-86a3-2c75a5f3eadc"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7771-L7783"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7771-L7783"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cc5bf9fc56d404ebbc492855393d7620"
 		logic_hash = "0df587ccaf41d11c6be90ef631ce8b21f95f08fa8f71e62463c378455b312f4a"
 		score = 75
@@ -339248,11 +339836,11 @@ rule SIGNATURE_BASE_Rdrbs084
 		description = "Webshells Auto-generated - file rdrbs084.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "97548273-6894-5c9f-8cca-d966ce770ada"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7784-L7796"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7784-L7796"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ed30327b255816bdd7590bf891aa0020"
 		logic_hash = "8a743d62723c4a5f863f986edd4b149728680b40d6a4b9a99b093d62ccb70cf8"
 		score = 75
@@ -339273,11 +339861,11 @@ rule SIGNATURE_BASE_Hytop_Caseswitch_2005
 		description = "Webshells Auto-generated - file 2005.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "0f2b8e71-1c11-5efe-bee7-146168aec369"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7797-L7815"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7797-L7815"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8bf667ee9e21366bc0bd3491cb614f41"
 		logic_hash = "0ecf28b5abb918cd1d8f38b76019dddf19dff5dbb114f16ef6ec9b46cb590a46"
 		score = 75
@@ -339304,11 +339892,11 @@ rule SIGNATURE_BASE_Ebayid_Index3
 		description = "Webshells Auto-generated - file index3.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "4fc30150-7b44-53c4-888c-faf651495407"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7816-L7827"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7816-L7827"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0412b1e37f41ea0d002e4ed11608905f"
 		logic_hash = "47660cb71d6787683e51aa14fc0f4a9d6f1c59517b77bfe4135098a0020ded11"
 		score = 75
@@ -339328,11 +339916,11 @@ rule SIGNATURE_BASE_FSO_S_Phvayv
 		description = "Webshells Auto-generated - file phvayv.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "07e027a6-01a5-5250-a35e-fbfef1449cfe"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7828-L7839"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7828-L7839"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "205ecda66c443083403efb1e5c7f7878"
 		logic_hash = "d0482607f7d9cf6c89963cb9b1f943fa0b80636e857e0fb044cd9a0b3f974deb"
 		score = 75
@@ -339352,11 +339940,11 @@ rule SIGNATURE_BASE_Byshell063_Ntboot
 		description = "Webshells Auto-generated - file ntboot.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "7d1f39f6-04f1-51ee-b125-c35af8ae4c0c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7840-L7854"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7840-L7854"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "99b5f49db6d6d9a9faeffb29fd8e6d8c"
 		logic_hash = "2fdc930eacb87d02ebe69a2b64df4103bd0f3417a76f1b2922b3d4cd4c0dffe9"
 		score = 75
@@ -339379,11 +339967,11 @@ rule SIGNATURE_BASE_FSO_S_Casus15_2
 		description = "Webshells Auto-generated - file casus15.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "d3f67fe9-a93f-504a-8b14-a815135d562f"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7855-L7866"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7855-L7866"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8d155b4239d922367af5d0a1b89533a3"
 		logic_hash = "45820e0398cca8e75fc4acf6863d962a817afd95a4592acd4ac4a50029684220"
 		score = 75
@@ -339403,11 +339991,11 @@ rule SIGNATURE_BASE_Installer
 		description = "Webshells Auto-generated - file installer.cmd"
 		author = "Florian Roth (Nextron Systems)"
 		id = "681d8284-55e5-5316-a0d2-f4f13218df76"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7867-L7879"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7867-L7879"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a507919ae701cf7e42fa441d3ad95f8f"
 		logic_hash = "73c1032313155ceb752fe2f94c8d242833127fe0443d7e3044fa1de2b2b7742b"
 		score = 75
@@ -339428,11 +340016,11 @@ rule SIGNATURE_BASE_FSO_S_Remview_2
 		description = "Webshells Auto-generated - file remview.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "8e0492e8-d683-5c2d-b1ce-6c8344b874af"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7880-L7892"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7880-L7892"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b4a09911a5b23e00b55abe546ded691c"
 		logic_hash = "0a682431f7044e9a49c8dd4842a22c521e2a07d5df045b0a12449e3b3206716b"
 		score = 75
@@ -339453,11 +340041,11 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_R57
 		description = "Webshells Auto-generated - file r57.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "14092413-27a4-5b7d-9023-0b53b3d45a12"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7893-L7904"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7893-L7904"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "903908b77a266b855262cdbce81c3f72"
 		logic_hash = "8d0f3b2009594d4aa413c4794dca12e3c66a19974cc6d0b47cc3f5e2572a4c57"
 		score = 75
@@ -339477,11 +340065,11 @@ rule SIGNATURE_BASE_Hytop2006_Rar_Folder_2006X
 		description = "Webshells Auto-generated - file 2006X.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "bda89055-27f5-50b7-86a3-2c75a5f3eadc"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7905-L7917"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7905-L7917"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cf3ee0d869dd36e775dfcaa788db8e4b"
 		logic_hash = "b71cf90900c7eae4caef57564292ca497a2c6c77e3de2994ba9e4cecae7f2697"
 		score = 75
@@ -339502,11 +340090,11 @@ rule SIGNATURE_BASE_FSO_S_Phvayv_2
 		description = "Webshells Auto-generated - file phvayv.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "8bd52f9b-a232-566d-90ab-4085933cdc65"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7918-L7929"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7918-L7929"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "205ecda66c443083403efb1e5c7f7878"
 		logic_hash = "11418a11692412ccb309983bdadd9bda2b27b692c3282eb0386094e76c7ba1e0"
 		score = 75
@@ -339526,11 +340114,11 @@ rule SIGNATURE_BASE_Elmaliseker
 		description = "Webshells Auto-generated - file elmaliseker.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "7ecf3d5c-be91-579e-905b-5f2ad03a0e42"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7930-L7942"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7930-L7942"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ccf48af0c8c09bbd038e610a49c9862e"
 		logic_hash = "54c0b8e74a9b10fe54901c0595600af1dfc54abd3f710fc20ca87ca92236bb49"
 		score = 75
@@ -339551,11 +340139,11 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Resolve
 		description = "Webshells Auto-generated - file resolve.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "dcdb9952-63fc-57a7-ae17-ffe8ac4271f1"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7943-L7960"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7943-L7960"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "69bf9aa296238610a0e05f99b5540297"
 		logic_hash = "39d8ac274e94f13b5eb197be5827a95ac09df70793bd584c96b81983a565c1ce"
 		score = 75
@@ -339581,11 +340169,11 @@ rule SIGNATURE_BASE_FSO_S_Remexp
 		description = "Webshells Auto-generated - file RemExp.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "48a262bf-7f48-5ed9-b043-80e9d563bf21"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7961-L7974"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7961-L7974"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b69670ecdbb40012c73686cd22696eeb"
 		logic_hash = "b9b966a89ab097494d7af90775bf124f1310c77145be67fa57ebdacd0164e3d0"
 		score = 75
@@ -339607,11 +340195,11 @@ rule SIGNATURE_BASE_FSO_S_Tool
 		description = "Webshells Auto-generated - file tool.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "ed744aa4-7a35-57d6-89bd-3286a21b50a0"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7975-L7986"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7975-L7986"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3a1e1e889fdd974a130a6a767b42655b"
 		logic_hash = "a3449aca3124aa4d920d78e5e674ddd9d8a181b0ce0143032352a69dfdbcad2d"
 		score = 75
@@ -339631,11 +340219,11 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_2005
 		description = "Webshells Auto-generated - file 2005.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "91d278d5-e9ec-5a28-9a54-4549b4f0cd07"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L7987-L7999"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L7987-L7999"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "97f2552c2fafc0b2eb467ee29cc803c8"
 		logic_hash = "4d04174b23c9057acf2618c01cd702eaaec2d3508a8c25dd87fdd320c076a3b1"
 		score = 75
@@ -339656,11 +340244,11 @@ rule SIGNATURE_BASE_Byloader
 		description = "Webshells Auto-generated - file byloader.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "24940e4b-06eb-548d-9e14-1a8f9c864bd3"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8000-L8015"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8000-L8015"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0f0d6dc26055653f5844ded906ce52df"
 		logic_hash = "66c900e4bc771fb23d7623e57ad51edaa95696c2e31554720582f3e33a1b2e25"
 		score = 75
@@ -339684,11 +340272,11 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Fport
 		description = "Webshells Auto-generated - file Fport.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "664e7b19-4d0b-5062-97d2-0eb34869024d"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8016-L8028"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8016-L8028"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dbb75488aa2fa22ba6950aead1ef30d5"
 		logic_hash = "b9dc66e249c0577839cc3748f129c343d2ccb7327b92a2a67e4467782d10a25e"
 		score = 75
@@ -339709,11 +340297,11 @@ rule SIGNATURE_BASE_Backdoor__Fr_
 		description = "Webshells Auto-generated - file BackDooR (fr).php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "fd0c77e8-18b7-5eb4-8ed4-87ee4c864683"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8029-L8040"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8029-L8040"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a79cac2cf86e073a832aaf29a664f4be"
 		logic_hash = "6c16c200712015eed71aeb119e46bad5f93445a8f719d98ef31f9012cb3551ae"
 		score = 75
@@ -339733,11 +340321,11 @@ rule SIGNATURE_BASE_FSO_S_Ntdaddy
 		description = "Webshells Auto-generated - file ntdaddy.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "b6b655b8-7bce-5fa5-97b7-a020a7e53f4f"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8041-L8052"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8041-L8052"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f6262f3ad9f73b8d3e7d9ea5ec07a357"
 		logic_hash = "4df6f53ee9bfc0214e69dd858878026e962b90573ed48a5ffdd5523538e8f3bf"
 		score = 75
@@ -339757,11 +340345,11 @@ rule SIGNATURE_BASE_Nstview_Nstview
 		description = "Webshells Auto-generated - file nstview.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "00df601c-bddb-5da8-bef4-d2122419b5d0"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8053-L8064"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8053-L8064"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3871888a0c1ac4270104918231029a56"
 		logic_hash = "2b25e22d86a672af0b8957f1b0336ed80e09f3389f5045c230af2372db0e3415"
 		score = 75
@@ -339781,11 +340369,11 @@ rule SIGNATURE_BASE_Hytop_Devpack_Upload
 		description = "Webshells Auto-generated - file upload.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "43054993-b0dd-5d2e-9890-db1f47759be5"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8065-L8076"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8065-L8076"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b09852bda534627949f0259828c967de"
 		logic_hash = "312020a72a37adb0111ac6d61810c8e476be39dc6456e80e83cd6a680e8ea051"
 		score = 75
@@ -339805,11 +340393,11 @@ rule SIGNATURE_BASE_Passwordreminder
 		description = "Webshells Auto-generated - file PasswordReminder.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "642033ee-4454-5913-8348-4d1579fc0bd8"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8077-L8088"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8077-L8088"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ea49d754dc609e8bfa4c0f95d14ef9bf"
 		logic_hash = "f3da5381f5e352c541654d2af918ca8cea8049d137078670dd0538a4d13f676e"
 		score = 75
@@ -339829,11 +340417,11 @@ rule SIGNATURE_BASE_Pack_Injectt
 		description = "Webshells Auto-generated - file InjectT.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "3a640c22-0cd4-5ab1-9216-c68625d7d505"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8089-L8104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8089-L8104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "983b74ccd57f6195a0584cdfb27d55e8"
 		logic_hash = "9f66b7b429ed585888c0fb4943bb12262247b3af8d85bc67309b27752171e66a"
 		score = 75
@@ -339857,11 +340445,11 @@ rule SIGNATURE_BASE_FSO_S_Remexp_2
 		description = "Webshells Auto-generated - file RemExp.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "501544d5-fe52-5933-8782-516ffe18f3ff"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8105-L8117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8105-L8117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b69670ecdbb40012c73686cd22696eeb"
 		logic_hash = "e31e25a7c2b2e970a379a61d2dac335bd37cac48328eee9f3966ff5c77ef6f18"
 		score = 75
@@ -339882,11 +340470,11 @@ rule SIGNATURE_BASE_FSO_S_C99
 		description = "Webshells Auto-generated - file c99.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "0b176370-a5ab-587a-b0e9-ef4fe5c604bd"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8118-L8129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8118-L8129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5f9ba02eb081bba2b2434c603af454d0"
 		logic_hash = "de769299bbd8b895b84db757fcc037b807f7caaa624c06e9d330934a968b2381"
 		score = 75
@@ -339906,11 +340494,11 @@ rule SIGNATURE_BASE_Rknt_Zip_Folder_Rknt
 		description = "Webshells Auto-generated - file RkNT.dll"
 		author = "Florian Roth (Nextron Systems)"
 		id = "a58a3b33-8096-535a-b930-2eb71347edb8"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8130-L8147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8130-L8147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5f97386dfde148942b7584aeb6512b85"
 		logic_hash = "59de8a40a7081ee5fbea9f413590237c1da9985f2352b32571529baf38c93ddb"
 		score = 75
@@ -339936,11 +340524,11 @@ rule SIGNATURE_BASE_Dbgntboot
 		description = "Webshells Auto-generated - file dbgntboot.dll"
 		author = "Florian Roth (Nextron Systems)"
 		id = "6b9381e6-597d-5e74-a318-9931d20a9d08"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8148-L8160"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8148-L8160"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4d87543d4d7f73c1529c9f8066b475ab"
 		logic_hash = "10f86f18aff4995928efb3c8000eca166fe37e6006de7938139cad718ff7653f"
 		score = 75
@@ -339961,11 +340549,11 @@ rule SIGNATURE_BASE_PHP_Shell
 		description = "Webshells Auto-generated - file shell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "08dff4db-3b1c-5702-a8c9-efaedf83c4ff"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8161-L8173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8161-L8173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "45e8a00567f8a34ab1cccc86b4bc74b9"
 		logic_hash = "a62061b2fa851f5798158198e26f188408f3f37dca69a85ca155777c0b8407ee"
 		score = 75
@@ -339986,11 +340574,11 @@ rule SIGNATURE_BASE_Hxdef100
 		description = "Webshells Auto-generated - file hxdef100.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "fb376c18-02d2-5866-a0e2-ccb5262091dd"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8174-L8187"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8174-L8187"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "55cc1769cef44910bd91b7b73dee1f6c"
 		logic_hash = "a2002dcddad7ffdbe9614723163016f9357347bb704640d3933ce4513c37d474"
 		score = 75
@@ -340012,11 +340600,11 @@ rule SIGNATURE_BASE_Rdrbs100
 		description = "Webshells Auto-generated - file rdrbs100.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "369e5ce0-984c-54eb-96d4-fbfb4f932ba6"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8188-L8200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8188-L8200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7c752bcd6da796d80a6830c61a632bff"
 		logic_hash = "8a427ef9e0ecd0c810913203aaef43647964f33658dfdca8195fce6f0545f8f4"
 		score = 75
@@ -340037,11 +340625,11 @@ rule SIGNATURE_BASE_Mithril_Mithril
 		description = "Webshells Auto-generated - file Mithril.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "81645f57-7d7e-5b4d-b323-744f2cde4916"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8201-L8219"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8201-L8219"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "017191562d72ab0ca551eb89256650bd"
 		logic_hash = "5d19eb4132a0401d226c9cffc927b2838e9c69428746296b55a488d097759587"
 		score = 75
@@ -340068,11 +340656,11 @@ rule SIGNATURE_BASE_Hxdef100_2
 		description = "Webshells Auto-generated - file hxdef100.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "1f079b73-29de-50cf-868c-1639a43e576f"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8220-L8233"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8220-L8233"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1b393e2e13b9c57fb501b7cd7ad96b25"
 		logic_hash = "d44131f6c1bfdc36079f474832a79a361dfad96d1b84f7004d682150c93eccc5"
 		score = 75
@@ -340094,11 +340682,11 @@ rule SIGNATURE_BASE_Release_Dlltest
 		description = "Webshells Auto-generated - file dllTest.dll"
 		author = "Florian Roth (Nextron Systems)"
 		id = "af821252-8409-5572-9014-59e8c5feaacd"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8234-L8254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8234-L8254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "76a59fc3242a2819307bb9d593bef2e0"
 		logic_hash = "ba759ae1bbde357085b2b2dfda0780b5a239a44b4e999244e8eceed246090ce3"
 		score = 50
@@ -340127,11 +340715,11 @@ rule SIGNATURE_BASE_Webadmin
 		description = "Webshells Auto-generated - file webadmin.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "615d87f8-9094-5994-aea1-d7276623fbca"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8255-L8266"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8255-L8266"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3a90de401b30e5b590362ba2dde30937"
 		logic_hash = "6e215c3d8b8357b839416ee6951f7739387bb94aa1284ea7e827ae2205221294"
 		score = 75
@@ -340151,11 +340739,11 @@ rule SIGNATURE_BASE_Commands
 		description = "Webshells Auto-generated - file commands.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "7cffefc7-4f24-5908-82a4-f11eda398377"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8267-L8279"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8267-L8279"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "174486fe844cb388e2ae3494ac2d1ec2"
 		logic_hash = "5251ee090934c8f99a8a2ffef2605593943306937dc56a135a47f1da7e732587"
 		score = 75
@@ -340176,11 +340764,11 @@ rule SIGNATURE_BASE_Hkdoordll
 		description = "Webshells Auto-generated - file hkdoordll.dll"
 		author = "Florian Roth (Nextron Systems)"
 		id = "c4cfb575-89c3-5a72-8bf5-234d4284fe9d"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8280-L8291"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8280-L8291"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b715c009d47686c0e62d0981efce2552"
 		logic_hash = "a3c4d262b59cdf82390c0457810505e9e7a18c9b26ba4524bc368fd2141ec306"
 		score = 75
@@ -340200,11 +340788,11 @@ rule SIGNATURE_BASE_R57Shell_2
 		description = "Webshells Auto-generated - file r57shell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "d3a3fe11-c9e1-523b-88a3-ddc0c1085d04"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8292-L8303"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8292-L8303"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8023394542cddf8aee5dec6072ed02b5"
 		logic_hash = "5319426928d33b62527efb561c2b7a226a5a473735f501b267e6b3b174972085"
 		score = 75
@@ -340224,11 +340812,11 @@ rule SIGNATURE_BASE_Mithril_V1_45_Dlltest
 		description = "Webshells Auto-generated - file dllTest.dll"
 		author = "Florian Roth (Nextron Systems)"
 		id = "2aea84b6-1b51-58cd-b52b-c31b1f75d295"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8304-L8317"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8304-L8317"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1b9e518aaa62b15079ff6edb412b21e9"
 		logic_hash = "cf1e2ca39ae6b726792bbbaf0f1dd90788a4bb9ba5e3d50c22d75f2b3d4e9e7d"
 		score = 50
@@ -340250,11 +340838,11 @@ rule SIGNATURE_BASE_Dbgiis6Cli
 		description = "Webshells Auto-generated - file dbgiis6cli.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "2bc59a6b-f45c-5e68-a346-ac56e8f2757b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8318-L8330"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8318-L8330"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3044dceb632b636563f66fee3aaaf8f3"
 		logic_hash = "f6de3c9b8fbcca230540d1b41659ab02c9548df69f53fa9d5730ac7bb7dfe88a"
 		score = 75
@@ -340275,11 +340863,11 @@ rule SIGNATURE_BASE_Remview_2003_04_22
 		description = "Webshells Auto-generated - file remview_2003_04_22.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "3088ee27-42a3-5140-98de-ab6f87c7748b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8331-L8342"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8331-L8342"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "17d3e4e39fbca857344a7650f7ea55e3"
 		logic_hash = "2957f6ec7a022ac04759724276f6928625708346903597b0765b5e81207fc6b9"
 		score = 75
@@ -340299,11 +340887,11 @@ rule SIGNATURE_BASE_FSO_S_Test
 		description = "Webshells Auto-generated - file test.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "b0cc5a2a-c741-50dd-854f-5a43769e8f47"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8343-L8355"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8343-L8355"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "82cf7b48da8286e644f575b039a99c26"
 		logic_hash = "62613bead716717f116290b1c9eca9aa63eadd280050811e30a54e5d186af2fc"
 		score = 50
@@ -340324,11 +340912,11 @@ rule SIGNATURE_BASE_Debug_Cress
 		description = "Webshells Auto-generated - file cress.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "6cf3e43c-bec1-5688-b1d7-8ac48d59153a"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8356-L8368"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8356-L8368"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "36a416186fe010574c9be68002a7286a"
 		logic_hash = "670e236e72d3cb52ea5dba865749baee58a70f8d100db1dd8eddfe3183339181"
 		score = 75
@@ -340349,11 +340937,11 @@ rule SIGNATURE_BASE_Webshell
 		description = "Webshells Auto-generated - file webshell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "393e738a-b4c2-5630-a55f-c3caee4ff75e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8369-L8384"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8369-L8384"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f2f8c02921f29368234bfb4d4622ad19"
 		logic_hash = "e3fdce426d2f6e88d8e9412a3026ea05d027af934763eafe0188602458c2289d"
 		score = 75
@@ -340377,11 +340965,11 @@ rule SIGNATURE_BASE_FSO_S_EFSO_2
 		description = "Webshells Auto-generated - file EFSO_2.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "e88d324c-1dee-5b07-b528-cf760e3ee7a6"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8385-L8397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8385-L8397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a341270f9ebd01320a7490c12cb2e64c"
 		logic_hash = "462c713e5d4fb6d0db91b14bfacdca73f780559ba2dad80988c356ee1a3d369d"
 		score = 75
@@ -340402,11 +340990,11 @@ rule SIGNATURE_BASE_Thelast_Index3
 		description = "Webshells Auto-generated - file index3.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "41310217-b9a7-5360-80c4-7d0a3969f848"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8398-L8409"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8398-L8409"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cceff6dc247aaa25512bad22120a14b4"
 		logic_hash = "3700141ca2cf53f49618e2d4cab8866efccdce843921f1733b3d6260b8feea68"
 		score = 75
@@ -340426,11 +341014,11 @@ rule SIGNATURE_BASE_Adjustcr
 		description = "Webshells Auto-generated - file adjustcr.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "4b3d9409-60e8-502a-b37b-1e06d57c9b0b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8410-L8424"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8410-L8424"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "17037fa684ef4c90a25ec5674dac2eb6"
 		logic_hash = "d2a86083ff5cb34a0453f812e2d316c63342e529f00099a8869fa7e0a43321ef"
 		score = 75
@@ -340453,11 +341041,11 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_Xishell
 		description = "Webshells Auto-generated - file xIShell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "32a32a9a-8d5f-5b3f-8ff4-560555f0ae1e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8425-L8436"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8425-L8436"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "997c8437c0621b4b753a546a53a88674"
 		logic_hash = "13393bc72477ab9a4ebc16b409de8ed73e086cc41f25f34315d11401b63c2471"
 		score = 75
@@ -340477,11 +341065,11 @@ rule SIGNATURE_BASE_Hytop_Apppack_2005
 		description = "Webshells Auto-generated - file 2005.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "67c86d16-a962-5502-8c39-0a6e3dc04031"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8437-L8448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8437-L8448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "63d9fd24fa4d22a41fc5522fc7050f9f"
 		logic_hash = "0de4800291132efca24b40bebcc895d6873110214c8cbf8384317208e0d9db82"
 		score = 75
@@ -340501,11 +341089,11 @@ rule SIGNATURE_BASE_Xssshell
 		description = "Webshells Auto-generated - file xssshell.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "ef89653c-5814-525a-b04e-4326a80f780c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8449-L8460"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8449-L8460"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8fc0ffc5e5fbe85f7706ffc45b3f79b4"
 		logic_hash = "6b0e602b523f58ec61850b4ba2e69da4fe4bf2833fb45e529785a398445db127"
 		score = 75
@@ -340525,11 +341113,11 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_Usr
 		description = "Webshells Auto-generated - file usr.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "ab1825fe-96aa-5d97-acd6-eac43a12b237"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8461-L8472"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8461-L8472"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ade3357520325af50c9098dc8a21a024"
 		logic_hash = "f5fd4a4c1b531b23b09505d302dc27d7ba2eb733fcf313c04ba9085b090f7cbe"
 		score = 75
@@ -340549,11 +341137,11 @@ rule SIGNATURE_BASE_FSO_S_Phpinj
 		description = "Webshells Auto-generated - file phpinj.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "5d84d518-0e18-517f-890b-e296ac265c50"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8473-L8484"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8473-L8484"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dd39d17e9baca0363cc1c3664e608929"
 		logic_hash = "de4ac200f5426ec4c6fef21d5fbc37281811569a3e71a9bcb6fa51d13eb600a4"
 		score = 75
@@ -340573,11 +341161,11 @@ rule SIGNATURE_BASE_Xssshell_Db
 		description = "Webshells Auto-generated - file db.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "94bb2297-95a2-5442-bb16-fb079a29606e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8485-L8496"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8485-L8496"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cb62e2ec40addd4b9930a9e270f5b318"
 		logic_hash = "3fdbaa17c12abef8576bf859065d90f4b6e80c187af734b71b26a1bd5d073e86"
 		score = 75
@@ -340597,11 +341185,11 @@ rule SIGNATURE_BASE_PHP_Sh
 		description = "Webshells Auto-generated - file sh.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "08dff4db-3b1c-5702-a8c9-efaedf83c4ff"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8497-L8508"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8497-L8508"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1e9e879d49eb0634871e9b36f99fe528"
 		logic_hash = "da0b572f116cc5c55e8d7469f222896d602d09be4761a0e2139fc8ce67ac4050"
 		score = 75
@@ -340621,11 +341209,11 @@ rule SIGNATURE_BASE_Xssshell_Default
 		description = "Webshells Auto-generated - file default.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "1c221572-4cb5-5806-a856-0f857dba230a"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8509-L8520"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8509-L8520"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d156782ae5e0b3724de3227b42fcaf2f"
 		logic_hash = "6a8772a8a6399c3266abcc22a3c55eda70ec9703346398f5f1768bbd35974f8c"
 		score = 75
@@ -340645,11 +341233,11 @@ rule SIGNATURE_BASE_Editserver_2
 		description = "Webshells Auto-generated - file EditServer.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "bd254bd9-fd23-5807-9347-2a559089b7c5"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8521-L8534"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8521-L8534"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5c1f25a4d206c83cdfb006b3eb4c09ba"
 		logic_hash = "c581936928ce0f1061feb5665c743f14f12a9f875e360f40cc064f3047b23adf"
 		score = 75
@@ -340671,11 +341259,11 @@ rule SIGNATURE_BASE_By064Cli
 		description = "Webshells Auto-generated - file by064cli.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "9ea88f0c-9275-5567-a4d9-0545de8044d1"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8535-L8547"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8535-L8547"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "10e0dff366968b770ae929505d2a9885"
 		logic_hash = "51efd5c510efc6657ae175af47b09437ae70eb0237d88ffdf3cdae365d0ec7be"
 		score = 75
@@ -340696,11 +341284,11 @@ rule SIGNATURE_BASE_Mithril_Dlltest
 		description = "Webshells Auto-generated - file dllTest.dll"
 		author = "Florian Roth (Nextron Systems)"
 		id = "59a6bfb6-c099-56cd-b40e-3e92ea0eb7d3"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8548-L8560"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8548-L8560"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a8d25d794d8f08cd4de0c3d6bf389e6d"
 		logic_hash = "c8c8d1b75ed4eb4bc66a762e53aa6b3ab439e96ef464a8b9ffa4dff887986465"
 		score = 50
@@ -340721,11 +341309,11 @@ rule SIGNATURE_BASE_Peek_A_Boo
 		description = "Webshells Auto-generated - file peek-a-boo.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "f6ca33b5-e37f-5124-a193-a3056c559314"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8561-L8577"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8561-L8577"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "aca339f60d41fdcba83773be5d646776"
 		logic_hash = "b103c1b873dd0df9626d72a1127fbadc821777a05012a080423263a2083c398b"
 		score = 75
@@ -340750,11 +341338,11 @@ rule SIGNATURE_BASE_Fmlibraryv3
 		description = "Webshells Auto-generated - file fmlibraryv3.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "9b8ef79d-80bb-5a05-91e6-0f2bc3fd3068"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8578-L8589"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8578-L8589"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c34c248fed6d5a20d8203924a2088acc"
 		logic_hash = "a7dc83db26cdda757f626c42022c17bb2764074a3cc5f87b4a3aaa991fac5dc2"
 		score = 75
@@ -340774,11 +341362,11 @@ rule SIGNATURE_BASE_Debug_Dlltest_2
 		description = "Webshells Auto-generated - file dllTest.dll"
 		author = "Florian Roth (Nextron Systems)"
 		id = "cf81e3de-513c-584d-bc37-6504e91b170c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8590-L8602"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8590-L8602"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1b9e518aaa62b15079ff6edb412b21e9"
 		logic_hash = "bf260ce0f8d4728920679573cd77927b44db28ba6102923707af8d1ad7d0ef2d"
 		score = 50
@@ -340799,11 +341387,11 @@ rule SIGNATURE_BASE_Connector
 		description = "Webshells Auto-generated - file connector.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "e46026bc-c570-5057-a132-5a459c959a69"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8603-L8615"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8603-L8615"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3ba1827fca7be37c8296cd60be9dc884"
 		logic_hash = "b8cadb7aa23a8cdef10e7b1eb05586d6c3e7c398958a80861b6f1ccd4edf1eca"
 		score = 75
@@ -340824,11 +341412,11 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Hiderun
 		description = "Webshells Auto-generated - file HideRun.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "dd71dbef-5b5d-5976-8b95-0f202a4b4795"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8616-L8628"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8616-L8628"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "45436d9bfd8ff94b71eeaeb280025afe"
 		logic_hash = "3a6dea2314800b28e92b59595c8b79c64e66dc66ebfa8f89c2f4028b574b9a91"
 		score = 75
@@ -340849,11 +341437,11 @@ rule SIGNATURE_BASE_PHP_Shell_V1_7
 		description = "Webshells Auto-generated - file PHP_Shell_v1.7.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "7eb69ac3-90bb-5a44-8dcd-e71f5edcf18f"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8629-L8640"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8629-L8640"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b5978501c7112584532b4ca6fb77cba5"
 		logic_hash = "e03904177309de9ce1afa0b12bf70913b106650c3db5807f9d4ccb91fb2ade77"
 		score = 75
@@ -340873,11 +341461,11 @@ rule SIGNATURE_BASE_Xssshell_Save
 		description = "Webshells Auto-generated - file save.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "f33c7559-e2f7-5223-a0e9-4e1d3bc7f080"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8641-L8653"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8641-L8653"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "865da1b3974e940936fe38e8e1964980"
 		logic_hash = "c53034c6ebc4f01c4573e688f548e71dae944913797b12eb8f22a5ef0a368ccf"
 		score = 75
@@ -340898,11 +341486,11 @@ rule SIGNATURE_BASE_Screencap
 		description = "Webshells Auto-generated - file screencap.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "0c1b71d3-ad54-5230-b1ab-971647e76139"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8654-L8667"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8654-L8667"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "51139091dea7a9418a50f2712ea72aa6"
 		logic_hash = "9be7ec97ef8e9b8838f7931a8fcf8d85b1543a202a7bf34fab9791fc47889cb9"
 		score = 75
@@ -340924,11 +341512,11 @@ rule SIGNATURE_BASE_FSO_S_Phpinj_2
 		description = "Webshells Auto-generated - file phpinj.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "db8f835e-eb13-50f3-a60b-7d8ffcaa5eaa"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8668-L8679"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8668-L8679"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dd39d17e9baca0363cc1c3664e608929"
 		logic_hash = "12af5182b94f01ac4fbdee92c007556aaa7f196aca116575803cedd84b81f3b0"
 		score = 75
@@ -340948,11 +341536,11 @@ rule SIGNATURE_BASE_Zxshell2_0_Rar_Folder_Zxrecv
 		description = "Webshells Auto-generated - file zxrecv.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "9d36541f-dd55-5385-8e2b-598ad78bdf73"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8680-L8697"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8680-L8697"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5d3d12a39f41d51341ef4cb7ce69d30f"
 		logic_hash = "7eef63e45f6902e4f2d5f854b2794df3101a2ef145e2d627263db429c2b728d7"
 		score = 75
@@ -340978,11 +341566,11 @@ rule SIGNATURE_BASE_FSO_S_Ajan
 		description = "Webshells Auto-generated - file ajan.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "03bf98b9-c8c5-5b9f-b0cd-700c5ed58eac"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8698-L8709"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8698-L8709"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "22194f8c44524f80254e1b5aec67b03e"
 		logic_hash = "a7766caae5845ce43cff2212c25fea9a78979d10c79d8c40290b5c1471b101cd"
 		score = 75
@@ -341002,11 +341590,11 @@ rule SIGNATURE_BASE_C99Shell
 		description = "Webshells Auto-generated - file c99shell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "ce88027c-ae08-59f3-948d-6f3d58515468"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8710-L8721"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8710-L8721"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "90b86a9c63e2cd346fe07cea23fbfc56"
 		logic_hash = "a0fcc43a80ac4d059aea36da8b4b5a81c99a54f7c66c521697805ae890d66fe8"
 		score = 75
@@ -341026,11 +341614,11 @@ rule SIGNATURE_BASE_Phpspy_2005_Full
 		description = "Webshells Auto-generated - file phpspy_2005_full.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "41a0560a-b22e-5028-8ad1-710c5758cb1d"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8722-L8733"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8722-L8733"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d1c69bb152645438440e6c903bac16b2"
 		logic_hash = "8561161726a49374a9bc3389fef593e5d68dc437552e06736a235412183bef45"
 		score = 75
@@ -341050,11 +341638,11 @@ rule SIGNATURE_BASE_FSO_S_Zehir4_2
 		description = "Webshells Auto-generated - file zehir4.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "7de89d22-0230-508a-ac50-f61730ad9f4e"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8734-L8745"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8734-L8745"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5b496a61363d304532bcf52ee21f5d55"
 		logic_hash = "bb10f2e28bb375366b9140c06bb242cd13fdb69e67ce72ecae0e50270566f116"
 		score = 75
@@ -341074,11 +341662,11 @@ rule SIGNATURE_BASE_FSO_S_Indexer_2
 		description = "Webshells Auto-generated - file indexer.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "8ef79a60-fa8c-51ee-bd87-f5467a66099b"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8746-L8757"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8746-L8757"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "135fc50f85228691b401848caef3be9e"
 		logic_hash = "8cf4c8fb1e985adbed2cf20578fcfc14240f6d9fe6062bbe3fe2f895f58bc172"
 		score = 75
@@ -341098,11 +341686,11 @@ rule SIGNATURE_BASE_Hytop_Devpack_2005
 		description = "Webshells Auto-generated - file 2005.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "963effd9-f31d-5238-9419-b5dd11822e56"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8758-L8771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8758-L8771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "63d9fd24fa4d22a41fc5522fc7050f9f"
 		logic_hash = "b312cddff4c5292cc51acc39448c815fede3c9356d7d225c3a08c7124712b3f8"
 		score = 75
@@ -341124,11 +341712,11 @@ rule SIGNATURE_BASE__Root_040_Zip_Folder_Deploy
 		description = "Webshells Auto-generated - file deploy.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "7e592ab2-8a53-59d5-a45d-971398586479"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8772-L8785"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8772-L8785"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2c9f9c58999256c73a5ebdb10a9be269"
 		logic_hash = "9852b105e6a28f5500fc6739b196dd14b9b0b69b1077be4063735380b0699abb"
 		score = 75
@@ -341149,11 +341737,11 @@ rule SIGNATURE_BASE_By063Cli
 		description = "Webshells Auto-generated - file by063cli.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "9b4a4842-e084-53e8-90fb-603ba034b7df"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8786-L8798"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8786-L8798"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "49ce26eb97fd13b6d92a5e5d169db859"
 		logic_hash = "c89159b73232bc8fd7430b3330009f4b3eb25b9511515bc9b4cd433f7a67f30e"
 		score = 75
@@ -341174,11 +341762,11 @@ rule SIGNATURE_BASE_Icyfox007V1_10_Rar_Folder_Asp
 		description = "Webshells Auto-generated - file asp.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "52150b6a-2f60-5e6b-86d1-61bc0aeb4fa8"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8799-L8810"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8799-L8810"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2c412400b146b7b98d6e7755f7159bb9"
 		logic_hash = "3cc36668f0a2a6807b59c7da0b6e504b519a616ab63fb9f606eba5dc4a9e7e2f"
 		score = 75
@@ -341198,11 +341786,11 @@ rule SIGNATURE_BASE_Byshell063_Ntboot_2
 		description = "Webshells Auto-generated - file ntboot.dll"
 		author = "Florian Roth (Nextron Systems)"
 		id = "9bcb401d-619b-54b8-be51-f0e3b6eb096c"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8812-L8823"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8812-L8823"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cb9eb5a6ff327f4d6c46aacbbe9dda9d"
 		logic_hash = "25df29000bb410c0ba1fec78920124f6eedbc2585541536239522d2b116270ab"
 		score = 75
@@ -341222,11 +341810,11 @@ rule SIGNATURE_BASE_U_Uay
 		description = "Webshells Auto-generated - file uay.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "6a670e19-6e53-5b13-aabf-fe74d48b9113"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8824-L8836"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8824-L8836"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "abbc7b31a24475e4c5d82fc4c2b8c7c4"
 		logic_hash = "45e8938ce34fd5a253cee3867aa8c4429c6bf3fcc91098ed9df3f95656bc5f8f"
 		score = 75
@@ -341247,11 +341835,11 @@ rule SIGNATURE_BASE_Bin_Wuaus
 		description = "Webshells Auto-generated - file wuaus.dll"
 		author = "Florian Roth (Nextron Systems)"
 		id = "50b5323b-d8d1-5350-bf93-8dde3d11fd87"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8837-L8853"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8837-L8853"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "46a365992bec7377b48a2263c49e4e7d"
 		logic_hash = "0509ca39662430c3ababf65ca3a6e9af95250163980829d90eddf5341168c864"
 		score = 75
@@ -341276,11 +341864,11 @@ rule SIGNATURE_BASE_Pwreveal
 		description = "Webshells Auto-generated - file pwreveal.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "3d79dd13-9012-56e2-b42a-e6b3e204c601"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8854-L8868"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8854-L8868"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b4e8447826a45b76ca45ba151a97ad50"
 		logic_hash = "01c9582897c65e608d49a151fe9ade97b9a031d7d10f5fd4b4d0c2a3fd83e7b6"
 		score = 75
@@ -341303,11 +341891,11 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Xwhois
 		description = "Webshells Auto-generated - file xwhois.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "8f3b3bb2-5884-584a-8220-b6edbfebc8a3"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8869-L8883"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8869-L8883"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0bc98bd576c80d921a3460f8be8816b4"
 		logic_hash = "75ee56dae5fde75ae4dc4bba835a96016781b747f3cff0dc6d52e665463a6070"
 		score = 75
@@ -341330,11 +341918,11 @@ rule SIGNATURE_BASE_Vanquish_2
 		description = "Webshells Auto-generated - file vanquish.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "6736cad6-cba1-5b6f-ae05-e2b980280479"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8884-L8895"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8884-L8895"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2dcb9055785a2ee01567f52b5a62b071"
 		logic_hash = "428dc4e6d8bcc888e6f99f69ee9f211aa029d3486b99b9716d09709dc391d9a2"
 		score = 75
@@ -341354,11 +341942,11 @@ rule SIGNATURE_BASE_Down_Rar_Folder_Down
 		description = "Webshells Auto-generated - file down.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "4e0a0e03-4f01-5b58-807c-0934cdda77ab"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8896-L8907"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8896-L8907"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "db47d7a12b3584a2e340567178886e71"
 		logic_hash = "bc666d6333d49a2b01553e1946fc304195193b9be92e26805474e64da61455da"
 		score = 75
@@ -341378,11 +341966,11 @@ rule SIGNATURE_BASE_Cmdshell
 		description = "Webshells Auto-generated - file cmdShell.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "be256fc4-8dc5-58e4-9ca2-5a1df936b8dd"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8908-L8919"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8908-L8919"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8a9fef43209b5d2d4b81dfbb45182036"
 		logic_hash = "5e7c7537b355b162d58b8bce570b1f94a8e6b479856685a245ffaed8f9482680"
 		score = 75
@@ -341402,11 +341990,11 @@ rule SIGNATURE_BASE_Zxshell2_0_Rar_Folder_Nc
 		description = "Webshells Auto-generated - file nc.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "106209fc-f957-5131-825b-8eb7835625e0"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8920-L8934"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8920-L8934"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2cd1bf15ae84c5f6917ddb128827ae8b"
 		logic_hash = "6106758aedb33f8983f387a58fcd815c47f793cd2a7ea3b0ebed13dd1d5b6e83"
 		score = 75
@@ -341429,11 +342017,11 @@ rule SIGNATURE_BASE_Portlessinst
 		description = "Webshells Auto-generated - file portlessinst.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "c641c522-7844-5002-8ae7-4aaf60d1337d"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8935-L8948"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8935-L8948"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "74213856fc61475443a91cd84e2a6c2f"
 		logic_hash = "72ca80de2ad2048d1fcbbffeebd0e4fd7d9d47d6736360674e6a85ef9943abe8"
 		score = 75
@@ -341455,11 +342043,11 @@ rule SIGNATURE_BASE_Setupbdoor
 		description = "Webshells Auto-generated - file SetupBDoor.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "055ff783-fa9f-5037-a3d6-88b58ec1612f"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8949-L8960"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8949-L8960"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "41f89e20398368e742eda4a3b45716b6"
 		logic_hash = "b4b6a0e4b9f8975d769d340a420af37dbc344d32c72447a8c56b05e985e6d806"
 		score = 75
@@ -341479,11 +342067,11 @@ rule SIGNATURE_BASE_Phpshell_3
 		description = "Webshells Auto-generated - file phpshell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "2f0ddfef-b3b5-592b-a9fb-fae4d825d0af"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8961-L8973"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8961-L8973"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e8693a2d4a2ffea4df03bb678df3dc6d"
 		logic_hash = "b86fa40fd7bbcae86926182882faa226530e44c20bc611b8433a7da7f012106c"
 		score = 75
@@ -341504,11 +342092,11 @@ rule SIGNATURE_BASE_BIN_Server
 		description = "Webshells Auto-generated - file Server.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "1625b0ee-5f9f-57d8-8333-f175f46d6c59"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8974-L8990"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8974-L8990"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1d5aa9cbf1429bb5b8bf600335916dcd"
 		logic_hash = "34f9d78e0f61717fae2945e7a833c2c6d59e28035ee95da2c5d32b4e196bc957"
 		score = 75
@@ -341533,11 +342121,11 @@ rule SIGNATURE_BASE_Hytop2006_Rar_Folder_2006
 		description = "Webshells Auto-generated - file 2006.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "bda89055-27f5-50b7-86a3-2c75a5f3eadc"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L8991-L9002"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L8991-L9002"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c19d6f4e069188f19b08fa94d44bc283"
 		logic_hash = "536232bbdd21bddb88eefe06a82927abcdd3ed10404c052957896960a6d10932"
 		score = 75
@@ -341557,11 +342145,11 @@ rule SIGNATURE_BASE_R57Shell_3
 		description = "Webshells Auto-generated - file r57shell.php"
 		author = "Florian Roth (Nextron Systems)"
 		id = "4129d77c-2981-587b-a83e-8767dc3a48d8"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9003-L9014"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9003-L9014"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "87995a49f275b6b75abe2521e03ac2c0"
 		logic_hash = "0fdca080c7ce57b7bd818a968840aebf3c5c74f188ed062fec794bfadb4e75b0"
 		score = 75
@@ -341581,11 +342169,11 @@ rule SIGNATURE_BASE_Hdconfig
 		description = "Webshells Auto-generated - file HDConfig.exe"
 		author = "Florian Roth (Nextron Systems)"
 		id = "6f743137-e85a-5298-b51e-c8792e507d28"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9015-L9030"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9015-L9030"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7d60e552fdca57642fd30462416347bd"
 		logic_hash = "9001f79db15548cf3ca931d0043d078db7d900ab26093afbf5cd44d0a85800f4"
 		score = 60
@@ -341609,11 +342197,11 @@ rule SIGNATURE_BASE_FSO_S_Ajan_2
 		description = "Webshells Auto-generated - file ajan.asp"
 		author = "Florian Roth (Nextron Systems)"
 		id = "a66c34ed-0ae2-5e04-bfc4-c82583c5e066"
-		date = "2025-07-07"
-		modified = "2025-07-07"
+		date = "2025-11-03"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9031-L9043"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9031-L9043"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "22194f8c44524f80254e1b5aec67b03e"
 		logic_hash = "0ac31ee735c94289932369dfba5b408cbf71cc23fd48ce3e09dc7ce640a0d733"
 		score = 75
@@ -341635,10 +342223,10 @@ rule SIGNATURE_BASE_Webshell_And_Exploit_CN_APT_HK : WEBSHELL
 		author = "Florian Roth (Nextron Systems)"
 		id = "eb37a22b-4e8a-5986-bd47-4ef5b4986f47"
 		date = "2014-10-10"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9045-L9060"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9045-L9060"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ec3f1e985585e1bf77a46e971a20cd127064a64467761a5a570548dd63ec57e2"
 		score = 50
 		quality = 85
@@ -341660,10 +342248,10 @@ rule SIGNATURE_BASE_JSP_Browser_APT_Webshell
 		author = "Florian Roth (Nextron Systems)"
 		id = "06988b5b-ec8b-5a10-b659-3e846057ea51"
 		date = "2014-10-10"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9062-L9076"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9062-L9076"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a352bf394f1b4f70218650758db39225a5a505656299405ccd077592d29480a7"
 		score = 60
 		quality = 85
@@ -341685,10 +342273,10 @@ rule SIGNATURE_BASE_JSP_Jfigueiredo_APT_Webshell
 		author = "Florian Roth (Nextron Systems)"
 		id = "b5080e43-44e2-54fa-b03a-057dc75d14db"
 		date = "2014-12-10"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "http://ceso.googlecode.com/svn/web/bko/filemanager/Browser.jsp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9078-L9091"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9078-L9091"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7efaca469d09ce7ecba4ed38cb0b07d1b9fc4f45172d2ffb6f5d3259c000fdc5"
 		score = 60
 		quality = 85
@@ -341708,10 +342296,10 @@ rule SIGNATURE_BASE_JSP_Jfigueiredo_APT_Webshell_2
 		author = "Florian Roth (Nextron Systems)"
 		id = "91575627-78c1-5ca1-8180-cc4004df88e8"
 		date = "2014-12-10"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "http://ceso.googlecode.com/svn/web/bko/filemanager/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9093-L9108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9093-L9108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f7fa5872d8eb4ba1d0b26d966d7650d70b1a10c56945d5a5340b8e1cb5d0f5f0"
 		score = 60
 		quality = 85
@@ -341733,10 +342321,10 @@ rule SIGNATURE_BASE_Webshell_Insomnia
 		author = "Florian Roth (Nextron Systems)"
 		id = "62ed3695-9ab8-54d4-a9d2-b6270c56ccfb"
 		date = "2014-12-09"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "http://www.darknet.org.uk/2014/12/insomniashell-asp-net-reverse-shell-bind-shell/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9110-L9131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9110-L9131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e0cfb2ffaa1491aeaf7d3b4ee840f72d42919d22"
 		logic_hash = "d170c60f94092a38ba4af92283debd059eef2e4c683fd7737ffd60d1a2581d9c"
 		score = 80
@@ -341764,10 +342352,10 @@ rule SIGNATURE_BASE_Hawkeye_PHP_Panel : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "1d185345-6684-538f-954a-45d57a618a7a"
 		date = "2014-12-14"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9133-L9148"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9133-L9148"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e29b6df4e3aa3892b10e68218320ac76cecb5a1bbe6c48f2276014b972cbbdd8"
 		score = 60
 		quality = 85
@@ -341790,10 +342378,10 @@ rule SIGNATURE_BASE_Soaksoak_Infected_Wordpress
 		author = "Florian Roth (Nextron Systems)"
 		id = "d147af65-72de-50be-9435-bef47eb4842a"
 		date = "2014-12-15"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "http://goo.gl/1GzWUX"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9150-L9165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9150-L9165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4cba18a0d14be2795d71a1973265a1742beda57636f64c1974001ecf70e3e91d"
 		score = 60
 		quality = 85
@@ -341815,10 +342403,10 @@ rule SIGNATURE_BASE_Pastebin_Webshell
 		author = "Florian Roth (Nextron Systems)"
 		id = "256051ed-da33-52b4-8bfb-ab990648d8fb"
 		date = "2015-01-13"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "http://goo.gl/7dbyZs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9167-L9189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9167-L9189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e71429e9280c37a90ee77be888ae743a86521d3632afc4eeec480b82a22a1445"
 		score = 70
 		quality = 85
@@ -341845,10 +342433,10 @@ rule SIGNATURE_BASE_Aspxspy2
 		author = "Florian Roth (Nextron Systems)"
 		id = "b68e0c98-0136-58d8-a2d6-57abccb1e942"
 		date = "2015-01-24"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9191-L9217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9191-L9217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5642387d92139bfe9ae11bfef6bfe0081dcea197"
 		logic_hash = "59c88f8e2542dcde4bf5123147ea2c1ca408925ca966f3f34a4692a3ba7a0935"
 		score = 75
@@ -341882,10 +342470,10 @@ rule SIGNATURE_BASE_Webshell_27_9_C66_C99 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "4b985ae7-1ae6-5976-9e8d-0d6b5faed75b"
 		date = "2016-01-11"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9228-L9253"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9228-L9253"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "71ae0a3843151a2eec913f62167b23cf9e0c759b18ebe0759174d3503fb23717"
 		score = 70
 		quality = 85
@@ -341917,10 +342505,10 @@ rule SIGNATURE_BASE_Webshell_Acid_Antisecshell_3 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "68d59f1e-ef35-586b-805d-1e6e3548d092"
 		date = "2016-01-11"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9255-L9287"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9255-L9287"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c8c3fcde7afdafe8ead59e24e432fdd4ccae99f96f67b4be3e5a9cd74ff9b2e7"
 		score = 70
 		quality = 85
@@ -341959,10 +342547,10 @@ rule SIGNATURE_BASE_Webshell_C99_4 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "d5035906-df17-5149-92ae-51e6ec05996e"
 		date = "2016-01-11"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9289-L9320"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9289-L9320"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa095d8da737e24a913eeadaca2882475366bf5cf0911dd9ff44aaa04871cc0f"
 		score = 70
 		quality = 85
@@ -342000,10 +342588,10 @@ rule SIGNATURE_BASE_Webshell_R57Shell_2 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "f2298430-1eff-5ed2-abee-3b26b36d16b7"
 		date = "2016-01-11"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9322-L9349"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9322-L9349"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2af51c3d181801b14d5dbb3107cd78cf7ab4a590b7967f231ec707b7ee03fa26"
 		score = 70
 		quality = 85
@@ -342037,10 +342625,10 @@ rule SIGNATURE_BASE_Webshell_27_9_Acid_C99_Locus7S : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "f5f33b64-b815-5e32-8d2e-5e455651ec5d"
 		date = "2016-01-11"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9351-L9373"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9351-L9373"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3005c09dfcb1f2e33a09ed73e28ef889c74e1f5daf619dd272e0b9b30cdb0f94"
 		score = 70
 		quality = 85
@@ -342069,10 +342657,10 @@ rule SIGNATURE_BASE_Webshell_Backdoor_PHP_Agent_R57_Mod_Bizzz_Shell_R57 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "00d3159c-f5d2-5b49-9499-3bb938776858"
 		date = "2016-01-11"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9375-L9400"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9375-L9400"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "51660ea25d1b2290c0ca30377dbf378cac8d7b7650603f1dbe5b7914c530d5cf"
 		score = 70
 		quality = 85
@@ -342104,10 +342692,10 @@ rule SIGNATURE_BASE_Webshell_C100 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "aa8317ff-680d-5b60-b8a9-a77ea58f0ed0"
 		date = "2016-01-11"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9402-L9426"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9402-L9426"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cc8c59f70f5ec6c89812b1597e9b864e358593ea5782e359cd483dee1a84b28b"
 		score = 70
 		quality = 85
@@ -342138,10 +342726,10 @@ rule SIGNATURE_BASE_Webshell_Acidpoison : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "6c201221-ca67-57fb-9bc7-fab4fc1da982"
 		date = "2016-01-11"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9428-L9451"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9428-L9451"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "31add38bcdc33d5e4b825bfa18ff1a47d5aa5aaeebd8e3adac533c471aa30629"
 		score = 70
 		quality = 85
@@ -342171,10 +342759,10 @@ rule SIGNATURE_BASE_Webshell_Acid_Fatalisticz_Fx_Fx_P0Ison_Sh3Ll_X0Rg_Byp4Ss_256
 		author = "Florian Roth (Nextron Systems)"
 		id = "80f7d202-adb8-5d9c-b176-576e3b9553c1"
 		date = "2016-01-11"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9453-L9472"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9453-L9472"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "07cd255247c9a77b1c9b6049a2b96632252ea9572880b10991c6797c14a05d48"
 		score = 70
 		quality = 85
@@ -342200,10 +342788,10 @@ rule SIGNATURE_BASE_Webshell_Ayyildiz : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "cc752958-eb6c-5185-b94c-5fcec833924d"
 		date = "2016-01-11"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9474-L9493"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9474-L9493"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8441b7d730e337e002eeb7ae8f489e405409ddbe62f45bbc9a74c935d1d9fe66"
 		score = 70
 		quality = 85
@@ -342229,10 +342817,10 @@ rule SIGNATURE_BASE_Webshell_Zehir : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "7f8f15a6-1c5b-5c75-b61a-df7b18699f5a"
 		date = "2016-01-11"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9495-L9514"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9495-L9514"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c8fda66ada3581d2471b322ae65032b68c69b882c29f7469dd2ed78800c9c5f7"
 		score = 70
 		quality = 85
@@ -342258,10 +342846,10 @@ rule SIGNATURE_BASE_Uploadshell_98038F1Efa4203432349Badabad76D44337319A6 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "f385b091-ce0d-5d5b-8eeb-57e00c8d0210"
 		date = "2016-09-10"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9525-L9540"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9525-L9540"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "68f0de84a387a9af1a32dd8d38c66b002e16e1c954a51e6bc307580180faedbf"
 		score = 75
 		quality = 85
@@ -342284,10 +342872,10 @@ rule SIGNATURE_BASE_Dkshell_F0772Be3C95802A2D1E7A4A3F5A45Dcdef6997F3 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "161ceca6-f5e8-5bcf-bc31-2a2169b1a1c7"
 		date = "2016-09-10"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9542-L9556"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9542-L9556"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "81b0a08d1b9d3640e656a5cd08b79c0a2f940a2db5c2d939d19509f993514e86"
 		score = 75
 		quality = 85
@@ -342309,10 +342897,10 @@ rule SIGNATURE_BASE_Unknown_8Af033424F9590A15472A23Cc3236E68070B952E : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "fcf467b6-f49a-52d0-a57f-9f3cf6d0b25b"
 		date = "2016-09-10"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9558-L9573"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9558-L9573"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d7dc9a2a5e0800b5061cb2101d7cda023a6e637f1e7b14054fdb6a0b2cec6084"
 		score = 75
 		quality = 85
@@ -342335,10 +342923,10 @@ rule SIGNATURE_BASE_Dkshell_4000Bd83451F0D8501A9Dfad60Dce39E55Ae167D : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "804f7229-1440-5a2e-91cd-a58a38b22aa9"
 		date = "2016-09-10"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9575-L9593"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9575-L9593"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "26d586e32d1b0b7800b4b61f592dadc3dd0583628e4cd3fa4e24e02067077da5"
 		score = 75
 		quality = 85
@@ -342363,10 +342951,10 @@ rule SIGNATURE_BASE_Webshell_5786D7D9F4B0Df731D79Ed927Fb5A124195Fc901 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "7958e5fc-5ac5-58bc-8128-0a778e99a4e4"
 		date = "2016-09-10"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9595-L9609"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9595-L9609"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "348ccdf997965fbea791d835f1dd4e2c16d37a17ff4195e585fa4226f18faad6"
 		score = 75
 		quality = 85
@@ -342388,10 +342976,10 @@ rule SIGNATURE_BASE_Webshell_E8Eaf8Da94012E866E51547Cd63Bb996379690Bf : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "8fda9b9f-9a72-5123-91d7-0d0aec9e17bc"
 		date = "2016-09-10"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9611-L9626"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9611-L9626"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "044491f0b07ef606aa76e70a07d161565f9cecf73e8f9f8db63cacc1c475b056"
 		score = 75
 		quality = 85
@@ -342414,10 +343002,10 @@ rule SIGNATURE_BASE_Unknown_0F06C5D1B32F4994C3B3Abf8Bb76D5468F105167 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "efd09da2-f232-5a21-99c8-dc2bf00baa73"
 		date = "2016-09-10"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9628-L9643"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9628-L9643"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6f4bdf8aecd527335c29a8e964c7d8688c3e77419595d3fd10a6cf3704711816"
 		score = 75
 		quality = 85
@@ -342440,10 +343028,10 @@ rule SIGNATURE_BASE_Wsoshell_0Bbebaf46F87718Caba581163D4Beed56Ddf73A7 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "92165645-5392-588d-ba2a-5ef6b7499a5a"
 		date = "2016-09-10"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9645-L9659"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9645-L9659"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bf5090fb909fea690c8a2af3cca35136eda3b9773976189158c25fb8877cc266"
 		score = 75
 		quality = 85
@@ -342465,10 +343053,10 @@ rule SIGNATURE_BASE_Webshell_Generic_1609_A : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "4b7db4db-8699-5b4d-ab90-ce79f1160984"
 		date = "2016-09-10"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9661-L9676"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9661-L9676"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e5a4bba3a7b1c712203fcc8b85e4089b0ff18a26e96f5a04529616dbfb9de651"
 		score = 75
 		quality = 85
@@ -342491,10 +343079,10 @@ rule SIGNATURE_BASE_Nishang_Webshell : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "785e6da7-097e-598b-9799-ffe43738d718"
 		date = "2016-09-11"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/samratashok/nishang"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9678-L9693"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9678-L9693"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b8a3c8e80a4e41e556e2d65df4126d84723ded6ca623302afc4cc328bded346c"
 		score = 75
 		quality = 85
@@ -342517,10 +343105,10 @@ rule SIGNATURE_BASE_PHP_Webshell_1_Feb17 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "eedf87c9-2dab-530d-b5d8-a4c2ebc87821"
 		date = "2017-02-28"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://isc.sans.edu/diary/Analysis+of+a+Simple+PHP+Backdoor/22127"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9705-L9726"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9705-L9726"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c8576b20ec3f81b3ef0aa5a508c94e07d591d68767cb4598ad10778b4305915d"
 		score = 75
 		quality = 85
@@ -342546,10 +343134,10 @@ rule SIGNATURE_BASE_Webshell_Tiny_JSP_2 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "b628c4f9-eb07-592d-834a-5c94e41987da"
 		date = "2015-12-05"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9728-L9740"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9728-L9740"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6fd514df9d53293a8cfd4b9c807f993558e39979592aa221f18cd76079c00fb7"
 		score = 100
 		quality = 85
@@ -342569,10 +343157,10 @@ rule SIGNATURE_BASE_Wordpress_Config_Webshell_Preprend : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "2a432c53-5dee-5a2e-9ccf-9e5d52713af9"
 		date = "2017-06-25"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9752-L9774"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9752-L9774"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "97d7b85fa191380fe8b26ea60c8735a8f7179acc3a496ff0fc0dc5eefde2fe8a"
 		score = 65
 		quality = 85
@@ -342595,10 +343183,10 @@ rule SIGNATURE_BASE_PAS_Webshell_Encoded : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "6cb547ad-7a97-5c3d-83e1-114ea798ddb8"
 		date = "2017-07-11"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "http://blog.talosintelligence.com/2017/07/the-medoc-connection.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9785-L9820"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9785-L9820"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "59f4f8caa60c2367b46f6af1aefa62e03e228b382ff58be3a27dad527a685eca"
 		score = 80
 		quality = 85
@@ -342628,10 +343216,10 @@ rule SIGNATURE_BASE_ALFA_SHELL : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "f0be44ec-bff0-5d01-aabd-df7aa05383e3"
 		date = "2017-09-21"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "Internal Research - APT33"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9832-L9850"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9832-L9850"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "651568b2b95c9e5c2b60fb3245e5afe4290235979e3df15bad96ccd08ae234ef"
 		score = 75
 		quality = 85
@@ -342657,10 +343245,10 @@ rule SIGNATURE_BASE_Webshell_FOPO_Obfuscation_APT_ON_Nov17_1 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "0122bb03-8ff0-554d-8fee-458f0ddd7664"
 		date = "2017-11-17"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "Internal Research - ON"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9852-L9871"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9852-L9871"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c5bc3ee0218d4ce6902e49d7f938264ecd158f1f458e2fcef878f06f003ed08"
 		score = 75
 		quality = 85
@@ -342683,10 +343271,10 @@ rule SIGNATURE_BASE_Webshell_Jexboss_JSP_1 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "4fe7a20b-dc2b-509b-bcf8-e3bfbbe7431a"
 		date = "2018-11-08"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9873-L9890"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9873-L9890"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f540bbc88bffd0c961837416bd5166fd3cb54b6124ffffbf1cd60e49ab01bd30"
 		score = 75
 		quality = 85
@@ -342710,10 +343298,10 @@ rule SIGNATURE_BASE_Webshell_Jexboss_WAR_1 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "0973f6cf-8a5f-5449-812e-36aa6b9939df"
 		date = "2018-11-08"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9892-L9915"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9892-L9915"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ee9cb22496d2e36d215caa9c7e295b41cb8434322a0097bbc3d1a365dce0c156"
 		score = 75
 		quality = 85
@@ -342744,10 +343332,10 @@ rule SIGNATURE_BASE_Webshell_Tinyasp : FILE
 		author = "Jeff Beley"
 		id = "38b1f61b-e506-59b2-9157-d0345431c429"
 		date = "2019-01-09"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9917-L9928"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9917-L9928"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d8b7db89ea623d5bcf14476779df727827cfc752d4c6ba4208445fd7305e6943"
 		score = 75
 		quality = 83
@@ -342767,13 +343355,13 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Mar21_1 : FILE
 		author = "Florian Roth (Nextron Systems)"
 		id = "52884135-6b86-5e3e-a866-36a812d5a9af"
 		date = "2021-03-12"
-		modified = "2025-07-07"
+		modified = "2025-11-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor-webshells.yar#L9930-L9955"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
-		logic_hash = "acc0d67326d1f764d6fc54681b38f491c55968ec34e40d181426cfcf418eeb21"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor-webshells.yar#L9930-L9956"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
+		logic_hash = "0c20163871bf424c0b594c4b75d35e782df03761552f792474761c603ddb8478"
 		score = 75
-		quality = 83
+		quality = 85
 		tags = "FILE"
 		hash1 = "10b6e82125a2ddf3cc31a238e0d0c71a64f902e0d77171766713affede03174d"
 		hash2 = "170bee832df176aac0a3c6c7d5aa3fee413b4572030a24c994a97e70f6648ffc"
@@ -342787,7 +343375,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Mar21_1 : FILE
 		hash10 = "d40b16307d6434c3281374c0e1bbc0f6db388883e7f6266c3c81de0694266882"
 
 	strings:
-		$s1 = ".StartInfo.FileName = 'cmd.exe';" ascii fullword
+		$s1 = ".StartInfo.FileName = 'cmd.exe';" ascii
 		$s2 = "<xsl:template match=\"\"/root\"\">" ascii fullword
 		$s3 = "<?xml version=\"\"1.0\"\"?><root>test</root>\";" ascii fullword
 
@@ -342803,8 +343391,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_LNX_Macos_Lockbit_Apr23_1 : FILE
 		date = "2023-04-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/malwrhunterteam/status/1647384505550876675?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lockbit_lnx_macos_apr23.yar#L2-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lockbit_lnx_macos_apr23.yar#L2-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6d838e8b207b97d7c335dc4066de2c6dc87f7adc9cac31742677edbe85386cf7"
 		score = 85
 		quality = 85
@@ -342843,8 +343431,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lockbit_Apr23_1
 		date = "2023-04-17"
 		modified = "2023-12-05"
 		reference = "https://objective-see.org/blog/blog_0x75.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lockbit_lnx_macos_apr23.yar#L43-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lockbit_lnx_macos_apr23.yar#L43-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cd5bffa5571abfd1446b065d26c8c23f00fe1376d505af539c6f37356014a86f"
 		score = 75
 		quality = 85
@@ -342871,8 +343459,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lockbit_Locker_LOG_Apr23_1
 		date = "2023-04-17"
 		modified = "2023-12-05"
 		reference = "https://objective-see.org/blog/blog_0x75.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lockbit_lnx_macos_apr23.yar#L69-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lockbit_lnx_macos_apr23.yar#L69-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d5f96e601150209382d3f6458863bc79768beb99b587aa8d9ba37cb2c11ef634"
 		score = 75
 		quality = 85
@@ -342896,8 +343484,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lockbit_Forensicartifacts_Apr23_1
 		date = "2023-04-17"
 		modified = "2023-12-05"
 		reference = "https://objective-see.org/blog/blog_0x75.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_lockbit_lnx_macos_apr23.yar#L86-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_lockbit_lnx_macos_apr23.yar#L86-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "81021f8c9aed17c007d7329a598c644a706fa9750818c8974984eefcba8d06c2"
 		score = 75
 		quality = 85
@@ -342920,8 +343508,8 @@ rule SIGNATURE_BASE_Beepservice_Hacktool : FILE
 		date = "2016-05-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/p32Ozf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_beepservice.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_beepservice.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "176136e8a5ffec258caebf8d6b452b556093c5998414a7c9a4451ad78482f862"
 		score = 85
 		quality = 85
@@ -342950,8 +343538,8 @@ rule SIGNATURE_BASE_Quasar_RAT_1 : FILE
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_quasar_rat.yar#L10-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_quasar_rat.yar#L10-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7cceccb7c283774318f6285b482a422566f4f821eb51d564104205783401931a"
 		score = 75
 		quality = 85
@@ -342983,8 +343571,8 @@ rule SIGNATURE_BASE_Quasar_RAT_2 : FILE
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_quasar_rat.yar#L35-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_quasar_rat.yar#L35-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b113cb63b0bb75766c905dd3b327b1b2df228733622df8f7517d3daed72432a3"
 		score = 75
 		quality = 85
@@ -343017,8 +343605,8 @@ rule SIGNATURE_BASE_MAL_Quasarrat_May19_1 : FILE
 		date = "2019-05-27"
 		modified = "2023-01-06"
 		reference = "https://blog.ensilo.com/uncovering-new-activity-by-apt10"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_quasar_rat.yar#L61-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_quasar_rat.yar#L61-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a189bce433c71d45fd7f5d7fc284fc5b35c88a7ec616dd392d0e931165263aca"
 		score = 75
 		quality = 85
@@ -343054,8 +343642,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Robinhood_May19_1 : FILE
 		date = "2019-05-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/BThurstonCPTECH/status/1128489465327030277"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_robinhood.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_robinhood.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5eef71b94f2488dceff80ec2daba689c12d13b2742ba9ae5ead58711339d6026"
 		score = 75
 		quality = 85
@@ -343084,8 +343672,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_1 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wildneutron.yar#L10-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wildneutron.yar#L10-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2b5065a3d0e0b8252a987ef5f29d9e1935c5863f5718b83440e68dc53c21fa94"
 		logic_hash = "d8044761fa51f2afd16eb096aa9e896483387c47e10ce922f2ef32ebcbd1a520"
 		score = 60
@@ -343118,8 +343706,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_2 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wildneutron.yar#L36-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wildneutron.yar#L36-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8d80f9ef55324212759f4b6070cb8fce18a008ae9dd8b9598553206654d13a6f"
 		logic_hash = "3a796199a2e9f2711e5fbdc1050234a8f3c09f762bc645f49a705d9f112d9cdc"
 		score = 60
@@ -343149,8 +343737,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_3 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wildneutron.yar#L59-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wildneutron.yar#L59-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c2c761cde3175f6e40ed934f2e82c76602c81e2128187bab61793ddb3bc686d0"
 		logic_hash = "16d511412576df2eb6d9646856d37bd94af7648cc602510696b74fa0534e405d"
 		score = 60
@@ -343181,8 +343769,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_4 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wildneutron.yar#L85-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wildneutron.yar#L85-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b4005530193bc523d3e0193c3c53e2737ae3bf9f76d12c827c0b5cd0dcbaae45"
 		logic_hash = "4882b7c5f469615436490cd628ee3bb5b0dded43fb556ac6477cdadc6c8eff05"
 		score = 60
@@ -343213,8 +343801,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_5 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wildneutron.yar#L110-L133"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wildneutron.yar#L110-L133"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1604e36ccef5fa221b101d7f043ad7f856b84bf1a80774aa33d91c2a9a226206"
 		logic_hash = "57792a54c96c59a1e9ed961715c72187936aee6f001c2ed4f95ca84e799e9c8c"
 		score = 60
@@ -343246,8 +343834,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_6 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wildneutron.yar#L135-L149"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wildneutron.yar#L135-L149"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4bd548fe07b19178281edb1ee81c9711525dab03dc0b6676963019c44cc75865"
 		logic_hash = "7dc7f9815f2b2c934ecf93f5813bdb87364b2b9e2a5aebc04f76cfff43e46d30"
 		score = 60
@@ -343270,8 +343858,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_7 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wildneutron.yar#L151-L176"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wildneutron.yar#L151-L176"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a14d31eb965ea8a37ebcc3b5635099f2ca08365646437c770212d534d504ff3c"
 		logic_hash = "8a081932be8fd03c37a87486570a02a31756ba6bd125dbed7da9703197447ea5"
 		score = 60
@@ -343305,8 +343893,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_9 : FILE
 		date = "2015-07-10"
 		modified = "2023-01-06"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wildneutron.yar#L203-L223"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wildneutron.yar#L203-L223"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "781eb1e17349009fbae46aea5c59d8e5b68ae0b42335cb035742f6b0f4e4087e"
 		logic_hash = "2029c94088e075cbcbae8d7d514cfc56add022d8776e59f04824d9ce9fd12794"
 		score = 60
@@ -343334,8 +343922,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_10 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wildneutron.yar#L225-L267"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wildneutron.yar#L225-L267"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1d3bdabb350ba5a821849893dabe5d6056bf7ba1ed6042d93174ceeaa5d6dad7"
 		logic_hash = "b282b6892f9cb6769bf0e302deaa8062fd69bfd51144bc06fc9501fde9537dae"
 		score = 60
@@ -343381,8 +343969,8 @@ rule SIGNATURE_BASE_APT_MAL_Wildneutron_Javacpl : FILE
 		modified = "2023-01-06"
 		old_rule_name = "WildNeutron_javacpl"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_wildneutron.yar#L272-L300"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_wildneutron.yar#L272-L300"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c9cb6ab956d29df9f59520262ab308a0256747cc3c898979347304950e093098"
 		score = 60
 		quality = 85
@@ -343413,8 +344001,8 @@ rule SIGNATURE_BASE_APT_IN_TA397_Wmrat : HUNTING
 		date = "2024-11-20"
 		modified = "2025-01-17"
 		reference = "https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta397_dec24.yar#L2-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta397_dec24.yar#L2-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3bf4bbd5564f4381820fb8da5810bd4d9718b5c80a7e8f055961007c6f30da2b"
 		hash = "3e9a08972b8ec9c2e64eeb46ce1db92ae3c40bc8de48d278ba4d436fc3c8b3a4"
 		hash = "40ddb4463be9d8131f363fd78e21d9de5d838a3ec4044526aea45a473d6ddd61"
@@ -343498,8 +344086,8 @@ rule SIGNATURE_BASE_SUSP_RAR_NTFS_ADS : HUNTING FILE
 		date = "2024-12-17"
 		modified = "2025-01-17"
 		reference = "https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ta397_dec24.yar#L82-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ta397_dec24.yar#L82-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bcca4771e8f940ce8cfcff08284545fec6163df549e1fb589d89ca3fa335f04c"
 		score = 70
 		quality = 83
@@ -343535,8 +344123,8 @@ rule SIGNATURE_BASE_Trojandownloader : FILE
 		date = "2015-02-11"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/wJ8V1I"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_malware_generic.yar#L4-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_malware_generic.yar#L4-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5b8d4280ff6fc9c8e1b9593cbaeb04a29e64a81e"
 		logic_hash = "4911098beea1d348d41d6a38c03b343bb7b8a8090ba664fd4b0747045127c686"
 		score = 60
@@ -343580,8 +344168,8 @@ rule SIGNATURE_BASE_Ismdoor_Jul17_A2 : FILE
 		date = "2017-08-01"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/Voulnet/status/892104753295110145"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_malware_generic.yar#L54-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_malware_generic.yar#L54-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7944f690be190927c905d3b3c6e26765504af9fcfb445cf70c8899af115d5001"
 		score = 75
 		quality = 85
@@ -343608,8 +344196,8 @@ rule SIGNATURE_BASE_Unknown_Malware_Sample_Jul17_2 : FILE
 		date = "2017-08-01"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/iqH8CK"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_malware_generic.yar#L73-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_malware_generic.yar#L73-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "966e14331fa89f2cdb5593a0c10227264085ee127deed28341e395ba6845e19d"
 		score = 75
 		quality = 85
@@ -343635,8 +344223,8 @@ rule SIGNATURE_BASE_MAL_Unspecified_Jan18_1 : FILE
 		date = "2018-01-19"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_malware_generic.yar#L91-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_malware_generic.yar#L91-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cd4f7247473e04c348b49970ee3a6fd01415f005ac6dc7a79fbf937a693a80f4"
 		score = 75
 		quality = 85
@@ -343665,8 +344253,8 @@ rule SIGNATURE_BASE_Emissary_APT_Malware_1 : FILE
 		date = "2016-01-02"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/V0epcf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_emissary.yar#L8-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_emissary.yar#L8-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cab20ac0c17dcc5cb9d0c9f4cffe47e5880acd9dee935cb0eb1ef59579a23f17"
 		score = 75
 		quality = 85
@@ -343710,8 +344298,8 @@ rule SIGNATURE_BASE_EXPL_Citrix_Netscaler_ADC_Forensicartifacts_CVE_2023_3519_Ju
 		date = "2023-07-21"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/sites/default/files/2023-07/aa23-201a_csa_threat_actors_exploiting_citrix-cve-2023-3519_to_implant_webshells.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L27-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L27-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "48d4225d0935084003f7a98c554d7c4722a91290dfe190001da52bce332b3f7d"
 		score = 70
 		quality = 85
@@ -343734,8 +344322,8 @@ rule SIGNATURE_BASE_EXPL_Citrix_Netscaler_ADC_Forensicartifacts_CVE_2023_3519_Ju
 		date = "2023-07-24"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/citrix-zero-day-espionage"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L43-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L43-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e78e1a788503b841ed0f4e5cd415eb35d8911092778120d7fd061ed20820da37"
 		score = 70
 		quality = 85
@@ -343762,11 +344350,11 @@ rule SIGNATURE_BASE_LOG_EXPL_Citrix_Netscaler_ADC_Exploitation_Attempt_CVE_2023_
 		date = "2023-07-27"
 		modified = "2023-12-05"
 		reference = "https://blog.assetnote.io/2023/07/24/citrix-rce-part-2-cve-2023-3519/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L63-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L63-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7ad3164c5b2616b12a513a2bb3736d530769e75fca03346a72351a27b8343b2a"
 		score = 65
-		quality = 60
+		quality = 85
 		tags = "CVE-2023-3519"
 
 	strings:
@@ -343785,8 +344373,8 @@ rule SIGNATURE_BASE_WEBSHELL_SECRETSAUCE_Jul23_1 : CVE_2023_3519 FILE
 		date = "2023-07-24"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/citrix-zero-day-espionage"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L79-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L79-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c762d46ae43a3e10453c2ee17039812a06086ac85bdb000cf8308f5196a9dee2"
 		score = 85
 		quality = 85
@@ -343812,8 +344400,8 @@ rule SIGNATURE_BASE_APT_MAL_APT27_Rshell_Jul24 : MALWARE RSHELL___SYSUPDATE FILE
 		date = "2024-07-11"
 		modified = "2024-12-12"
 		reference = "https://x.com/bfv_bund/status/1811364839656185985?s=12&t=C0_T_re0wRP_NfKa27Xw9w"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt27_rshell.yar#L2-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt27_rshell.yar#L2-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "be5f6281d722bd07e53acd459c794fe3ae870a05ed8979de4c28d357110617bd"
 		score = 75
 		quality = 85
@@ -343850,8 +344438,8 @@ rule SIGNATURE_BASE_Shamoon2_Wiper : FILE
 		date = "2016-12-01"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/jKIfGB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_shamoon2.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_shamoon2.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "245b03d9606f2e391f53a60aa333c6b037aa1f013794d83b761813d54782b885"
 		score = 70
 		quality = 85
@@ -343878,8 +344466,8 @@ rule SIGNATURE_BASE_Shamoon2_Comcomp : FILE
 		date = "2016-12-01"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/jKIfGB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_shamoon2.yar#L30-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_shamoon2.yar#L30-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "edebdbcf17bd9fadc67c7d76839cf569f0ea20127d4e0d216411c35e9ba54208"
 		score = 70
 		quality = 85
@@ -343905,8 +344493,8 @@ rule SIGNATURE_BASE_Eldos_Rawdisk : FILE
 		date = "2016-12-01"
 		modified = "2023-01-27"
 		reference = "https://goo.gl/jKIfGB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_shamoon2.yar#L50-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_shamoon2.yar#L50-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ab09371b91ab6889f342c7992108ad374b5ecf67b6c2144a6282670f177d0f15"
 		score = 50
 		quality = 85
@@ -343938,8 +344526,8 @@ rule SIGNATURE_BASE_Coreimpact_Sysdll_Exe
 		date = "2014-12-27"
 		modified = "2023-01-06"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_coreimpact_agent.yar#L6-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_coreimpact_agent.yar#L6-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f89a4d4ae5cca6d69a5256c96111e707"
 		logic_hash = "332b68e797e8ee3e26d797e106ae31e7240585ccb0ea599bebd8ac8f94313eab"
 		score = 70
@@ -343968,8 +344556,8 @@ rule SIGNATURE_BASE_MAL_Avemaria_RAT_Jul19 : FILE
 		date = "2019-07-01"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/abuse_ch/status/1145697917161934856"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_avemaria_rat.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_avemaria_rat.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a848ec579db6a07faeab5c855a56889b4bfeaa2958d0388f7fe8c6dcdea7e457"
 		score = 75
 		quality = 85
@@ -343993,8 +344581,8 @@ rule SIGNATURE_BASE_Gen_Python_Pyminifier_Encoded_Payload : FILE
 		date = "2019-12-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/liftoff/pyminifier"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_python_pyminifier_encoded_payload.yar#L1-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_python_pyminifier_encoded_payload.yar#L1-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "01df8765ea35db382d1dd67a502bf1d9647d8fe818ec31abff41c7e41c2816c0"
 		hash = "15d201152a9465497a0f9dd6939e48315b358702c5e2a3c506ad436bb8816da7"
 		hash = "ab91f76394ddf866cc0b315d862a19b57ded93be5dfc2dd0a81e6a43d0c5f301"
@@ -344025,8 +344613,8 @@ rule SIGNATURE_BASE_Irontiger_Aspxspy : HIGHVOL
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L1-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L1-L13"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6b5830d3fd6aa346b27788cd4abd581b4724fecc4e880b14dd7b1dd27ef1eea3"
 		score = 75
 		quality = 85
@@ -344048,8 +344636,8 @@ rule SIGNATURE_BASE_Irontiger_Changeport_Toolkit_Driversinstall : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L15-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L15-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2ae32596da4f98a0ec2556c2cd87fc7a0f85c37ce96c7163664f2e8cc3ec498d"
 		score = 75
 		quality = 85
@@ -344073,8 +344661,8 @@ rule SIGNATURE_BASE_Irontiger_Changeport_Toolkit_Changeportexe : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L31-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L31-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b5a5a1cff372d97bfa281d297b6230279cd1526c5df636efe4dec3aa3d923edf"
 		score = 75
 		quality = 85
@@ -344099,8 +344687,8 @@ rule SIGNATURE_BASE_Irontiger_Dllshellexc2010 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L48-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L48-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b75477f01627ac05013c5e4ccb1d58a6bb25bfbe83ad0cec392140d44637a028"
 		score = 75
 		quality = 85
@@ -344125,8 +344713,8 @@ rule SIGNATURE_BASE_Irontiger_Dnstunnel : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L65-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L65-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "84b7dec3a89fe309149c7a3141279755adafbf793521c7b9b4031827f1020d7d"
 		score = 75
 		quality = 85
@@ -344155,8 +344743,8 @@ rule SIGNATURE_BASE_Irontiger_EFH3_Encoder : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L86-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L86-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e620222f815a6c915e372c11d28c480179fd2abdb139ed6984ca5a7a61b8088c"
 		score = 75
 		quality = 85
@@ -344179,8 +344767,8 @@ rule SIGNATURE_BASE_Irontiger_Getpassword_X64 : FILE
 		date = "2023-01-06"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L101-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L101-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2adabc629fcd4bc89a015874376daf51b2a367bb13ec25e917e5d899080d8a74"
 		score = 75
 		quality = 85
@@ -344207,8 +344795,8 @@ rule SIGNATURE_BASE_Irontiger_Gtalk_Trojan : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L121-L135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L121-L135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9b6139d34ad91db2e418668be9ca947442ff614a241f0c1aa61f8334af5421c0"
 		score = 75
 		quality = 85
@@ -344232,8 +344820,8 @@ rule SIGNATURE_BASE_Irontiger_HTTP_SOCKS_Proxy_Soexe : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L137-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L137-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f262751727de3d47a8d7cdc1f8ba8d92f4f60e22bc4e897bd5e53a8f2c118c95"
 		score = 75
 		quality = 85
@@ -344258,8 +344846,8 @@ rule SIGNATURE_BASE_Irontiger_Nbddos_Gh0Stvariant_Dropper : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L154-L169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L154-L169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e877c52d5cb0067388e9a138f48dcf7d3bd6d7d491eea6acffb2527ba0a906c7"
 		score = 75
 		quality = 85
@@ -344284,8 +344872,8 @@ rule SIGNATURE_BASE_Irontiger_Plugx_Dosemulator : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L171-L185"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L171-L185"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "502adc142b0f7a2980b4b851f2360086cec855b5e9851a6e9afbaba1846d11ed"
 		score = 75
 		quality = 85
@@ -344309,8 +344897,8 @@ rule SIGNATURE_BASE_Irontiger_Plugx_Fastproxy : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L187-L203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L187-L203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6659595f65b445d2bd69b13b8d01c2dd78b5c055fa39f810a61646d9408df2ff"
 		score = 75
 		quality = 85
@@ -344336,8 +344924,8 @@ rule SIGNATURE_BASE_Irontiger_Plugx_Server : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L205-L225"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L205-L225"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "14b3f3b75cf6d042934e6916c99fe41d54065d59be6eb30b3cecc799997ac9d4"
 		score = 75
 		quality = 85
@@ -344367,8 +344955,8 @@ rule SIGNATURE_BASE_Irontiger_Readpwd86 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L227-L240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L227-L240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c188b033aee6b7e811c125af545aa7851cd45ba02e057ee93967fa98d1c13947"
 		score = 75
 		quality = 85
@@ -344391,8 +344979,8 @@ rule SIGNATURE_BASE_Irontiger_Ring_Gh0Stvariant : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L242-L257"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L242-L257"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6df729e3b472d3930f5bc4a1b5b8736567df43b78bec3401f5d41bf7ba30d93b"
 		score = 75
 		quality = 85
@@ -344417,8 +345005,8 @@ rule SIGNATURE_BASE_Irontiger_Wmiexec
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_irontiger_trendmicro.yar#L259-L276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_irontiger_trendmicro.yar#L259-L276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7988b993345e13b64e5f02ecd2679fc484b063a4cd2f18b52d00d2dfa34d82cb"
 		score = 75
 		quality = 85
@@ -344445,8 +345033,8 @@ rule SIGNATURE_BASE_APT_UNC5221_Ivanti_Forensicartifacts_Jan24_1 : FILE
 		date = "2024-01-11"
 		modified = "2024-04-24"
 		reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_report_ivanti_mandiant_jan24.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_report_ivanti_mandiant_jan24.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7f485f41072f5584dc76e71564e13066d9fe41685f33bff9c2886fa7d2155f94"
 		score = 75
 		quality = 85
@@ -344469,8 +345057,8 @@ rule SIGNATURE_BASE_M_Hunting_Backdoor_ZIPLINE_1 : FILE
 		date = "2024-01-11"
 		modified = "2024-04-24"
 		reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_report_ivanti_mandiant_jan24.yar#L18-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_report_ivanti_mandiant_jan24.yar#L18-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "41857ba465dd1f2e1aa8c1eed36b73606385eeedf233fd480bb8a4ef15499174"
 		score = 75
 		quality = 85
@@ -344496,8 +345084,8 @@ rule SIGNATURE_BASE_M_Hunting_Dropper_WIREFIRE_1 : FILE
 		date = "2024-01-11"
 		modified = "2024-04-24"
 		reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_report_ivanti_mandiant_jan24.yar#L40-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_report_ivanti_mandiant_jan24.yar#L40-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6de651357a15efd01db4e658249d4981"
 		logic_hash = "c389a666bd093cdd7700385da43c8fa58b9f3d899e658c516df0f3aca439401d"
 		score = 75
@@ -344523,8 +345111,8 @@ rule SIGNATURE_BASE_M_Hunting_Webshell_LIGHTWIRE_2 : FILE
 		date = "2024-01-11"
 		modified = "2024-01-12"
 		reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_report_ivanti_mandiant_jan24.yar#L60-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_report_ivanti_mandiant_jan24.yar#L60-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3d97f55a03ceb4f71671aa2ecf5b24e9"
 		logic_hash = "37b22a6c45dd53bc7b3f0c75cc5072e990246fea24591d192176c0b496e92084"
 		score = 75
@@ -344550,8 +345138,8 @@ rule SIGNATURE_BASE_M_Hunting_Dropper_THINSPOOL_1 : FILE
 		date = "2024-01-11"
 		modified = "2024-04-24"
 		reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_report_ivanti_mandiant_jan24.yar#L83-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_report_ivanti_mandiant_jan24.yar#L83-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "677c1aa6e2503b56fe13e1568a814754"
 		logic_hash = "a8043822cd36a802ba6656c42085f09d67cedb0689c9da48438d788b320bd6c0"
 		score = 75
@@ -344576,8 +345164,8 @@ rule SIGNATURE_BASE_M_Hunting_Credtheft_WARPWIRE_1 : FILE
 		date = "2024-01-11"
 		modified = "2024-04-24"
 		reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_report_ivanti_mandiant_jan24.yar#L102-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_report_ivanti_mandiant_jan24.yar#L102-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d0c7a334a4d9dcd3c6335ae13bee59ea"
 		logic_hash = "8029df5998166ab3db3319b0dd765ef3356b4b44dc16d2d418015a0f7ffac97e"
 		score = 75
@@ -344604,8 +345192,8 @@ rule SIGNATURE_BASE_SUSP_Adobepdf_SFX_Bitmap_Combo_Executable : FILE
 		date = "2020-11-02"
 		modified = "2023-12-05"
 		reference = "https://mp.weixin.qq.com/s/3Pa3hiuZyQBspDzH0kGSHw"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_icon_anomalies.yar#L3-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_icon_anomalies.yar#L3-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ac515d698507be6085684a6ec4622c6f3c26d0c3a0d94cbbeacfab7dfb9fe135"
 		score = 60
 		quality = 85
@@ -344645,8 +345233,8 @@ rule SIGNATURE_BASE_SUSP_Adobepdf_Bitmap_Executable : FILE
 		date = "2020-11-02"
 		modified = "2023-12-05"
 		reference = "https://mp.weixin.qq.com/s/3Pa3hiuZyQBspDzH0kGSHw"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_icon_anomalies.yar#L39-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_icon_anomalies.yar#L39-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a8ef5ce2e876565c7d6367ce555d00bd3535699f1907f867811f2f6749672c67"
 		score = 60
 		quality = 85
@@ -344680,8 +345268,8 @@ rule SIGNATURE_BASE_VULN_PHP_Hack_Backdoored_Phpass_May21 : FILE
 		date = "2022-05-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/s0md3v/status/1529005758540808192"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vul_backdoor_antitheftweb.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vul_backdoor_antitheftweb.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d9669dadc698c6fa63d61857f9ada16a9303aa8bf4139bec75104f2e9f00a36a"
 		score = 75
 		quality = 85
@@ -344702,8 +345290,8 @@ rule SIGNATURE_BASE_VULN_Python_Hack_Backdoored_Ctx_May21 : FILE
 		date = "2022-05-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/s0md3v/status/1529005758540808192"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vul_backdoor_antitheftweb.yar#L16-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vul_backdoor_antitheftweb.yar#L16-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f8047eb4e0420e4ec01fb038acdc4abdcc3aa4dada5ce072d20f78acac942079"
 		score = 75
 		quality = 85
@@ -344727,8 +345315,8 @@ rule SIGNATURE_BASE_Crowdstrike_Shamoon_Droppedfile
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://www.rsaconference.com/writable/presentations/file_upload/exp-w01-hacking-exposed-day-of-destruction.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_shamoon.yar#L1-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_shamoon.yar#L1-L13"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ed550832b217f7edceea2edf7c4453925ed1759d97db7728f7face6ff10ee361"
 		score = 75
 		quality = 85
@@ -344753,8 +345341,8 @@ rule SIGNATURE_BASE_Windowsshell_S3 : FILE
 		date = "2016-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/odzhan/shells/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_winshells.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_winshells.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "344575a58db288c9b5dacc654abc36d38db2e645acff05e894ff51183c61357d"
 		logic_hash = "b9274f909b50247a4f5111a14806faadba7814e26805bef7d61eaaf8be4b46ed"
 		score = 75
@@ -344785,8 +345373,8 @@ rule SIGNATURE_BASE_Windosshell_S1 : FILE
 		date = "2016-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/odzhan/shells/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_winshells.yar#L33-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_winshells.yar#L33-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4a397497cfaf91e05a9b9d6fa6e335243cca3f175d5d81296b96c13c624818bd"
 		logic_hash = "29fcddc549c615ca5cdda60272926671bc1446c3c7b51c9a2fd867b6b68858b2"
 		score = 75
@@ -344816,8 +345404,8 @@ rule SIGNATURE_BASE_Windowsshell_S4 : FILE
 		date = "2016-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/odzhan/shells/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_winshells.yar#L55-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_winshells.yar#L55-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f00a1af494067b275407c449b11dfcf5cb9b59a6fac685ebd3f0eb193337e1d6"
 		logic_hash = "fff280debdd32a736e37a73800f226bf6def5dd107abd1d9237d92904622c9ec"
 		score = 75
@@ -344847,8 +345435,8 @@ rule SIGNATURE_BASE_Windowsshell_Gen : FILE
 		date = "2016-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/odzhan/shells/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_winshells.yar#L79-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_winshells.yar#L79-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "753dd12f649bcbfcc2c60a2f3be27df5297a671a0ee1856093eed04113616581"
 		score = 75
 		quality = 85
@@ -344878,8 +345466,8 @@ rule SIGNATURE_BASE_Windowsshell_Gen2 : FILE
 		date = "2016-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/odzhan/shells/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_winshells.yar#L101-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_winshells.yar#L101-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c5ce27554b2ee25b974b567ef5a9ae877906250073da477f0ab5d71d162ac81a"
 		score = 75
 		quality = 85
@@ -344910,8 +345498,8 @@ rule SIGNATURE_BASE_MAL_Envrial_Jan18_1 : FILE
 		date = "2018-01-21"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/malwrhunterteam/status/953313514629853184"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_envrial.yar#L11-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_envrial.yar#L11-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f047bedaac4dd934657b282a2587c55f3087a7cceb1a80becf14e7db3c365e8b"
 		score = 75
 		quality = 85
@@ -344944,8 +345532,8 @@ rule SIGNATURE_BASE_Hatman_Compiled_Python : HATMAN
 		date = "2017-12-19"
 		modified = "2023-12-05"
 		reference = "https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hatman.yar#L86-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hatman.yar#L86-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a18018e4c6ea5b7ab6e1dbdc050e565f66520676565db6d352f58a786097960f"
 		score = 75
 		quality = 85
@@ -344963,8 +345551,8 @@ rule SIGNATURE_BASE_Hatman_Injector : HATMAN
 		date = "2017-12-19"
 		modified = "2023-01-09"
 		reference = "https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hatman.yar#L96-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hatman.yar#L96-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "19edf44bec6e1cbccefa145c5ae1bf0820729a80ac3ef1c8e7100b465b487e3c"
 		score = 75
 		quality = 85
@@ -344982,8 +345570,8 @@ rule SIGNATURE_BASE_Hatman_Payload : HATMAN
 		date = "2017-12-19"
 		modified = "2023-12-05"
 		reference = "https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hatman.yar#L107-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hatman.yar#L107-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9a6e5d2c2f2be35e6dc8b418e33419977460006923ecd9f029cacf51d8c0477a"
 		score = 75
 		quality = 85
@@ -345001,8 +345589,8 @@ rule SIGNATURE_BASE_WEBSHELL_JAVA_Versamem_JAR_Aug24_1 : FILE
 		date = "2024-08-27"
 		modified = "2024-08-29"
 		reference = "https://x.com/ryanaraine/status/1828440883315999117"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_volttyphoon_versamem.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_volttyphoon_versamem.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d21558eb6c8e700b8a4cb86fdaa5487179828152af68828e878397859d6d3952"
 		score = 75
 		quality = 85
@@ -345031,8 +345619,8 @@ rule SIGNATURE_BASE_WEBSHELL_JAVA_Versamem_JAR_Aug24_2 : FILE
 		date = "2024-08-29"
 		modified = "2024-12-12"
 		reference = "https://x.com/craiu/status/1828687700884336990"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_volttyphoon_versamem.yar#L27-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_volttyphoon_versamem.yar#L27-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0bdf3bf5130c51c1355f179704933ca473a702595c580642035c8d3b9aad5725"
 		score = 75
 		quality = 60
@@ -345055,8 +345643,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Msg_CVE_2023_23397_Mar23 : CVE_2023_23397 FILE
 		date = "2023-03-15"
 		modified = "2024-12-03"
 		reference = "https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_outlook_cve_2023_23397.yar#L1-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_outlook_cve_2023_23397.yar#L1-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "47fee24586cd2858cfff2dd7a4e76dc95eb44c8506791ccc2d59c837786eafe3"
 		hash = "582442ee950d546744f2fa078adb005853a453e9c7f48c6c770e6322a888c2cf"
 		hash = "6c0087a5cbccb3c776a471774d1df10fe46b0f0eb11db6a32774eb716e1b7909"
@@ -345088,8 +345676,8 @@ rule SIGNATURE_BASE_EXPL_SUSP_Outlook_CVE_2023_23397_Exfil_IP_Mar23 : CVE_2023_2
 		date = "2023-03-15"
 		modified = "2023-03-18"
 		reference = "https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_outlook_cve_2023_23397.yar#L41-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_outlook_cve_2023_23397.yar#L41-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "47fee24586cd2858cfff2dd7a4e76dc95eb44c8506791ccc2d59c837786eafe3"
 		hash = "582442ee950d546744f2fa078adb005853a453e9c7f48c6c770e6322a888c2cf"
 		hash = "6c0087a5cbccb3c776a471774d1df10fe46b0f0eb11db6a32774eb716e1b7909"
@@ -345122,8 +345710,8 @@ rule SIGNATURE_BASE_EXPL_SUSP_Outlook_CVE_2023_23397_SMTP_Mail_Mar23 : CVE_2023_
 		date = "2023-03-17"
 		modified = "2023-03-24"
 		reference = "https://twitter.com/wdormann/status/1636491612686622723"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_outlook_cve_2023_23397.yar#L83-L112"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_outlook_cve_2023_23397.yar#L83-L112"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a361eb3abf98655f43efff2a5399f112d9ac2d23df85a642ab744c78e98330e0"
 		score = 60
 		quality = 85
@@ -345151,8 +345739,8 @@ rule SIGNATURE_BASE_Pirpi_1609_A : FILE
 		date = "2016-09-08"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_pirpi.yar#L10-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_pirpi.yar#L10-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "470745d0dd44c161ed6ec474f85531a3aca8ebb0adb98b902cb0b7465ca07d8b"
 		score = 75
 		quality = 85
@@ -345192,8 +345780,8 @@ rule SIGNATURE_BASE_Pirpi_1609_B : FILE
 		date = "2016-09-08"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_pirpi.yar#L45-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_pirpi.yar#L45-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4dafff80fb7bfcffccf96d991245c13b3208fd4f5a21488d7d6885758ef05078"
 		score = 75
 		quality = 85
@@ -345223,8 +345811,8 @@ rule SIGNATURE_BASE_Kriskynote_Mar17_1 : FILE
 		date = "2017-03-03"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_kriskynote.yar#L11-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_kriskynote.yar#L11-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cc4861f3a612cbaba6abf8ded76972941c879f04b59c29756bf0ba8083bf93ab"
 		score = 75
 		quality = 85
@@ -345251,8 +345839,8 @@ rule SIGNATURE_BASE_Kriskynote_Mar17_2 : FILE
 		date = "2017-03-03"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_kriskynote.yar#L32-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_kriskynote.yar#L32-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4a1a7c1c75cc64df32d2f055538c5ad15418802733046471520c372a616f1e11"
 		score = 75
 		quality = 85
@@ -345276,8 +345864,8 @@ rule SIGNATURE_BASE_Kriskynote_Mar17_3 : FILE
 		date = "2017-03-03"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_kriskynote.yar#L48-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_kriskynote.yar#L48-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fda8a7944cdd12cadb1c902664909a8164835f660e6fa56209bc51164a90e77c"
 		score = 75
 		quality = 85
@@ -345303,8 +345891,8 @@ rule SIGNATURE_BASE_PLEAD_Downloader_Jun18_1 : FILE
 		date = "2018-06-16"
 		modified = "2023-12-05"
 		reference = "https://blog.jpcert.or.jp/2018/06/plead-downloader-used-by-blacktech.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_plead_downloader.yar#L1-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_plead_downloader.yar#L1-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "82fa4629aeb67a657af8b40527414e59d1c45a7c4e3c68398d3472c080c9487b"
 		score = 75
 		quality = 85
@@ -345332,8 +345920,8 @@ rule SIGNATURE_BASE_APT_MAL_Revil_Kaseya_Jul21_1 : FILE
 		date = "2021-07-02"
 		modified = "2023-12-05"
 		reference = "https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_revil_general.yar#L3-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_revil_general.yar#L3-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a7f9fa8f8e8a3a25728aa6a334924e0b4075f3422df6b92a2f544bb0ebb6bfad"
 		score = 75
 		quality = 85
@@ -345364,8 +345952,8 @@ rule SIGNATURE_BASE_APT_MAL_Revil_Kaseya_Jul21_2 : FILE
 		date = "2021-07-02"
 		modified = "2023-12-05"
 		reference = "https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_revil_general.yar#L32-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_revil_general.yar#L32-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "44948d93c71370a9976f22bf78cd1af80359f2c9804ea7995791109785cfaf84"
 		score = 75
 		quality = 85
@@ -345398,8 +345986,8 @@ rule SIGNATURE_BASE_APT_MAL_RANSOM_Vicesociety_Polyvice_Jan23_1 : FILE
 		date = "2023-01-12"
 		modified = "2023-01-13"
 		reference = "https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ransom_vicesociety_dec22.yar#L2-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ransom_vicesociety_dec22.yar#L2-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c7b76a693e5666515afee5c819b21e119ce5f1b0be675252673e6a24251ce8d"
 		score = 75
 		quality = 60
@@ -345430,8 +346018,8 @@ rule SIGNATURE_BASE_APT_MAL_RANSOM_Vicesociety_Chily_Jan23_1 : FILE
 		date = "2023-01-12"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ransom_vicesociety_dec22.yar#L33-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ransom_vicesociety_dec22.yar#L33-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fc2967d86bf73033e68b8b9409a197ae8f7fcdf06e1e2a17e3d277d243caa541"
 		score = 80
 		quality = 83
@@ -345463,8 +346051,8 @@ rule SIGNATURE_BASE_Crime_H2Miner_Kinsing : FILE
 		date = "2020-06-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_h2miner_kinsing.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_h2miner_kinsing.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8795f01f4ce85ca37a4e4667a4ee9756dae6af42884cf79830877a5c35a3bd3b"
 		score = 75
 		quality = 85
@@ -345493,8 +346081,8 @@ rule SIGNATURE_BASE_Korplug_FAST : FILE
 		date = "2015-08-20"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_korplug_fast.yar#L1-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_korplug_fast.yar#L1-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c437465db42268332543fbf6fd6a560ca010f19e0fd56562fb83fb704824b371"
 		logic_hash = "31aeb634eecc0f93353432b0dde113bfb54810ea74b02f959447a1d42e7e9e1b"
 		score = 75
@@ -345524,8 +346112,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_Keylogger_Unknown_Nov19_1 : FILE
 		date = "2019-11-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/CNMF_VirusAlert/status/1192131508007505921"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_gen.yar#L2-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_gen.yar#L2-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a3b5c82cb8aa09e3c1b955bb175046e86f96da1f187eb46df83caaaf9e1370b2"
 		score = 75
 		quality = 85
@@ -345567,8 +346155,8 @@ rule SIGNATURE_BASE_Servantshell : FILE
 		date = "2017-02-02"
 		modified = "2023-12-05"
 		reference = "https://tinyurl.com/jmp7nrs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_servantshell.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_servantshell.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "739057dc95831c9ed35981b40c606ecd0b3fd2118b42ed7c09e200dc0bc395db"
 		score = 70
 		quality = 85
@@ -345594,8 +346182,8 @@ rule SIGNATURE_BASE_MAL_Gandcrab_Apr18_1 : FILE
 		date = "2018-04-23"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/MarceloRivero/status/988455516094550017"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_mal_grandcrab.yar#L3-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_mal_grandcrab.yar#L3-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "70fc8deb91126a7404095aaa512e9b7542fe8605f83a037a10f8ccff76c27d4f"
 		score = 75
 		quality = 85
@@ -345615,8 +346203,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Revil_Oct20_1 : FILE
 		date = "2020-10-13"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_revil.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_revil.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "756e49362c01abbca3208967630f09ed957e5c51956e0e5210b0167590582a82"
 		score = 75
 		quality = 85
@@ -345646,8 +346234,8 @@ rule SIGNATURE_BASE_Tscookie_RAT : FILE
 		date = "2018-03-06"
 		modified = "2023-12-05"
 		reference = "http://blog.jpcert.or.jp/2018/03/malware-tscooki-7aa0.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_tscookie_rat.yar#L13-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_tscookie_rat.yar#L13-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c6121c541a77219b17351787973a4bc06a8d941ebd5f9e5e1e14ad4740a3fe7b"
 		score = 75
 		quality = 85
@@ -345673,8 +346261,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Fakefilemaker : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DamonMohammadbagher/FakeFileMaker"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L3-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L3-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "27d402835f31b6383c837e90248ae5c6d22f4c267d52625ebfbcc2ee5099ccad"
 		score = 75
 		quality = 85
@@ -345697,8 +346285,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Wmipersistence : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/mdsecactivebreach/WMIPersistence"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L18-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L18-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f8f5e1b6d9b9e8e2f76a7e02385142bbeb755d1b1e41e501f4f74fcaba0a7dad"
 		score = 75
 		quality = 85
@@ -345721,8 +346309,8 @@ rule SIGNATURE_BASE_HKTL_NET_Adcollector_Sep22_1 : FILE
 		date = "2022-09-15"
 		modified = "2024-12-10"
 		reference = "https://github.com/dev-2null/ADCollector"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L55-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L55-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "66d5363e885378c442e7532f69d4c36618d7a0f5dbe67490631d1ed5078d3fba"
 		score = 75
 		quality = 85
@@ -345750,8 +346338,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Maliciousclickoncegenerator : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/Mr-Un1k0d3r/MaliciousClickOnceGenerator"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L77-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L77-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "91e5878d49ad9af5420d4e29afaa600337fb8051951598a997cd74d72c884206"
 		score = 75
 		quality = 85
@@ -345774,8 +346362,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Directinjectorpoc : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/badBounty/directInjectorPOC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L92-L105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L92-L105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ffdc5694668af6c82b493403373d2e2e915e45bca8d58ec1ab41c5a8bd28d781"
 		score = 75
 		quality = 85
@@ -345798,8 +346386,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Asstrongasfuck : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/Charterino/AsStrongAsFuck"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L107-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L107-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4765f2099bf8fa8ebccd8cdcc561354f4aeba28c2473fd8556f1ef1d5d28dadd"
 		score = 75
 		quality = 85
@@ -345822,8 +346410,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Magentoscanner : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/soufianetahiri/MagentoScanner"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L122-L135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L122-L135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "245dce3be07c8e84dfcd2cdb2d9f24406a9b11b437e74969f1472a6ee149fd9c"
 		score = 75
 		quality = 85
@@ -345846,8 +346434,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Revengerat_Stub_Cssharp : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/NYAN-x-CAT/RevengeRAT-Stub-CSsharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L137-L150"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L137-L150"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a3bd1f8e52e6ed468b6a4fea83456ca813b69e2d676dfab687bbea5a746fed3c"
 		score = 75
 		quality = 85
@@ -345870,8 +346458,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpyshell : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/antonioCoco/SharPyShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L152-L165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L152-L165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "89d0010c08349f8982c7f5aa5f7855702556ce10f9f3b5b18b61349c5233e001"
 		score = 75
 		quality = 85
@@ -345894,8 +346482,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Ghostloader : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/TheWover/GhostLoader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L167-L180"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L167-L180"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "91527b4b35f2bb1aeee236647c5169c67f2b9cfb867f2b6d486bd8d8b7455d4b"
 		score = 75
 		quality = 85
@@ -345918,8 +346506,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Dotnetinject : FILE
 		date = "2021-01-22"
 		modified = "2022-06-28"
 		reference = "https://github.com/dtrizna/DotNetInject"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L182-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L182-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "07ba4ba23372dbc2618dcea89ef643cd68371ace1116bfeb939b0f9adfc425bb"
 		score = 75
 		quality = 85
@@ -345944,8 +346532,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Atpminidump : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/b4rtik/ATPMiniDump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L204-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L204-L217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7498ed5d11b9c3646ebd2d1330a239c43e9c5b270b1778871c2821a2fefb5137"
 		score = 75
 		quality = 85
@@ -345968,8 +346556,8 @@ rule SIGNATURE_BASE_SUSP_NET_NAME_Confuserex : FILE
 		date = "2021-01-22"
 		modified = "2021-01-25"
 		reference = "https://github.com/yck1509/ConfuserEx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L219-L234"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L219-L234"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "beecb7b66830a033e2048da246d320c1ffc5015b280b34fb61aee87c8a42fff3"
 		score = 40
 		quality = 85
@@ -345992,8 +346580,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpbuster : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/passthehashbrowns/SharpBuster"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L236-L249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L236-L249"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cdc19e03f75f34e6349937c0bff313298fc9310f361eec7af022c450d083ad96"
 		score = 75
 		quality = 85
@@ -346016,8 +346604,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Amsibypass : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/0xB455/AmsiBypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L251-L269"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L251-L269"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8fa4ba512b34a898c4564a8eac254b6a786d195b"
 		logic_hash = "f93b1014c7e26462fbbd3cd572cfa21a09c5da915a9a51d3e58a46a2b9b7cfe4"
 		score = 75
@@ -346042,8 +346630,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Recon_AD : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/outflanknl/Recon-AD"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L271-L284"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L271-L284"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7bfafb2d3e85bb584bd02cb92457d22b07626f71d071c44a4aefbb5748045446"
 		score = 75
 		quality = 85
@@ -346066,8 +346654,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpwatchdogs : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/RITRedteam/SharpWatchdogs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L286-L299"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L286-L299"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3b9410d7e502a5fd55e534d8fe79710d48cf65a0e9859bdd0fea6c8d32311df0"
 		score = 75
 		quality = 85
@@ -346090,8 +346678,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpcat : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/Cn33liz/SharpCat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L301-L314"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L301-L314"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b9e5946f8df1649e71abf014aa6579edbbc93a12ddcc56f8d85d97ae087c8711"
 		score = 75
 		quality = 85
@@ -346114,8 +346702,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_K8Tools : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/k8gege/K8tools"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L316-L329"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L316-L329"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "370cab83917bbc76f7f3a1b7793773ddf139879880e55efe59c72a07b34120f1"
 		score = 75
 		quality = 85
@@ -346138,8 +346726,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Httpsbeaconshell : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/limbenjamin/HTTPSBeaconShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L331-L344"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L331-L344"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6a0d7e1f796ae6cefa297978c743916a08b2406c37fa2c1f3f697a17cb032517"
 		score = 75
 		quality = 85
@@ -346162,8 +346750,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Ghostpack_Compiledbinaries : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/r3motecontrol/Ghostpack-CompiledBinaries"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L346-L359"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L346-L359"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a8e90f07b7d1ec309e51e3606169a05c4bb2b2aa7e31ca26b21f927d648c13cd"
 		score = 75
 		quality = 85
@@ -346186,8 +346774,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Metasploit_Sharp : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/VolatileMindsLLC/metasploit-sharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L361-L374"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L361-L374"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7a1c4e077e197a5cdca8cb12713abb3fa86a3f6ea8e8f2f632c9c8e42d829acc"
 		score = 75
 		quality = 85
@@ -346210,8 +346798,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Trevorc2 : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/trustedsec/trevorc2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L376-L389"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L376-L389"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c1d56ef865e6619d9d0deff90b154c63cc3036a8521d3952819e45f51fca9fea"
 		score = 75
 		quality = 85
@@ -346234,8 +346822,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_DNS2 : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DamonMohammadbagher/NativePayload_DNS2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L391-L404"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L391-L404"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "765e6117f69fb58e5e71544badc8135b2ec641a74cc0489a7c79308ca2837bd7"
 		score = 75
 		quality = 85
@@ -346258,8 +346846,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Aggressiveproxy : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/EncodeGroup/AggressiveProxy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L406-L419"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L406-L419"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "702b0cc858cb1687962ac403a730e5f778bf51fc91627c50103e4299f4a3ca5f"
 		score = 75
 		quality = 85
@@ -346282,8 +346870,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Msbuildapicaller : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/rvrsh3ll/MSBuildAPICaller"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L421-L434"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L421-L434"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c1f33c759e6331c562dbf76ce7e34ee82d10070e331d0967143d9d7fad077fc"
 		score = 75
 		quality = 85
@@ -346306,8 +346894,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Graykeylogger : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DarkSecDevelopers/GrayKeylogger"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L436-L449"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L436-L449"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b8e12c5ddf0d50d0b3681594c8bc3410a24dab00035a5959e20d20045dacbbbd"
 		score = 75
 		quality = 85
@@ -346330,8 +346918,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Weevely3 : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/epinna/weevely3"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L451-L464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L451-L464"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c57c6ba5276679a2d32e9b0ebb61059c5bed1ba45f9792ecef3d5c7244f38f24"
 		score = 75
 		quality = 85
@@ -346354,8 +346942,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Fudgec2 : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/Ziconius/FudgeC2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L466-L479"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L466-L479"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "89f3bf4b81a901e813c3021422c362d7e075dec7fd76240be121f677039f1994"
 		score = 75
 		quality = 85
@@ -346378,8 +346966,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_Reverse_Tcp : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DamonMohammadbagher/NativePayload_Reverse_tcp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L481-L494"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L481-L494"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "055ee105cd46e54b4f49dd92975ecc08a6184fa8508585ee528d19de34914758"
 		score = 75
 		quality = 85
@@ -346402,8 +346990,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharphose : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/ustayready/SharpHose"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L496-L509"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L496-L509"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e3af2a156c2451f7ed2fe3e888fdf2ae080298f7eff56801ddc0c612f04902ee"
 		score = 75
 		quality = 85
@@ -346426,8 +347014,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_RAT_Njrat_0_7D_Modded_Source_Code : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/AliBawazeEer/RAT-NjRat-0.7d-modded-source-code"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L511-L524"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L511-L524"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f437195348452242adc8b55d6d517a17764c53188fa2de5cd15848fd23827381"
 		score = 75
 		quality = 85
@@ -346450,8 +347038,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Rdpthief : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/0x09AL/RdpThief"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L526-L539"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L526-L539"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8e472c8265d517e512eada819627d56ff449fae4d80054946e9ea96f74004f05"
 		score = 75
 		quality = 85
@@ -346474,8 +347062,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Runascs : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/antonioCoco/RunasCs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L541-L554"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L541-L554"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9fd22a3e92222134c101693b944a2ad53055f9cfafe99823fd6f412981f5afa3"
 		score = 75
 		quality = 85
@@ -346498,8 +347086,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_IP6DNS : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DamonMohammadbagher/NativePayload_IP6DNS"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L556-L569"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L556-L569"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "509c396b97524335735107644460eebed3146b2bc5f8dedb909c9754b2121f5f"
 		score = 75
 		quality = 85
@@ -346522,8 +347110,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_ARP : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DamonMohammadbagher/NativePayload_ARP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L571-L584"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L571-L584"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e8cecfe09f1cb80eb693eb293dfb8c1bc3885a96dfa045b2391216c5f6f6f983"
 		score = 75
 		quality = 85
@@ -346546,8 +347134,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_C2Bridge : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/cobbr/C2Bridge"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L586-L599"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L586-L599"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d5f6d6e9d475bf2d8a49d7550bf3b718539753f3494b58462094bfc0a37b813a"
 		score = 75
 		quality = 85
@@ -346570,8 +347158,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Infrastructure_Assessment : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/NyaMeeEain/Infrastructure-Assessment"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L601-L614"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L601-L614"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7b2f1481c2880b5b3ee158f2a526ab7fc5e587bbf3847ebe9ddf447742109a78"
 		score = 75
 		quality = 85
@@ -346594,8 +347182,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Shellcodetester : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/tophertimzen/shellcodeTester"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L616-L629"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L616-L629"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3101b62428eba5e36572a190bd3a11f59cf9cca10aec3cfe3000028f1b1f0a3f"
 		score = 50
 		quality = 85
@@ -346618,8 +347206,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Gray_Hat_Csharp_Code : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/brandonprry/gray_hat_csharp_code"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L631-L644"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L631-L644"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4520528cd6b1832c97fa79442f9d448d54bad4e6944984fa6e71f34246259e28"
 		score = 75
 		quality = 85
@@ -346642,8 +347230,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_Reverseshell : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DamonMohammadbagher/NativePayload_ReverseShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L646-L659"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L646-L659"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "79ebde95674d76e58938b06a97cb6c65e6ac0606398fc9c30d90e517bbdd62a8"
 		score = 75
 		quality = 85
@@ -346666,8 +347254,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Dotnetavbypass : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/mandreko/DotNetAVBypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L661-L674"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L661-L674"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "574a5f1bc1873321042e932ddfd53853e8e06dff3b25f2ad41e6b8aaf150a8b2"
 		score = 75
 		quality = 85
@@ -346690,8 +347278,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Hexyrunner : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/bao7uo/HexyRunner"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L676-L689"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L676-L689"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c55be1fe285358378a98fd1027650dd20dd8cd0aad4dc062df7a0d4538c78c3b"
 		score = 75
 		quality = 85
@@ -346714,8 +347302,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpoffensiveshell : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/darkr4y/SharpOffensiveShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L691-L704"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L691-L704"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "36bcae7817eed375e48822a49e6875295ea1037217231a7f9ae88a9b8af95530"
 		score = 75
 		quality = 85
@@ -346738,8 +347326,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Reconness : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/reconness/reconness"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L706-L719"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L706-L719"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9cb7a3522bada1c724999058ec4ddfde09b22166f8fb3ba184dfe6bec276cfc5"
 		score = 75
 		quality = 85
@@ -346762,8 +347350,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Tvasion : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/loadenmb/tvasion"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L721-L734"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L721-L734"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b6262f751cbb85e702d89e7c5b4efdc8eaf3085101cd7685218ab1e8a2599385"
 		score = 75
 		quality = 85
@@ -346786,8 +347374,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Ibombshell : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/Telefonica/ibombshell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L736-L749"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L736-L749"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "30de65328e2e2230eca3a30490e20c2c6d8ac9bdc835ee15d44300a00b801921"
 		score = 75
 		quality = 85
@@ -346810,8 +347398,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Remoteprocessinjection : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/Mr-Un1k0d3r/RemoteProcessInjection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L751-L764"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L751-L764"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "87d803c361462877f5ebba2a70f611c95b8684fe9f9f747ccf9643fc4e97d9df"
 		score = 75
 		quality = 85
@@ -346834,8 +347422,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_CACTUSTORCH : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/mdsecactivebreach/CACTUSTORCH"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L766-L779"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L766-L779"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "51a125a44b5d1e73509bcd29865b26f44a5ee53f6907ee9abffa3eef1bbbdea8"
 		score = 75
 		quality = 85
@@ -346858,8 +347446,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Pandasniper : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/QAX-A-Team/PandaSniper"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L781-L794"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L781-L794"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c5a32f22a429777186d88f3fcfa79ad4d971e86ebd6117df74aae19728c6addd"
 		score = 75
 		quality = 85
@@ -346882,8 +347470,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Xbapappwhitelistbypasspoc : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/jpginc/xbapAppWhitelistBypassPOC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L796-L809"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L796-L809"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c79b70d3a72084dff391ba297518c4fe748d35b794278c4edf2d1faa4bd216e"
 		score = 75
 		quality = 85
@@ -346906,8 +347494,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Stagestrike : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/RedXRanger/StageStrike"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_github_net_redteam_tools_names.yar#L811-L824"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_github_net_redteam_tools_names.yar#L811-L824"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "99abc2fee732f27ea94c8ce244dc1742ed01a7753adedd7e80226d1e1c8dee4a"
 		score = 75
 		quality = 85
@@ -346930,8 +347518,8 @@ rule SIGNATURE_BASE_Gen_Excel_Auto_Open_Evasion : FILE
 		date = "2020-09-24"
 		modified = "2023-12-05"
 		reference = "https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_excel_auto_open_evasion.yar#L1-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_excel_auto_open_evasion.yar#L1-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e23f9f55e10f3f31a2e76a12b174b6741a2fa1f51cf23dbd69cf169d92c56ed5"
 		logic_hash = "d7d81683b9abd7b89d6d6ee4d14ff37359acd353a6bd1d88bc793525c8f203d9"
 		score = 70
@@ -346959,8 +347547,8 @@ rule SIGNATURE_BASE_Invoke_Mimikittenz : FILE
 		date = "2016-07-19"
 		modified = "2023-12-05"
 		reference = "https://github.com/putterpanda/mimikittenz"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mimikittenz.yar#L10-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mimikittenz.yar#L10-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f0410a0290d09d3574854b55ffe578f6f799368e14677b581cd65d18700a8656"
 		score = 90
 		quality = 85
@@ -346987,8 +347575,8 @@ rule SIGNATURE_BASE_KINS_Dropper
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/arPhm3"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_kins_dropper.yar#L1-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_kins_dropper.yar#L1-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cdab93f823e13e0c3104de8e05cb1572f83fb5294f359698092d73fc7983955b"
 		score = 75
 		quality = 85
@@ -347021,8 +347609,8 @@ rule SIGNATURE_BASE_KINS_DLL_Zeus
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/arPhm3"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_kins_dropper.yar#L28-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_kins_dropper.yar#L28-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bd1ebe7976d1f93856b4f8d1d62d8fff68ce6234204da9fbdc233ddbef56864d"
 		score = 75
 		quality = 60
@@ -347052,8 +347640,8 @@ rule SIGNATURE_BASE_EXT_HKTL_Nighthawk_RAT : FILE
 		date = "2022-11-22"
 		modified = "2025-07-01"
 		reference = "https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_nighthawk_c2.yar#L3-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_nighthawk_c2.yar#L3-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "46404445e1fee89b598b0d42888f793dd602533cff2f72524800597af5b61197"
 		score = 75
 		quality = 85
@@ -347084,8 +347672,8 @@ rule SIGNATURE_BASE_HKTL_MAL_Nighthawk_Nov_2022_1 : NIGHTHAWK BEACON FILE
 		date = "2022-11-22"
 		modified = "2025-07-01"
 		reference = "https://web.archive.org/web/20221125224850/https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_nighthawk_c2.yar#L32-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_nighthawk_c2.yar#L32-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8dec7752ee6e1af87129ce7ac09130f94a20807c4f45ceb1fce434358ac727bf"
 		score = 75
 		quality = 85
@@ -347112,8 +347700,8 @@ rule SIGNATURE_BASE_Sysinternals_Tool_Anomaly : FILE
 		date = "2016-12-06"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_sysinternals_anomaly.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_sysinternals_anomaly.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "760795a51965197bd101ffbf0f7c8cfbbb16d2f443d0941de4a75c8f33f4cad0"
 		score = 50
 		quality = 85
@@ -347142,8 +347730,8 @@ rule SIGNATURE_BASE_MAL_CRIME_RAT_WIN_PE_Godrat_Aug25 : GODRAT RAT WINDOWS GH0ST
 		date = "2025-08-23"
 		modified = "2025-09-09"
 		reference = "https://securelist.com/godrat/117119/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_crime_win_pe_godrat_aug25.yar#L4-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_crime_win_pe_godrat_aug25.yar#L4-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "154e800ed1719dbdcb188c00d5822444717c2a89017f2d12b8511eeeda0c2f41"
 		logic_hash = "eda3175277bbf9f6408f5d2dd25d6780552aad4104fe62bb92125c734f9fdd98"
 		score = 75
@@ -347179,8 +347767,8 @@ rule SIGNATURE_BASE_Lokibot_Dropper_Scancopypdf_Feb18 : FILE
 		date = "2018-02-14"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_loki_bot.yar#L11-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_loki_bot.yar#L11-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b9f10a09d91c10731e34dc88f87104693cdc794ddc3c63ee382f976d0a75f30f"
 		score = 75
 		quality = 85
@@ -347207,8 +347795,8 @@ rule SIGNATURE_BASE_Lokibot_Dropper_Packed_R11_Feb18 : FILE
 		date = "2018-02-14"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_loki_bot.yar#L33-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_loki_bot.yar#L33-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9ca39cac8dcbbbe1697ef96bde60c522bb9cc190c208483220aa96bc672f325a"
 		score = 75
 		quality = 85
@@ -347231,8 +347819,8 @@ rule SIGNATURE_BASE_Chafer_Mimikatz_Custom : FILE
 		date = "2018-03-22"
 		modified = "2023-12-05"
 		reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig_chafer_mar18.yar#L11-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig_chafer_mar18.yar#L11-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d3b74be6d221592fb867bd9589f5e4b246a093bd276efa3515d9e948a38eda48"
 		score = 75
 		quality = 85
@@ -347254,8 +347842,8 @@ rule SIGNATURE_BASE_Chafer_Exploit_Copyright_2017 : FILE
 		date = "2018-03-22"
 		modified = "2023-12-05"
 		reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig_chafer_mar18.yar#L25-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig_chafer_mar18.yar#L25-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "53d3e735bc368de152f4f4058617bc2cc5574bc13777f743442ff2bfafe92791"
 		score = 75
 		quality = 85
@@ -347280,8 +347868,8 @@ rule SIGNATURE_BASE_Chafer_Portscanner : FILE
 		date = "2018-03-22"
 		modified = "2023-12-05"
 		reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig_chafer_mar18.yar#L45-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig_chafer_mar18.yar#L45-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6e0475a5c0fc8155359376113f88f3de080968388bd3ea60664a063540688faf"
 		score = 75
 		quality = 85
@@ -347305,8 +347893,8 @@ rule SIGNATURE_BASE_Oilrig_Myrtille : FILE
 		date = "2018-03-22"
 		modified = "2022-12-21"
 		reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig_chafer_mar18.yar#L61-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig_chafer_mar18.yar#L61-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "373115c0a3fbfe93435aca07cbac52c7649a77d8b7d6eda8af5ce4a1a42e53a6"
 		score = 75
 		quality = 85
@@ -347330,8 +347918,8 @@ rule SIGNATURE_BASE_Chafer_Packed_Mimikatz : FILE
 		date = "2018-03-22"
 		modified = "2023-12-05"
 		reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig_chafer_mar18.yar#L78-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig_chafer_mar18.yar#L78-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0cee5270c9b76f1419c6989113dca221c5ba6f027a104d71f61d38cb59af51cd"
 		score = 75
 		quality = 85
@@ -347355,8 +347943,8 @@ rule SIGNATURE_BASE_Oilrig_PS_Cnc : FILE
 		date = "2018-03-22"
 		modified = "2023-12-05"
 		reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig_chafer_mar18.yar#L94-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig_chafer_mar18.yar#L94-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0566f0707021af0d08426eec497292098273d46b020a5f0be6b98835ceeb82bc"
 		score = 75
 		quality = 85
@@ -347379,8 +347967,8 @@ rule SIGNATURE_BASE_Zeus_Panda : FILE
 		date = "2017-08-04"
 		modified = "2023-12-05"
 		reference = "https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_zeus_panda.yar#L11-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_zeus_panda.yar#L11-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "63312763196259204dcee6b6c46ae1a16abeab0afabbce9e2e8413131856b04e"
 		score = 75
 		quality = 85
@@ -347411,8 +347999,8 @@ rule SIGNATURE_BASE_SUSP_Macro_Staroffice : FILE
 		date = "2019-02-06"
 		modified = "2021-05-27"
 		reference = "https://twitter.com/JohnLaTwC/status/1093259873993732096"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_macro_staroffice_suspicious.yar#L1-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_macro_staroffice_suspicious.yar#L1-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "49385335488fa0a598ed48203d9483c5c2f53ae287e003a8cf7d64d56280e62a"
 		score = 60
 		quality = 81
@@ -347452,8 +348040,8 @@ rule SIGNATURE_BASE_MAL_Hogfish_Report_Related_Sample : FILE
 		date = "2018-05-01"
 		modified = "2023-12-05"
 		reference = "https://www.accenture.com/t20180423T055005Z__w__/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt10_redleaves.yar#L13-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt10_redleaves.yar#L13-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bff74f7a72a3e40e828284ed37b2f7ea64d8df52e946372d38e379d9b7b7a445"
 		score = 75
 		quality = 85
@@ -347479,8 +348067,8 @@ rule SIGNATURE_BASE_MAL_Redleaves_Apr18_1 : FILE
 		date = "2018-05-01"
 		modified = "2023-12-05"
 		reference = "https://www.accenture.com/t20180423T055005Z__w__/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt10_redleaves.yar#L33-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt10_redleaves.yar#L33-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e34b95e96de88aef20050b6b9580600365284117918c24f76c884b089fa20623"
 		score = 75
 		quality = 85
@@ -347501,8 +348089,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Implantstrings : FILE
 		date = "2015-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hellsing_kaspersky.yar#L2-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hellsing_kaspersky.yar#L2-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d62dc766a40d1dc7044cc5c9f07a78d36e231b771fafb52442b26514f4c603db"
 		score = 75
 		quality = 85
@@ -347539,8 +348127,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Installer : FILE
 		date = "2015-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hellsing_kaspersky.yar#L31-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hellsing_kaspersky.yar#L31-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "556898e9507835d93e2cf7e21e997b6e64dc154ac675b429f5f8226bf929309c"
 		score = 75
 		quality = 85
@@ -347574,8 +348162,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Proxytool : FILE
 		date = "2015-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hellsing_kaspersky.yar#L56-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hellsing_kaspersky.yar#L56-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8f2656e7b4e6fb5336fb4e39bcec3e99531db532f757b65e3aa12cd2a4334840"
 		score = 50
 		quality = 85
@@ -347603,8 +348191,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Xkat : FILE
 		date = "2015-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hellsing_kaspersky.yar#L76-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hellsing_kaspersky.yar#L76-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ba74ca11c96e59a04f1cb57b4866df7a581ad94ca81230f2ca5068c8808297aa"
 		score = 75
 		quality = 85
@@ -347638,8 +348226,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Msgertype2 : FILE
 		date = "2015-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hellsing_kaspersky.yar#L99-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hellsing_kaspersky.yar#L99-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "232e4dfd8d236da223240d9a4ec3f8bfa635d51d7376ff19dfa5579af31fc47f"
 		score = 75
 		quality = 85
@@ -347667,8 +348255,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Irene : FILE
 		date = "2015-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hellsing_kaspersky.yar#L119-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hellsing_kaspersky.yar#L119-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e7da04083468dba7045b55181642d7cd57d543fbeda24685ba2ac63799740798"
 		score = 75
 		quality = 85
@@ -347696,8 +348284,8 @@ rule SIGNATURE_BASE_Ransom_Lockergoga_Mar19_1 : FILE
 		date = "2019-03-19"
 		modified = "2023-12-05"
 		reference = "https://www.nrk.no/norge/skreddersydd-dobbeltangrep-mot-hydro-1.14480202"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_lockergoga.yar#L2-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_lockergoga.yar#L2-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "076d799113f5bf6c00aa29895cca83ff86e89706cf15ca6971a991d345d0ad65"
 		score = 75
 		quality = 85
@@ -347731,8 +348319,8 @@ rule SIGNATURE_BASE_Emdivi_SFX : FILE
 		date = "2015-08-20"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bluetermite_emdivi.yar#L9-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bluetermite_emdivi.yar#L9-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3257983c64c52f36b04e3fe7b12180a37531338349137d4df00fc6f704557b2e"
 		score = 70
 		quality = 85
@@ -347759,8 +348347,8 @@ rule SIGNATURE_BASE_Emdivi_Gen1 : FILE
 		date = "2015-08-20"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bluetermite_emdivi.yar#L32-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bluetermite_emdivi.yar#L32-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e1895926f6327bf301b8618f9162cacb30ad96f181f197559d399675e2cd93c6"
 		score = 80
 		quality = 85
@@ -347796,8 +348384,8 @@ rule SIGNATURE_BASE_Emdivi_Gen2 : FILE
 		date = "2015-08-20"
 		modified = "2023-01-27"
 		reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bluetermite_emdivi.yar#L62-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bluetermite_emdivi.yar#L62-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c40306d646c5bf8c3aff1bc697b81997b4d635ccf237775e2bea96b89f7fa001"
 		score = 80
 		quality = 85
@@ -347828,8 +348416,8 @@ rule SIGNATURE_BASE_MAL_Emdivi_Gen3 : FILE
 		date = "2015-08-20"
 		modified = "2023-01-06"
 		reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bluetermite_emdivi.yar#L87-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bluetermite_emdivi.yar#L87-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ff89a0855481d723f23e0c00f6b6eaf912e6df3a7e9ebe4ff1e6ccf2b02f0888"
 		score = 80
 		quality = 85
@@ -347859,8 +348447,8 @@ rule SIGNATURE_BASE_Emdivi_Gen4 : FILE
 		date = "2015-08-20"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bluetermite_emdivi.yar#L116-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bluetermite_emdivi.yar#L116-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9c1645023ceefdb849cf4b0e60de8c608bfd5e15d3aac6d16d68a36140a8ebed"
 		score = 80
 		quality = 79
@@ -347896,8 +348484,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Nov21_1 : FILE
 		date = "2021-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_spring4shell.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_spring4shell.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1dac7706421961c71ba6f8d7a223b80e4b77bf206bfb64ee18c7cc894b062a3c"
 		score = 70
 		quality = 85
@@ -347921,8 +348509,8 @@ rule SIGNATURE_BASE_EXPL_POC_Springcore_0Day_Indicators_Mar22_1
 		date = "2022-03-30"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/vxunderground/status/1509170582469943303"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_spring4shell.yar#L19-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_spring4shell.yar#L19-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "39fb62ec7953dae0a88e39e73e3ff286fc19cb8f21f8feb869a1875f6ba70cfb"
 		score = 70
 		quality = 85
@@ -347946,8 +348534,8 @@ rule SIGNATURE_BASE_EXPL_POC_Springcore_0Day_Webshell_Mar22_1 : FILE
 		date = "2022-03-30"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/vxunderground/status/1509170582469943303"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_spring4shell.yar#L36-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_spring4shell.yar#L36-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "17282b66899356a6051f0b47a7a3f02265737283d760f2256e03a2b934bb63b8"
 		score = 70
 		quality = 85
@@ -347970,8 +348558,8 @@ rule SIGNATURE_BASE_Winpayloads_Powershell : FILE
 		date = "2017-07-11"
 		modified = "2023-12-05"
 		reference = "https://github.com/nccgroup/Winpayloads"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_winpayloads.yar#L12-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_winpayloads.yar#L12-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e9e75f7190327f08c5e204977c6714c93951a6db0ddf000c8b37db37131b9def"
 		score = 75
 		quality = 85
@@ -347997,8 +348585,8 @@ rule SIGNATURE_BASE_Winpayloads_Payload : FILE
 		date = "2017-07-11"
 		modified = "2023-12-05"
 		reference = "https://github.com/nccgroup/Winpayloads"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_winpayloads.yar#L30-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_winpayloads.yar#L30-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8a22eeafa320bcf0d41de402223d3ad51d8625ffaa68fe24be864ffcf72a64a2"
 		score = 75
 		quality = 85
@@ -348028,8 +348616,8 @@ rule SIGNATURE_BASE_APT_MAL_DTRACK_Oct19_1 : FILE
 		date = "2019-10-28"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/a_tweeter_user/status/1188811977851887616?s=21"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dtrack.yar#L2-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dtrack.yar#L2-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b99bc8ec4df7185da306365dc2a24a0849ff0d5d92269daaa1efbb20f5e5bf83"
 		score = 75
 		quality = 85
@@ -348077,8 +348665,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_APT : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_poisonivy.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_poisonivy.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b874b76ff7b281c8baa80e4a71fc9be514093c70"
 		logic_hash = "938df757d1f5ee1028d61dbc2ab76a33c788a44f87cb0d84626420e20bfb5fa4"
 		score = 70
@@ -348106,8 +348694,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_APT_2 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_poisonivy.yar#L24-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_poisonivy.yar#L24-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "333f956bf3d5fc9b32183e8939d135bc0fcc5770"
 		logic_hash = "58d62278d776c9f7c3ae0815aa4b248f85c5fc648405b8d1ba2b8eb2847e1e88"
 		score = 70
@@ -348150,8 +348738,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_APT_3 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_poisonivy.yar#L60-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_poisonivy.yar#L60-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "df3e1668ac20edecc12f2c1a873667ea1a6c3d6a"
 		logic_hash = "96f8324dcf85f5baa64178774abf17516a9e023dd6fa38e2bce0fe5159a4f704"
 		score = 70
@@ -348176,8 +348764,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_APT_4 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_poisonivy.yar#L79-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_poisonivy.yar#L79-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "558f0f0b728b6da537e2666fbf32f3c9c7bd4c0c"
 		logic_hash = "7ba10269d31e985dff582ae4103ef1179172ae475e078161864f185380bb5035"
 		score = 70
@@ -348208,8 +348796,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_5 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_poisonivy.yar#L103-L123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_poisonivy.yar#L103-L123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "545e261b3b00d116a1d69201ece8ca78d9704eb2"
 		logic_hash = "3f88b673b80b67a110915285a87ead265ad0176ea414426ba55e780e3aa396fe"
 		score = 70
@@ -348238,8 +348826,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_6 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_poisonivy.yar#L126-L164"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_poisonivy.yar#L126-L164"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0d77fd224b8d2dfd506faf0d3e359bf04172cc2854dc737e05c4bf99d0e1f3f7"
 		score = 70
 		quality = 85
@@ -348282,8 +348870,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_7 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_poisonivy.yar#L166-L185"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_poisonivy.yar#L166-L185"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9480cf544beeeb63ffd07442233eb5c5f0cf03b3"
 		logic_hash = "28db3fb7fa5b5e60ad1d1cc2b6d3d9d30a1948491105439201574ca354eb8bd1"
 		score = 70
@@ -348311,8 +348899,8 @@ rule SIGNATURE_BASE_Poisonivy_RAT_Ssmuidll : FILE
 		date = "2016-04-22"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/WiwtYT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_poisonivy.yar#L196-L230"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_poisonivy.yar#L196-L230"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d048d88cac40f4fe3affee8d9dad35a7347a5459fbdd56b08a77ece4f6c2ac08"
 		score = 75
 		quality = 85
@@ -348341,8 +348929,8 @@ rule SIGNATURE_BASE_Powershell_Isesteroids_Obfuscation
 		date = "2017-06-23"
 		modified = "2025-02-12"
 		reference = "https://twitter.com/danielhbohannon/status/877953970437844993"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_obfuscation.yar#L11-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_obfuscation.yar#L11-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6d9476f679614e34a0d13664baffd15b0bdb896f7eeca2c9de66bdc0d65a2eec"
 		score = 75
 		quality = 85
@@ -348367,8 +348955,8 @@ rule SIGNATURE_BASE_SUSP_Obfuscted_Powershell_Code
 		date = "2018-12-13"
 		modified = "2025-02-12"
 		reference = "https://twitter.com/silv0123/status/1073072691584880640"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_obfuscation.yar#L28-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_obfuscation.yar#L28-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "afd7e4b88c812b23441549565a18fde18c24fe91ec467455002ef338e092ebf9"
 		score = 65
 		quality = 85
@@ -348382,6 +348970,29 @@ rule SIGNATURE_BASE_SUSP_Obfuscted_Powershell_Code
 	condition:
 		#s1> 11 and #s2 > 10 and #s3 > 10
 }
+rule SIGNATURE_BASE_SUSP_Powershell_Caret_Obfuscation_2
+{
+	meta:
+		description = "Detects powershell keyword obfuscated with carets"
+		author = "Florian Roth (Nextron Systems)"
+		id = "976e261a-029c-5703-835f-a235c5657471"
+		date = "2019-07-20"
+		modified = "2025-02-12"
+		reference = "Internal Research"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_obfuscation.yar#L43-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
+		logic_hash = "0aa21df64d61cb299b0f77da8b97e8cfc379622a8092e71657c478519d83fd31"
+		score = 65
+		quality = 31
+		tags = ""
+
+	strings:
+		$r1 = /p[\^]?o[\^]?w[\^]?e[\^]?r[\^]?s[\^]?h[\^]?e[\^]?l\^l/ ascii wide nocase fullword
+		$r2 = /p\^o[\^]?w[\^]?e[\^]?r[\^]?s[\^]?h[\^]?e[\^]?l[\^]?l/ ascii wide nocase fullword
+
+	condition:
+		1 of them
+}
 rule SIGNATURE_BASE_SUSP_OBFUSC_Powershell_True_Jun20_1 : FILE
 {
 	meta:
@@ -348391,8 +349002,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_Powershell_True_Jun20_1 : FILE
 		date = "2020-06-27"
 		modified = "2025-02-12"
 		reference = "https://github.com/corneacristian/mimikatz-bypass/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powershell_obfuscation.yar#L57-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powershell_obfuscation.yar#L57-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8f33762e6e93fcf6b423b34eb1abefae2ae91b51048303947f7c1601823630d7"
 		score = 75
 		quality = 85
@@ -348419,8 +349030,8 @@ rule SIGNATURE_BASE_Fareit_Trojan_Oct15 : FILE
 		date = "2015-10-18"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/5VYtlU"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_fareit.yar#L8-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_fareit.yar#L8-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ef47e81483d5edf67d489a9a35ce56667e293350534e780d7d93b1fbc5f7113a"
 		score = 80
 		quality = 85
@@ -348451,8 +349062,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Darkbit_Feb23_1 : FILE
 		date = "2023-02-13"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/idonaor1/status/1624703255770005506?s=12&t=mxHaauzwR6YOj5Px8cIeIw"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ransom_darkbit_feb23.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ransom_darkbit_feb23.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ba1baea7cb7362160c4b00b0355000a789b238c1ec82b840479c04028e6ca3ab"
 		score = 75
 		quality = 85
@@ -348477,8 +349088,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Darkbit_Feb23_2 : FILE
 		date = "2023-02-13"
 		modified = "2023-12-05"
 		reference = "https://www.hybrid-analysis.com/sample/9107be160f7b639d68fe3670de58ed254d81de6aec9a41ad58d91aa814a247ff?environmentId=160"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ransom_darkbit_feb23.yar#L25-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ransom_darkbit_feb23.yar#L25-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "577435536300902811612a3415e82420574c98345b91b21fb2bfd2bfde396bec"
 		score = 75
 		quality = 85
@@ -348505,8 +349116,8 @@ rule SIGNATURE_BASE_EXPL_LOG_Proxynotshell_OWASSRF_Powershell_Proxy_Log_Dec22_1
 		date = "2022-12-22"
 		modified = "2023-12-05"
 		reference = "https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxynotshell_owassrf_dec22.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxynotshell_owassrf_dec22.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1e8f5a3440f8b4b1850fddbd19f63796ad0f28178c678e9f464b7e4ab5ca944f"
 		score = 70
 		quality = 85
@@ -348532,8 +349143,8 @@ rule SIGNATURE_BASE_EXPL_LOG_Proxynotshell_OWASSRF_Powershell_Proxy_Log_Dec22_2
 		date = "2022-12-22"
 		modified = "2023-12-05"
 		reference = "https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxynotshell_owassrf_dec22.yar#L24-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxynotshell_owassrf_dec22.yar#L24-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "73ce86b7a673719c916666fa06963b774edad5b2cd804994614afd83ea75ecef"
 		score = 60
 		quality = 60
@@ -348559,8 +349170,8 @@ rule SIGNATURE_BASE_EXPL_LOG_Proxynotshell_OWASSRF_Powershell_Proxy_Log_Dec22_3
 		date = "2022-12-22"
 		modified = "2023-12-05"
 		reference = "https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxynotshell_owassrf_dec22.yar#L47-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxynotshell_owassrf_dec22.yar#L47-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "607d3743a46e0c5000b9c7847dd89f5d7ccf29f4f1af9bce6870d7738f071f5c"
 		score = 60
 		quality = 85
@@ -348586,8 +349197,8 @@ rule SIGNATURE_BASE_EXPL_LOG_Proxynotshell_Powershell_Proxy_Log_Dec22_1 : CVE_20
 		date = "2022-12-22"
 		modified = "2023-01-26"
 		reference = "https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_proxynotshell_owassrf_dec22.yar#L68-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_proxynotshell_owassrf_dec22.yar#L68-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f2aac61bc17f74901ec8d638d5cfaaa45bbd2a4e40e5d915bf2a946daed411d2"
 		score = 70
 		quality = 85
@@ -348611,8 +349222,8 @@ rule SIGNATURE_BASE_PS_AMSI_Bypass : FILE
 		date = "2017-07-19"
 		modified = "2023-12-05"
 		reference = "https://gist.github.com/mattifestation/46d6a2ebb4a1f4f0e7229503dc012ef1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_scripts.yar#L4-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_scripts.yar#L4-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "87188c6cbb7d89c25faafb297a7c0e52321c661c84cdefd5604785c687190fcd"
 		score = 65
 		quality = 85
@@ -348634,8 +349245,8 @@ rule SIGNATURE_BASE_JS_Suspicious_Obfuscation_Dropbox
 		date = "2017-07-19"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ItsReallyNick/status/887705105239343104"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_scripts.yar#L19-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_scripts.yar#L19-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "19d1dd25c4a5e18dca131709a64c3537278754ec9d67b0bb49bde9b1493d3dc7"
 		score = 70
 		quality = 85
@@ -348658,8 +349269,8 @@ rule SIGNATURE_BASE_JS_Suspicious_MSHTA_Bypass
 		date = "2017-07-19"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ItsReallyNick/status/887705105239343104"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_scripts.yar#L35-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_scripts.yar#L35-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "df68cac0da19c5705353f26fc3f2a99556b7230f9d4f52e7a2e35cb48997b699"
 		score = 70
 		quality = 85
@@ -348683,8 +349294,8 @@ rule SIGNATURE_BASE_Javascript_Run_Suspicious
 		date = "2017-08-23"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/craiu/status/900314063560998912"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_scripts.yar#L52-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_scripts.yar#L52-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "39d2292d3749c63780dc7ca7a2414ba02e2b0e1edec7ec6a16b42aba2c44c23a"
 		score = 60
 		quality = 85
@@ -348707,8 +349318,8 @@ rule SIGNATURE_BASE_Certutil_Decode_OR_Download : FILE
 		date = "2017-08-29"
 		modified = "2023-10-19"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_scripts.yar#L70-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_scripts.yar#L70-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5640dcfedc028cc40b0376d328758b504eb1ff860da94648b435eadb760d9724"
 		score = 40
 		quality = 85
@@ -348736,8 +349347,8 @@ rule SIGNATURE_BASE_Suspicious_JS_Script_Content : FILE
 		date = "2017-12-02"
 		modified = "2023-12-05"
 		reference = "Research on Leviathan https://goo.gl/MZ7dRg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_scripts.yar#L95-L112"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_scripts.yar#L95-L112"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1dbc1a266d710a70a77c81d5b872d0d324423250a9f34455faef53ac4c41b5f2"
 		score = 70
 		quality = 85
@@ -348763,8 +349374,8 @@ rule SIGNATURE_BASE_Universal_Exploit_Strings : FILE
 		date = "2017-12-02"
 		modified = "2023-12-05"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_scripts.yar#L114-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_scripts.yar#L114-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6436a1cf6d0acc3162ec99c95ef20b3e6dd110c77d5a0b26ac790551316c0a69"
 		score = 50
 		quality = 85
@@ -348790,8 +349401,8 @@ rule SIGNATURE_BASE_VBS_Obfuscated_Mal_Feb18_1 : FILE
 		date = "2018-02-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/zPsn83"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_scripts.yar#L133-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_scripts.yar#L133-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0bbd388a3103744df2434956c2b7ac12dacd72f9041b4cc014d31eec4115aedd"
 		score = 75
 		quality = 85
@@ -348822,8 +349433,8 @@ rule SIGNATURE_BASE_APT_UTA028_Forensicartefacts_Paloalto_CVE_2024_3400_Apr24_1
 		date = "2024-04-15"
 		modified = "2024-04-18"
 		reference = "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L2-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L2-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1261eecca520daa0619859a45d2289d2c23c73be55e1a3849d2032a38e137f4d"
 		score = 70
 		quality = 85
@@ -348851,8 +349462,8 @@ rule SIGNATURE_BASE_EXPL_Paloalto_CVE_2024_3400_Apr24_1 : CVE_2024_3400
 		date = "2024-04-15"
 		modified = "2025-03-21"
 		reference = "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L27-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L27-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9ebc94a07b189a2d2dd252b5079fa494162739678fd2ca742e6877189a140da9"
 		score = 70
 		quality = 85
@@ -348877,8 +349488,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Base64_Download_Exec_Apr24 : SCRIPT
 		date = "2024-04-18"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L48-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L48-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "90b7781812b4078550b0d66ba020b3bb0a8217f2de03492af98db6c619f31929"
 		score = 75
 		quality = 85
@@ -348902,8 +349513,8 @@ rule SIGNATURE_BASE_SUSP_PY_Import_Statement_Apr24_1
 		date = "2024-04-15"
 		modified = "2025-03-21"
 		reference = "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L67-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L67-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d5c199d9c3e449ca282f0ca91c94ac783709299b3489f7cec38177a2f843b504"
 		score = 65
 		quality = 85
@@ -348924,8 +349535,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Base64_Exec_Apr24 : SCRIPT CVE_2024_3400 FILE
 		date = "2024-04-18"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L81-L105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L81-L105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e96fb7c8faac12c1f0210689f2b3a7903b42a543b97ddff11298e5ae13cae80b"
 		score = 75
 		quality = 85
@@ -348951,8 +349562,8 @@ rule SIGNATURE_BASE_EXT_EXPL_ZTH_LNK_EXPLOIT_A : FILE
 		date = "2025-03-18"
 		modified = "2025-03-29"
 		reference = "https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_lnk_zdi_can_25373.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_lnk_zdi_can_25373.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b2c6a7f0abd62d3eef916352f984d1fcc721cfba4f5de9d159de8fd428c02b31"
 		score = 75
 		quality = 85
@@ -348980,8 +349591,8 @@ rule SIGNATURE_BASE_Coinminer_Strings : SCRIPT HIGHVOL FILE
 		date = "2018-01-04"
 		modified = "2021-10-26"
 		reference = "https://minergate.com/faq/what-pool-address"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/pua_cryptocoin_miner.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/pua_cryptocoin_miner.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2d63bf90560c83ab6c09e0c82b6a6449bca6e7e7d0945d3782c2fa9a726b2ca1"
 		score = 60
 		quality = 85
@@ -349005,8 +349616,8 @@ rule SIGNATURE_BASE_Coinhive_Javascript_Monerominer : HIGHVOL FILE
 		date = "2018-01-04"
 		modified = "2023-12-05"
 		reference = "https://coinhive.com/documentation/miner"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/pua_cryptocoin_miner.yar#L20-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/pua_cryptocoin_miner.yar#L20-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4146b034a9785f1bb7c60db62db0e478d960f2ac9adb7c5b74b365186578ca47"
 		score = 50
 		quality = 85
@@ -349028,8 +349639,8 @@ rule SIGNATURE_BASE_PUA_Cryptominer_Jan19_1 : FILE
 		date = "2019-01-31"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/pua_cryptocoin_miner.yar#L35-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/pua_cryptocoin_miner.yar#L35-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7097d404e0317230a5f60fc66fbcb2a2a5315f8fd348a7e689aaf75c26684f9e"
 		score = 80
 		quality = 85
@@ -349055,8 +349666,8 @@ rule SIGNATURE_BASE_PUA_Crypto_Mining_Commandline_Indicators_Oct21 : SCRIPT FILE
 		date = "2021-10-24"
 		modified = "2023-12-05"
 		reference = "https://www.poolwatch.io/coin/monero"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/pua_cryptocoin_miner.yar#L54-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/pua_cryptocoin_miner.yar#L54-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7ae1a77d8ff02ec539ce2b8be668530c3f509f0c408dfa7f2b749b0a4d6f45b7"
 		score = 65
 		quality = 85
@@ -349091,8 +349702,8 @@ rule SIGNATURE_BASE_Dexter_Malware
 		date = "2015-02-10"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/oBvy8b"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_dexter_trojan.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_dexter_trojan.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3b05bccce63c1f7e8d6d3f654b611f33da5fc1dbcbd28ff28f817d00bf961e64"
 		score = 70
 		quality = 60
@@ -349117,8 +349728,8 @@ rule SIGNATURE_BASE_Furtim_Nativedll : FILE
 		date = "2016-06-13"
 		modified = "2023-12-05"
 		reference = "MISP 3971"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_furtim.yar#L8-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_furtim.yar#L8-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f9673cdd1e8e38f98b9625291a03011d5cfce78c689eab491ff189c4e039e1ef"
 		score = 75
 		quality = 85
@@ -349144,8 +349755,8 @@ rule SIGNATURE_BASE_Furtim_Parent_1 : FILE
 		date = "2016-07-16"
 		modified = "2023-12-05"
 		reference = "https://sentinelone.com/blogs/sfg-furtims-parent/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_furtim.yar#L34-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_furtim.yar#L34-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ab4c7ca5c887b2a2f2949a5a6fd0d623dad47d9c1f866fb43f7f8ec38dfa6a02"
 		score = 75
 		quality = 85
@@ -349173,8 +349784,8 @@ rule SIGNATURE_BASE_MAL_Crime_Win32_Rat_Parallax_Shell_Bin : FILE
 		date = "2020-05-05"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1257714191902937088"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_rat_parallax.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_rat_parallax.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6b8c71cc19ca6f066d27a4e58d9ec347ac51d245308f2c41adf2386242581610"
 		score = 75
 		quality = 85
@@ -349198,8 +349809,8 @@ rule SIGNATURE_BASE_Badrabbit_Gen : FILE
 		date = "2017-10-25"
 		modified = "2023-12-05"
 		reference = "https://pastebin.com/Y7pJv3tK"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_badrabbit.yar#L11-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_badrabbit.yar#L11-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "21c63a02d0284ce759b087f4869c4ed8e6b50c37ffeb724538567e28aeae16ac"
 		score = 75
 		quality = 85
@@ -349237,8 +349848,8 @@ rule SIGNATURE_BASE_Badrabbit_Mimikatz_Comp : FILE
 		date = "2017-10-25"
 		modified = "2023-12-05"
 		reference = "https://pastebin.com/Y7pJv3tK"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_badrabbit.yar#L42-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_badrabbit.yar#L42-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9d12d9331686a54e8d32f94761e4889710bbd2432d4cb2e4e7e3f21ef6aa082a"
 		score = 75
 		quality = 85
@@ -349264,8 +349875,8 @@ rule SIGNATURE_BASE_Brooxml_Hunting : HUNTING FILE
 		date = "2024-11-27"
 		modified = "2025-06-02"
 		reference = "https://x.com/threatinsight/status/1861817946508763480"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_brooxml_dec24.yar#L2-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_brooxml_dec24.yar#L2-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8a8d934fe9286c9d1c83a2a0676bb8a5f2501116b96cca32dc27136ecfb9325b"
 		score = 70
 		quality = 85
@@ -349294,8 +349905,8 @@ rule SIGNATURE_BASE_Brooxml_Phishing : PHISHING FILE
 		date = "2024-11-27"
 		modified = "2025-06-02"
 		reference = "https://x.com/threatinsight/status/1861817946508763480"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_brooxml_dec24.yar#L41-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_brooxml_dec24.yar#L41-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "884e0b65c6c8b916ca9bc28705134ae02d1705c13cf43bff78f0c9ada894b307"
 		score = 65
 		quality = 85
@@ -349317,8 +349928,8 @@ rule SIGNATURE_BASE_SUSP_ZIP_LNK_Phishattachment_Pattern_Jun22_1 : FILE
 		date = "2022-06-23"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_phish_attachments.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_phish_attachments.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2ff398379e3d8112991eeacd99bf9d3bafbf3e9266f012d2539d6b2661d5969e"
 		score = 65
 		quality = 85
@@ -349344,8 +349955,8 @@ rule SIGNATURE_BASE_SUSP_ZIP_ISO_Phishattachment_Pattern_Jun22_1 : FILE
 		date = "2022-06-23"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_phish_attachments.yar#L23-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_phish_attachments.yar#L23-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "21de56d6209050b429c0cce82fd334d1b38a2a3727db5ead06f36fa9d503e193"
 		score = 65
 		quality = 85
@@ -349371,8 +349982,8 @@ rule SIGNATURE_BASE_SUSP_Archive_Phishing_Attachment_Characteristics_Jun22_1 : F
 		date = "2022-06-29"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/0xtoxin/status/1540524891623014400?s=12&t=IQ0OgChk8tAIdTHaPxh0Vg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_phish_attachments.yar#L43-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_phish_attachments.yar#L43-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "647044fa3b5cf6f0e9e738fa7b7d24f8918b7a7fb359342e1314d97b50debf87"
 		score = 65
 		quality = 60
@@ -349478,8 +350089,8 @@ rule SIGNATURE_BASE_Apt3_Bemstour_Strings : FILE
 		date = "2019-06-25"
 		modified = "2023-12-04"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt3_bemstour.yar#L1-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt3_bemstour.yar#L1-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0b28433a2b7993da65e95a45c2adf7bc37edbd2a8db717b85666d6c88140698a"
 		logic_hash = "8aa7491b1dc3595f67ae1229d33f79261616b0f27485b7a27705db63a6111c07"
 		score = 75
@@ -349546,8 +350157,8 @@ rule SIGNATURE_BASE_Apt3_Bemstour_Implant_Byte_Patch
 		date = "2019-06-25"
 		modified = "2023-12-04"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt3_bemstour.yar#L69-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt3_bemstour.yar#L69-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0b28433a2b7993da65e95a45c2adf7bc37edbd2a8db717b85666d6c88140698a"
 		logic_hash = "08de2c885ccb24cb247efdcc06bbcbea144d652744b2d38aaa2aabfd341e4f91"
 		score = 75
@@ -349578,8 +350189,8 @@ rule SIGNATURE_BASE_Apt3_Bemstour_Implant_Command_Stack_Variable
 		date = "2019-06-25"
 		modified = "2023-12-04"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt3_bemstour.yar#L107-L275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt3_bemstour.yar#L107-L275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0b28433a2b7993da65e95a45c2adf7bc37edbd2a8db717b85666d6c88140698a"
 		logic_hash = "36710db313a52db2a0c0af356e701d3a36e5597203e87fd7f8586d202738be33"
 		score = 75
@@ -349671,8 +350282,8 @@ rule SIGNATURE_BASE_APT_CN_MAL_Reddelta_Shellcode_Loader_Oct20_1 : FILE
 		date = "2020-10-14"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/JAMESWT_MHT/status/1316387482708119556"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_reddelta.yar#L2-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_reddelta.yar#L2-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1f2406563b863b8ccd0fd8d8d33c576c4b82dabb55a1e4fa8291859323389834"
 		score = 75
 		quality = 85
@@ -349705,8 +350316,8 @@ rule SIGNATURE_BASE_APT_CN_MAL_Reddelta_Shellcode_Loader_Oct20_2 : FILE
 		date = "2020-10-14"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/JAMESWT_MHT/status/1316387482708119556"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_reddelta.yar#L31-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_reddelta.yar#L31-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "179265c0b2175bc3d2d581a69e50e9b8b9cc918a6fdc7bcef42fb163c49b077a"
 		score = 75
 		quality = 85
@@ -349738,8 +350349,8 @@ rule SIGNATURE_BASE_APT_CN_MAL_Reddelta_Shellcode_Loader_Oct20_3 : FILE
 		date = "2020-10-14"
 		modified = "2022-12-21"
 		reference = "https://twitter.com/JAMESWT_MHT/status/1316387482708119556"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_reddelta.yar#L59-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_reddelta.yar#L59-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "64402f6265f23abf7d6a711aa888c89386c1a754f12286b0efe5fd5d81f15b01"
 		score = 75
 		quality = 85
@@ -349765,8 +350376,8 @@ rule SIGNATURE_BASE_MAL_ELF_Vpnfilter_1 : FILE
 		date = "2018-05-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_vpnfilter.yar#L11-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_vpnfilter.yar#L11-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aff7b1f3d4afaf883c2702287ef7d6e13e01e80222ba336978d13deb21a93614"
 		score = 75
 		quality = 85
@@ -349796,8 +350407,8 @@ rule SIGNATURE_BASE_MAL_ELF_Vpnfilter_2 : FILE
 		date = "2018-05-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_vpnfilter.yar#L33-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_vpnfilter.yar#L33-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "238ec4575fd8adbfa592e07b601313c71a08be8c776e78469aef8ad02e411798"
 		score = 75
 		quality = 85
@@ -349822,8 +350433,8 @@ rule SIGNATURE_BASE_MAL_ELF_Vpnfilter_3 : FILE
 		date = "2018-05-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_vpnfilter.yar#L50-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_vpnfilter.yar#L50-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "71152b57f2d6040608febf32441e1899fdf2479335c26c1143ea58759e6d9094"
 		score = 75
 		quality = 85
@@ -349859,8 +350470,8 @@ rule SIGNATURE_BASE_SUSP_ELF_Tor_Client : FILE
 		date = "2018-05-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_vpnfilter.yar#L80-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_vpnfilter.yar#L80-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2b67b32c5b8441c9b38e3bfeefa7f59c2767e29985adcba7d52e858847d37e47"
 		score = 65
 		quality = 85
@@ -349885,8 +350496,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_JS_Envyscout_May21_1 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_may21.yar#L56-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_may21.yar#L56-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ad8a7bb5a1d2065e3a573842fb37ee3c63b7695c18840f0c26d32e6ae3d99c6c"
 		score = 75
 		quality = 85
@@ -349907,8 +350518,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_JS_Envyscout_May21_2 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_may21.yar#L69-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_may21.yar#L69-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6f5c50b340d628559799897a2ba79add7d126e3ecb2daeb365bc15d64796ccd2"
 		score = 75
 		quality = 85
@@ -349932,8 +350543,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_LNK_NV_Link_May21_2 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_may21.yar#L85-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_may21.yar#L85-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5eee9df368da3fc98c00a0f8c65a7f3bd5b812342082be58054b272b5bb03455"
 		score = 75
 		quality = 85
@@ -349955,8 +350566,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_LNK_Samples_May21_1 : FILE
 		date = "2021-05-27"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_may21.yar#L99-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_may21.yar#L99-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "32d76bb1af76f0fc2afb76d9726bc8ec99c4be34c9d46cebab7356d8c68af11c"
 		score = 85
 		quality = 85
@@ -349987,8 +350598,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_May21_1 : FILE
 		date = "2021-05-27"
 		modified = "2025-03-20"
 		reference = "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_may21.yar#L130-L161"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_may21.yar#L130-L161"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8199f309478e8ed3f03f75e7574a3e9bce09b4423bd7eb08bb5bff03af2b7c27"
 		logic_hash = "034ea34eb34ea6de0c65b9a7fc9d16f108ef34cd75294b022371ac17789c3830"
 		score = 85
@@ -350018,8 +350629,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_PDF_Masq_May21_1 : FILE
 		date = "2021-05-27"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_may21.yar#L163-L182"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_may21.yar#L163-L182"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8f1514648b2b797adfe3f8f5acb577c26707dfe1da942c9634be3d88a180a407"
 		score = 70
 		quality = 35
@@ -350044,8 +350655,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Nativezone_Loader_May21_1 : FILE
 		date = "2021-05-27"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_may21.yar#L184-L204"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_may21.yar#L184-L204"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a02fd6fcd7423781bbd2e4458bd61d28e16a5b1a73b1682e63db5c86d53c7da4"
 		score = 85
 		quality = 85
@@ -350072,8 +350683,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_May21_2 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_may21.yar#L206-L234"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_may21.yar#L206-L234"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2a3829e704af2464639d07e8e7952669281e20cf2a7ac487d5d1eee021d08b35"
 		score = 75
 		quality = 85
@@ -350106,8 +350717,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_2 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_may21.yar#L236-L252"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_may21.yar#L236-L252"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "18a52f5fd71455b8564d4b485c233dd358a304bfddc5e6fb604b8e5a2a1949a3"
 		score = 75
 		quality = 85
@@ -350132,8 +350743,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Stageless_Loader_May21_2 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_may21.yar#L254-L276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_may21.yar#L254-L276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "850f6a1ad342fd5e4bb29c7bf90a032ddd8ac9d2eac5ffcbedf43e4d04b178f5"
 		score = 75
 		quality = 85
@@ -350161,8 +350772,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_3 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_may21.yar#L278-L300"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_may21.yar#L278-L300"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "472acd1d6daf3480de59ecd3fa038d644e339dcc979cf7e56617eadc6cb32dc5"
 		score = 75
 		quality = 85
@@ -350191,8 +350802,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_4 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt29_nobelium_may21.yar#L302-L323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt29_nobelium_may21.yar#L302-L323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7d5858cc6dab094d5dceab75a2002d9145537008241a08ac7bd399c9d6e6c270"
 		score = 75
 		quality = 85
@@ -350219,8 +350830,8 @@ rule SIGNATURE_BASE_APT_UNC2447_MAL_SOMBRAT_May21_1 : FILE
 		date = "2021-05-01"
 		modified = "2023-01-07"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unc2447_sombrat.yar#L2-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unc2447_sombrat.yar#L2-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6f2572745cbd68c5f2be5c64b160d2513938daba6da57523012491acc63cfee4"
 		score = 75
 		quality = 85
@@ -350256,8 +350867,8 @@ rule SIGNATURE_BASE_APT_UNC2447_MAL_RANSOM_Hellokitty_May21_1 : FILE
 		date = "2021-05-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unc2447_sombrat.yar#L38-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unc2447_sombrat.yar#L38-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "acc0ab5502d53c6e22c8650c29c5459a6106f33c398e4efcd963f54971a0c870"
 		score = 75
 		quality = 85
@@ -350297,8 +350908,8 @@ rule SIGNATURE_BASE_APT_UNC2447_MAL_RANSOM_Hellokitty_May21_2 : FILE
 		date = "2021-05-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unc2447_sombrat.yar#L74-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unc2447_sombrat.yar#L74-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1eee3a00ab3f70425d2b6bf5dc507155bf504b851ddb6515602d83d8b6a254b8"
 		score = 75
 		quality = 85
@@ -350329,8 +350940,8 @@ rule SIGNATURE_BASE_APT_UNC2447_PS1_WARPRISM_May21_1 : FILE
 		date = "2021-05-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unc2447_sombrat.yar#L101-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unc2447_sombrat.yar#L101-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "09abac2be0f12d31dabfdae9e8a148a28887a2a5df003c7bcb56ba45f1c6a62c"
 		score = 75
 		quality = 85
@@ -350357,8 +350968,8 @@ rule SIGNATURE_BASE_APT_UNC2447_BAT_Runner_May21_1 : FILE
 		date = "2021-05-01"
 		modified = "2023-01-07"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unc2447_sombrat.yar#L121-L135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unc2447_sombrat.yar#L121-L135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f9872327f648e4421aa40ca3ce55df5d3eb5e8c5bc718ff62a3d4adac79217eb"
 		score = 75
 		quality = 85
@@ -350381,8 +350992,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Sindoor_ELF_Obfuscation_Aug25 : FILE
 		date = "2025-08-29"
 		modified = "2025-09-02"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt36_operation_sindoor.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt36_operation_sindoor.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6879a2b730e391964afe4dbbc29667844ba0c29239be5503b7c86e59e7052443"
 		logic_hash = "c1258c1f6d4b49104bedf3fbef932f1775ede7d32191df2e5479ca9b291add9e"
 		score = 70
@@ -350404,8 +351015,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Sindoor_Desktopfile_Aug25 : FILE
 		date = "2025-08-29"
 		modified = "2025-09-02"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt36_operation_sindoor.yar#L18-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt36_operation_sindoor.yar#L18-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9943bdf1b2a37434054b14a1a56a8e67aaa6a8b733ca785017d3ed8c1173ac59"
 		logic_hash = "1549aac3132c5f3e73d984c3404a5530507e967df4ab6d5ccd408abc874a5306"
 		score = 70
@@ -350429,8 +351040,8 @@ rule SIGNATURE_BASE_MAL_Sindoor_Decryptor_Aug25 : FILE
 		date = "2025-08-29"
 		modified = "2025-09-02"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt36_operation_sindoor.yar#L36-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt36_operation_sindoor.yar#L36-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9a1adb50bb08f5a28160802c8f315749b15c9009f25aa6718c7752471db3bb4b"
 		logic_hash = "4172fd9aee39a1a0681483f6dada6394debc62149a588ab4807e3016a823bed3"
 		score = 80
@@ -350456,8 +351067,8 @@ rule SIGNATURE_BASE_MAL_Sindoor_Downloader_Aug25 : FILE
 		date = "2025-08-29"
 		modified = "2025-09-02"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt36_operation_sindoor.yar#L62-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt36_operation_sindoor.yar#L62-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "38b6b93a536cbab5c289fe542656d8817d7c1217ad75c7f367b15c65d96a21d4"
 		logic_hash = "c55be65cd077cb04b625636dffcb02af74efa06bb49da734c8616da233a34d1a"
 		score = 80
@@ -350483,8 +351094,8 @@ rule SIGNATURE_BASE_LNK_Malicious_Nov1 : FILE
 		date = "2017-11-06"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/en/file/ee069edc46a18698fa99b6d2204895e6a516af1a306ea986a798b178f289ecd6/analysis/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_link.yar#L2-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_link.yar#L2-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a1aa29497a0e4741807e3d74d54be69061aed21524c5f901615bd21e2ef13c67"
 		score = 60
 		quality = 81
@@ -350514,8 +351125,8 @@ rule SIGNATURE_BASE_Teledoor_Backdoor : FILE
 		date = "2017-07-05"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/CpfJQQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_teledoor.yar#L11-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_teledoor.yar#L11-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "785360fa19a61a547309fc7a8968c94d4887be001c6a66b41c7adb9dcd13cb82"
 		score = 75
 		quality = 85
@@ -350542,8 +351153,8 @@ rule SIGNATURE_BASE_M_APT_VIRTUALPITA_1 : FILE
 		date = "2023-11-25"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unc3886_virtualpita.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unc3886_virtualpita.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fe34b7c071d96dac498b72a4a07cb246"
 		logic_hash = "7641f964cc4a7671a9a3438aad1c653ef3fda3887313846cbe838b275a098190"
 		score = 60
@@ -350565,8 +351176,8 @@ rule SIGNATURE_BASE_M_APT_VIRTUALPITA_2 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unc3886_virtualpita.yar#L17-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unc3886_virtualpita.yar#L17-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fe34b7c071d96dac498b72a4a07cb246"
 		logic_hash = "56a3e1b13f0955a780f882e62003f721e409a1fdf61120dd295941605dbf21a4"
 		score = 75
@@ -350588,8 +351199,8 @@ rule SIGNATURE_BASE_M_APT_VIRTUALPITA_3 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unc3886_virtualpita.yar#L30-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unc3886_virtualpita.yar#L30-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fe34b7c071d96dac498b72a4a07cb246"
 		logic_hash = "6f44d516b3cbe54542ae0991aad49274fc4728570e9498b319fc98840ceb7d7d"
 		score = 75
@@ -350611,8 +351222,8 @@ rule SIGNATURE_BASE_M_APT_VIRTUALPITA_4 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unc3886_virtualpita.yar#L43-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unc3886_virtualpita.yar#L43-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fe34b7c071d96dac498b72a4a07cb246"
 		logic_hash = "aaf2ff682c619d2a254fe069d477654a161658db6315239f1b956141b6a72c01"
 		score = 75
@@ -350634,12 +351245,12 @@ rule SIGNATURE_BASE_M_Hunting_Python_Backdoor_Commandparser_1 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unc3886_virtualpita.yar#L57-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unc3886_virtualpita.yar#L57-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "61ab3f6401d60ec36cd3ac980a8deb75"
 		logic_hash = "eefc255079e914ac81d53baf4ae159052bfda4c670e8300306c0899b3ad00a48"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -350662,8 +351273,8 @@ rule SIGNATURE_BASE_LOG_F5_BIGIP_Exploitation_Artefacts_CVE_2021_22986_Mar21_1 :
 		date = "2021-03-20"
 		modified = "2023-12-05"
 		reference = "https://research.nccgroup.com/2021/03/18/rift-detection-capabilities-for-recent-f5-big-ip-big-iq-icontrol-rest-api-vulnerabilities-cve-2021-22986/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_f5_bigip_cve_2021_22986_log.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_f5_bigip_cve_2021_22986_log.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "748bb429d4a086e2890773558ea502ef06f507aed5f0f70470e2cd97a3fd5007"
 		score = 80
 		quality = 85
@@ -350685,8 +351296,8 @@ rule SIGNATURE_BASE_Casper_Backdoor_X86 : FILE
 		date = "2015-03-05"
 		modified = "2023-01-27"
 		reference = "http://goo.gl/VRJNLo"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_casper.yar#L4-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_casper.yar#L4-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f4c39eddef1c7d99283c7303c1835e99d8e498b0"
 		logic_hash = "027457a3d86c0a7924fd6eb09c4a753cc846ba45f0b04257d9eec396bbc27f75"
 		score = 80
@@ -350721,8 +351332,8 @@ rule SIGNATURE_BASE_Casper_EXE_Dropper
 		date = "2015-03-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/VRJNLo"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_casper.yar#L37-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_casper.yar#L37-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e4cc35792a48123e71a2c7b6aa904006343a157a"
 		logic_hash = "8ffba5598078fdadf2d9e8ee7fe0fef8b3b89517490a379d46cab33cd0036d6e"
 		score = 80
@@ -350752,8 +351363,8 @@ rule SIGNATURE_BASE_Casper_Included_Strings : FILE
 		date = "2015-03-06"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/VRJNLo"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_casper.yar#L60-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_casper.yar#L60-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8796f45e459747db6bc08f362db7b152242f9f5bda3b72ddfc739cc9dcdfc55f"
 		score = 50
 		quality = 85
@@ -350783,8 +351394,8 @@ rule SIGNATURE_BASE_Casper_Systeminformation_Output
 		date = "2015-03-06"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/VRJNLo"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_casper.yar#L85-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_casper.yar#L85-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "83c6216bc3e7fadfe81b9bbaca7b14e3398e972f8298c99a8eb576a40e4b4e1b"
 		score = 70
 		quality = 85
@@ -350812,8 +351423,8 @@ rule SIGNATURE_BASE_APT30_Generic_H : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e4affe7dc01efc4d6c25aaae4679bc1f8fddd97794e351d30501eaeb8e1d1dea"
 		score = 75
 		quality = 85
@@ -350839,8 +351450,8 @@ rule SIGNATURE_BASE_APT30_Sample_2 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0359ffbef6a752ee1a54447b26e272f4a5a35167"
 		logic_hash = "e34dbb90fc868b0619d3d2aa1b6176252836a6ae72e6f52b1eba632054f7c272"
 		score = 75
@@ -350867,8 +351478,8 @@ rule SIGNATURE_BASE_APT30_Sample_3 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L47-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L47-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d0320144e65c9af0052f8dee0419e8deed91b61b"
 		logic_hash = "ee61ec1fdf27fa21bcc235fce0ab8dc74968b39a747648ce828fb4826cf1d234"
 		score = 75
@@ -350895,8 +351506,8 @@ rule SIGNATURE_BASE_APT30_Generic_C : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L66-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L66-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b969565eac3b6f548318aae4edc8d8851f522a6c263bcaf2a466ff0ca9af78a4"
 		score = 75
 		quality = 85
@@ -350928,8 +351539,8 @@ rule SIGNATURE_BASE_APT30_Sample_4 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L90-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L90-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "75367d8b506031df5923c2d8d7f1b9f643a123cd"
 		logic_hash = "ec9542acb583bd5812d561bea70e89e0fcddc1eaef14d3ea5b8ad29711ed17ae"
 		score = 75
@@ -350957,8 +351568,8 @@ rule SIGNATURE_BASE_APT30_Sample_5 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L110-L127"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L110-L127"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1a2dd2a0555dc746333e7c956c58f7c4cdbabd4b"
 		logic_hash = "3738076d97bf19404bad20c2419eae83dd2b65400d5bd135ffe73362c008de9b"
 		score = 75
@@ -350985,8 +351596,8 @@ rule SIGNATURE_BASE_APT30_Sample_6 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L129-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L129-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "00e69b059ad6b51b76bc476a115325449d10b4c0"
 		logic_hash = "139719139056f575967629f0153e0a05239bc26f61f6d4324cfb6a816518c3df"
 		score = 75
@@ -351010,8 +351621,8 @@ rule SIGNATURE_BASE_APT30_Sample_7 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L145-L163"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L145-L163"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "868d1f4c106a08bd2e5af4f23139f0e0cd798fba"
 		logic_hash = "f7922d795bc92714a9ef4861bc9c4ac9921a73749e3aa1d5f7dbc3c991fe7145"
 		score = 75
@@ -351039,8 +351650,8 @@ rule SIGNATURE_BASE_APT30_Generic_E : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L165-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L165-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5ccf1f1334dc300d13aa8dbc080d2d839815d102958fde2b8709c11f522412fd"
 		score = 75
 		quality = 85
@@ -351068,8 +351679,8 @@ rule SIGNATURE_BASE_APT30_Sample_8 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L185-L201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L185-L201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9531e21652143b8b129ab8c023dc05fef2a17cc3"
 		logic_hash = "bff21d517e97d2b13dff2b5ebc9a5b82b8f7635943c89f992b41d269623cd498"
 		score = 75
@@ -351095,8 +351706,8 @@ rule SIGNATURE_BASE_APT30_Generic_B : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L203-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L203-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "527c823607836f138369224b7d8d492d36d9ab7a150e64fd5ebbaf99538d6d53"
 		score = 75
 		quality = 85
@@ -351125,8 +351736,8 @@ rule SIGNATURE_BASE_APT30_Generic_I : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L224-L240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L224-L240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e6f0edcbf6e0590c8b4a558142053d5938e86d13d65787f02336dc2a173d5963"
 		score = 75
 		quality = 85
@@ -351152,8 +351763,8 @@ rule SIGNATURE_BASE_APT30_Sample_9 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L242-L263"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L242-L263"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "442bf8690401a2087a340ce4a48151c39101652f"
 		logic_hash = "0c5465bdafcbca02f855a0cba1fbb4c19d8d21b714dbe777b942dcd1a7acb257"
 		score = 75
@@ -351184,8 +351795,8 @@ rule SIGNATURE_BASE_APT30_Sample_10 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L264-L283"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L264-L283"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "eb518cda3c4f4e6938aaaee07f1f7db8ee91c901"
 		logic_hash = "5a6bd8223fbce133bd11b903edfd7f8ff5a436e26a47c048a5ac606ad4a0b564"
 		score = 75
@@ -351214,8 +351825,8 @@ rule SIGNATURE_BASE_APT30_Sample_11 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L285-L312"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L285-L312"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "59066d5d1ee3ad918111ed6fcaf8513537ff49a6"
 		logic_hash = "5e86b53591caa7c783a946205a3d04f91c71294d844e6f6ee88c3bc78e603ea0"
 		score = 75
@@ -351252,8 +351863,8 @@ rule SIGNATURE_BASE_APT30_Sample_12 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L314-L329"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L314-L329"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b02b5720ff0f73f01eb2ba029a58b645c987c4bc"
 		logic_hash = "997c91267f956bd7d2a7edca9817ebc80bbf1eed944b3bc01cc8bb01927deb1e"
 		score = 75
@@ -351278,8 +351889,8 @@ rule SIGNATURE_BASE_APT30_Sample_13 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L331-L349"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L331-L349"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a359f705a833c4a4254443b87645fd579aa94bcf"
 		logic_hash = "cd5285e8b78493b64704cec21c13d0a017d66936aa8356cfea2aa77c6f87b9e7"
 		score = 75
@@ -351307,8 +351918,8 @@ rule SIGNATURE_BASE_APT30_Sample_14 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L351-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L351-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b0740175d20eab79a5d62cdbe0ee1a89212a8472"
 		logic_hash = "e5f352b1aa643b9508c01bbe921197ebd8992ec94036b869c55970f0177164d3"
 		score = 75
@@ -351334,8 +351945,8 @@ rule SIGNATURE_BASE_APT30_Sample_15 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L369-L387"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L369-L387"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7a8576804a2bbe4e5d05d1718f90b6a4332df027"
 		logic_hash = "5179f39bdcb064f55479ad147a019dd0b3874783c6bad650e84cfd9d0430bb70"
 		score = 75
@@ -351363,8 +351974,8 @@ rule SIGNATURE_BASE_APT30_Sample_16 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L389-L407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L389-L407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "066d06ac08b48d3382d46bbeda6ad411b6d6130e"
 		logic_hash = "59ea90ac0590bd87a48fabf1a3fa7ece31560b980b738a34227937bbf82a1c55"
 		score = 75
@@ -351392,8 +352003,8 @@ rule SIGNATURE_BASE_APT30_Generic_A : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L409-L429"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L409-L429"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c20660a8a55c6c6cb058fb233e0b29e1e4be2683181dbdfb06e17037d0ed8c31"
 		score = 75
 		quality = 85
@@ -351423,8 +352034,8 @@ rule SIGNATURE_BASE_APT30_Sample_17 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L431-L445"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L431-L445"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c3aa52ff1d19e8fc6704777caf7c5bd120056845"
 		logic_hash = "43913151325fbce993dbfec0acf64ca835b12270c47156ae81b0ce4f32c7bde1"
 		score = 75
@@ -351448,8 +352059,8 @@ rule SIGNATURE_BASE_APT30_Sample_18 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L446-L466"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L446-L466"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "355436a16d7a2eba8a284b63bb252a8bb1644751"
 		logic_hash = "d20f1d1b7b43defc36c7b1f99f14ed9e73e770b6f43d0ad92110cf9178b35b15"
 		score = 75
@@ -351479,8 +352090,8 @@ rule SIGNATURE_BASE_APT30_Generic_G : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L468-L489"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L468-L489"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1612b392d6145bfb0c43f8a48d78c75f"
 		hash = "53f1358cbc298da96ec56e9a08851b4b"
 		hash = "c2acc9fc9b0f050ec2103d3ba9cb11c0"
@@ -351511,8 +352122,8 @@ rule SIGNATURE_BASE_APT30_Sample_19 : FILE
 		date = "2015-04-03"
 		modified = "2023-01-06"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L491-L517"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L491-L517"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cfa438449715b61bffa20130df8af778ef011e15"
 		logic_hash = "9127ae31c5b818a2759f9d33c74c8631079539e7fa8e49e5514b016df2624065"
 		score = 75
@@ -351546,8 +352157,8 @@ rule SIGNATURE_BASE_APT30_Generic_E_V2 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L519-L535"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L519-L535"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "eca53a9f6251ddf438508b28d8a483f91b99a3fd"
 		logic_hash = "25a7e5780f56b4f9cfb76494926c446a39a88bef2cda82b31e6de2b85c5edbda"
 		score = 75
@@ -351573,8 +352184,8 @@ rule SIGNATURE_BASE_APT30_Sample_20 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L537-L557"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L537-L557"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b1c37632e604a5d1f430c9351f87eb9e8ea911c0"
 		logic_hash = "f94cbd4b8e7ba302db9ac4ef3617bd68aa0aa1ee3cfc6dfee4621223bbdae3c5"
 		score = 75
@@ -351604,8 +352215,8 @@ rule SIGNATURE_BASE_APT30_Sample_21 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L559-L575"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L559-L575"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d315daa61126616a79a8582145777d8a1565c615"
 		logic_hash = "e3e431bb6915d99b8aa1915419b60ba47372005b9b4994a924746a91bad80310"
 		score = 75
@@ -351631,8 +352242,8 @@ rule SIGNATURE_BASE_APT30_Sample_22 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L577-L595"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L577-L595"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0d17a58c24753e5f8fd5276f62c8c7394d8e1481"
 		logic_hash = "88a45d248eba7b9776e2e7d345d2948e00a94a7e359acb89d1943be55ab342ad"
 		score = 75
@@ -351660,8 +352271,8 @@ rule SIGNATURE_BASE_APT30_Generic_F : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L597-L615"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L597-L615"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4997b52e0cc12a1a0c84cec3565dd9e6b486ccef4eb8791c566c7a534d36e3ff"
 		score = 75
 		quality = 85
@@ -351689,8 +352300,8 @@ rule SIGNATURE_BASE_APT30_Sample_23 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L617-L637"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L617-L637"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9865e24aadb4480bd3c182e50e0e53316546fc01"
 		logic_hash = "64ff048b061431e0834ac40bfccb0d9e8ca60ffb022578ef910e6ffc511be6ed"
 		score = 75
@@ -351720,8 +352331,8 @@ rule SIGNATURE_BASE_APT30_Sample_24 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L639-L658"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L639-L658"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "572caa09f2b600daa941c60db1fc410bef8d1771"
 		logic_hash = "9d550fd0225f1c4e3b16ae53648644d7bb5c80e99e2a1a3d199e51c7219c2e94"
 		score = 75
@@ -351750,8 +352361,8 @@ rule SIGNATURE_BASE_APT30_Sample_25 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L660-L679"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L660-L679"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "44a21c8b3147fabc668fee968b62783aa9d90351"
 		logic_hash = "86945188f888762ae585463df7cfb6e5fed30d0fcfcca4e642aedf07a0193ae7"
 		score = 75
@@ -351780,8 +352391,8 @@ rule SIGNATURE_BASE_APT30_Sample_26 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L681-L700"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L681-L700"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e26588113417bf68cb0c479638c9cd99a48e846d"
 		logic_hash = "b585687c071dc2dddb888906f47b7af6bc7683e902d3afb42364896e800fac5c"
 		score = 75
@@ -351810,8 +352421,8 @@ rule SIGNATURE_BASE_APT30_Generic_D : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L702-L725"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L702-L725"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ff39fc7643441652ec0cdf2f84c7827d326ddb5f01451b3857cfc4015eb01467"
 		score = 75
 		quality = 85
@@ -351844,8 +352455,8 @@ rule SIGNATURE_BASE_APT30_Sample_27 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L727-L746"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L727-L746"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "959573261ca1d7e5ddcd19447475b2139ca24fe1"
 		logic_hash = "5ef0661c5c04f0f0923548509363971011194a16e4308fcfdea5db90e85518a4"
 		score = 75
@@ -351874,8 +352485,8 @@ rule SIGNATURE_BASE_APT30_Sample_28 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L748-L776"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L748-L776"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d246a188ad9ec69948bef6018bab1e7a244c76dcf511c3f9d16024ef7e369ae2"
 		score = 75
 		quality = 85
@@ -351913,8 +352524,8 @@ rule SIGNATURE_BASE_APT30_Sample_29 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L778-L798"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L778-L798"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "44492c53715d7c79895904543843a321491cb23a"
 		logic_hash = "7a59118ba00413961e6fc4d54680373d033a38d698613f853f67137b85c123a7"
 		score = 75
@@ -351944,8 +352555,8 @@ rule SIGNATURE_BASE_APT30_Sample_30 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L800-L817"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L800-L817"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3b684fa40b4f096e99fbf535962c7da5cf0b4528"
 		logic_hash = "5ecfc8d53b768f624c8765f70708bfaae5396d7aa6b0335f7c656f4350649c5d"
 		score = 75
@@ -351972,8 +352583,8 @@ rule SIGNATURE_BASE_APT30_Sample_31 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L819-L836"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L819-L836"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8b4271167655787be1988574446125eae5043aca"
 		logic_hash = "003bfa9774d3e85829cc266d06417b86287986994995adfa7a2bd26c3648c07e"
 		score = 75
@@ -352000,8 +352611,8 @@ rule SIGNATURE_BASE_APT30_Generic_J : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L838-L869"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L838-L869"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7c404689b60fe493ca9b503902173ac04d7bb00488edec9e69006e6d51e20c51"
 		score = 75
 		quality = 85
@@ -352042,8 +352653,8 @@ rule SIGNATURE_BASE_APT30_Microfost : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L871-L885"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L871-L885"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "57169cb4b8ef7a0d7ebd7aa039d1a1efd6eb639e"
 		logic_hash = "1fe5be3a88859fd3d485adfba92cf117afedc739bd0a46c039124919c3b81361"
 		score = 75
@@ -352067,8 +352678,8 @@ rule SIGNATURE_BASE_APT30_Generic_K : FILE
 		date = "2015-04-03"
 		modified = "2023-01-06"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L887-L917"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L887-L917"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "142bc01ad412799a7f9ffed994069fecbd5a2f93"
 		logic_hash = "eed03bb4290eef0ad1cf362a157923aa1fb8faa9305b5aaba3563d0a4e65e1a5"
 		score = 75
@@ -352105,8 +352716,8 @@ rule SIGNATURE_BASE_APT30_Sample_33 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L919-L939"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L919-L939"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "72c568ee2dd75406858c0294ccfcf86ad0e390e4"
 		logic_hash = "295c2d9fcf1c3bab54650fd1d203dfb8c12269945aad8927066ef6f815abea69"
 		score = 75
@@ -352136,8 +352747,8 @@ rule SIGNATURE_BASE_APT30_Sample_34 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L941-L960"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L941-L960"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "216868edbcdd067bd2a9cce4f132d33ba9c0d818"
 		logic_hash = "2406f9613585669f88c389ea9729a089f6aef13fba46d60b713f51cd3a946b5d"
 		score = 75
@@ -352166,8 +352777,8 @@ rule SIGNATURE_BASE_APT30_Sample_35 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L962-L977"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L962-L977"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "df48a7cd6c4a8f78f5847bad3776abc0458499a6"
 		logic_hash = "a70d9471215ddcfe84a39b33f53c4114b205aa2cc95cd93081afe442ee2b8b42"
 		score = 75
@@ -352192,8 +352803,8 @@ rule SIGNATURE_BASE_APT30_Sample_1 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L979-L996"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L979-L996"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8cea83299af8f5ec6c278247e649c9d91d4cf3bc"
 		logic_hash = "5f20b60b8721d62731708630a3443741c956304c553f651572282336995f6d4f"
 		score = 75
@@ -352220,8 +352831,8 @@ rule SIGNATURE_BASE_APT30_Generic_1 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L998-L1031"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L998-L1031"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0a2d4e8583286a3f44b49dc902143ee1ea321d26275c6cbcd54876e94b8cd2a3"
 		score = 75
 		quality = 85
@@ -352264,8 +352875,8 @@ rule SIGNATURE_BASE_APT30_Generic_2 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L1032-L1087"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L1032-L1087"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "56c9e58298c318b6dff2cce0ab896bb7bdd22429e6015b8fe72b8ad2f1f69d30"
 		score = 75
 		quality = 85
@@ -352330,8 +352941,8 @@ rule SIGNATURE_BASE_APT30_Generic_4 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L1110-L1140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L1110-L1140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d6a45baee2741c5ebb05fc3f17974a041cd37f665df1e67934b0928fc75f37c3"
 		score = 75
 		quality = 85
@@ -352371,8 +352982,8 @@ rule SIGNATURE_BASE_APT30_Generic_5 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L1142-L1163"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L1142-L1163"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a9d93d7dbf8c5e97ce77cf3fef4941a01c5b1c6bcee40c6f4ca7117d8aee289e"
 		score = 75
 		quality = 85
@@ -352403,8 +353014,8 @@ rule SIGNATURE_BASE_APT30_Generic_6 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L1165-L1186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L1165-L1186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ff7473e43e11e31fe6ad997009834f661a0120317e479184410456c99f72b613"
 		score = 75
 		quality = 85
@@ -352435,8 +353046,8 @@ rule SIGNATURE_BASE_APT30_Generic_7 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L1188-L1206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L1188-L1206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b5a272cbeb46be9b120acdbe12d795eddc05765777e4157d818c2b91ea7b782b"
 		score = 75
 		quality = 85
@@ -352464,8 +353075,8 @@ rule SIGNATURE_BASE_APT30_Generic_8 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L1207-L1232"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L1207-L1232"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2c240d2a35ce3d621d108d03d4e720ddf86e248047fb4dd7f9724e64020caa7f"
 		score = 75
 		quality = 85
@@ -352500,8 +353111,8 @@ rule SIGNATURE_BASE_APT30_Generic_9 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt30_backspace.yar#L1234-L1255"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt30_backspace.yar#L1234-L1255"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0b30c2f0bd654371bf3ac4f9d4e700e1544b62a6c0a072d506160c443fc5fe9d"
 		score = 75
 		quality = 85
@@ -352532,11 +353143,11 @@ rule SIGNATURE_BASE_SUSP_Obfuscated_JS_Obfuscatorio : HIGHVOL FILE
 		date = "2021-08-25"
 		modified = "2023-12-05"
 		reference = "https://obfuscator.io"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_js_obfuscatorio.yar#L1-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_js_obfuscatorio.yar#L1-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "813df8459e4a53a084dc1f902713af74747a0c2f4ef535e682de38acba9b0e5e"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "HIGHVOL, FILE"
 
 	strings:
@@ -352564,8 +353175,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Gen1 : FILE
 		date = "2016-10-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig.yar#L12-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig.yar#L12-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "17dbf53ba6e27b230e3357963162a1805c6460cdadce8bba68953a97f699e1b7"
 		score = 75
 		quality = 85
@@ -352621,8 +353232,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Mal1 : FILE
 		date = "2016-10-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig.yar#L69-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig.yar#L69-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b5fc4329bb639765890c49907860883b96d278381b83307c906f624e6645dedd"
 		score = 75
 		quality = 85
@@ -352649,8 +353260,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Gen2 : FILE
 		date = "2016-10-12"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig.yar#L88-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig.yar#L88-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "861ae1696aaa89c81d04214e67d77d98ae85bd7f64ae2979fbe932dc696fd32c"
 		score = 75
 		quality = 85
@@ -352681,8 +353292,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Gen3 : FILE
 		date = "2016-10-12"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig.yar#L112-L129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig.yar#L112-L129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ccc110b04ea3ee9a19ff23babbc759b4ec6114f8b5eb4f42bc5f70f8abde8a53"
 		score = 75
 		quality = 85
@@ -352708,8 +353319,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Mal2 : FILE
 		date = "2016-10-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig.yar#L131-L149"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig.yar#L131-L149"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b1de7dc3c205c78825f52ea30608b10bafa2c486db53693aa90aa07138fb1a87"
 		score = 75
 		quality = 85
@@ -352737,8 +353348,8 @@ rule SIGNATURE_BASE_Oilrig_Campaign_Reconnaissance : FILE
 		date = "2016-10-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig.yar#L151-L166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig.yar#L151-L166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "04c9f482c0c4abc1bf316459dc3085154defadb0fd5fe74ff274d8b3ee807b7f"
 		score = 75
 		quality = 85
@@ -352763,8 +353374,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Mal3 : FILE
 		date = "2016-10-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig.yar#L168-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig.yar#L168-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "62a6f6c4e574a3c577f0b1fdd85eaa3e775a7ae0e457c59a6b6f741ad895e510"
 		score = 75
 		quality = 85
@@ -352790,8 +353401,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Nov17_13 : FILE
 		date = "2017-11-22"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ClearskySec/status/933280188733018113"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig.yar#L185-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig.yar#L185-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eab15229f084681b27cec7ed959ef4cd1193a0b38aaed4341dcd6761e2505804"
 		score = 75
 		quality = 85
@@ -352817,8 +353428,8 @@ rule SIGNATURE_BASE_Oilrig_Intelsecuritymanager_Macro : FILE
 		date = "2018-01-19"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig.yar#L208-L233"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig.yar#L208-L233"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "35e540b87bb7425b601fad76f0ff33c60a4d91579fc50f5902d708d06fa755f6"
 		score = 75
 		quality = 85
@@ -352852,8 +353463,8 @@ rule SIGNATURE_BASE_Oilrig_Intelsecuritymanager : FILE
 		date = "2018-01-19"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig.yar#L235-L255"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig.yar#L235-L255"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "97debd5e74730e22133f29c89a0cf049862459c24d1b46634a973908040db3a7"
 		score = 75
 		quality = 85
@@ -352883,8 +353494,8 @@ rule SIGNATURE_BASE_APT_APT34_PS_Malware_Apr19_1
 		date = "2019-04-17"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/0xffff0800/status/1118406371165126656"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig.yar#L267-L283"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig.yar#L267-L283"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "afe203fdfcc9dcafb170bee972d45e66e5483a777112a00fa30516dfe81bbf88"
 		score = 75
 		quality = 85
@@ -352909,8 +353520,8 @@ rule SIGNATURE_BASE_APT_APT34_PS_Malware_Apr19_2
 		date = "2019-04-17"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/0xffff0800/status/1118406371165126656"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig.yar#L285-L304"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig.yar#L285-L304"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "57c8f02ebfb05f739fc4791a88be4a981ce7b89e2bd283669f85aae1a5c14d02"
 		score = 75
 		quality = 85
@@ -352938,8 +353549,8 @@ rule SIGNATURE_BASE_APT_APT34_PS_Malware_Apr19_3
 		date = "2019-04-17"
 		modified = "2023-01-06"
 		reference = "https://twitter.com/0xffff0800/status/1118406371165126656"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_oilrig.yar#L306-L326"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_oilrig.yar#L306-L326"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "77ba71a59d6026c4b393bc66af586066e11b0c496367a38d847396a23b3dffbe"
 		score = 75
 		quality = 85
@@ -352968,8 +353579,8 @@ rule SIGNATURE_BASE_Windivert_Driver : FILE
 		date = "2017-10-02"
 		modified = "2023-12-05"
 		reference = "https://www.reqrypt.org/windivert.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_pua.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_pua.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "db2933396e015e906114bd04f75a5b5caf0564494224f533a6e00c1fa5421568"
 		score = 40
 		quality = 85
@@ -352997,8 +353608,8 @@ rule SIGNATURE_BASE_SUSP_VEST_Encryption_Core_Accumulator_Jan21 : FILE
 		date = "2021-01-28"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ochsenmeier/status/1354737155495649280"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_jan21.yar#L2-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_jan21.yar#L2-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "41fe42b2f2b5fb54b7ff19b74a35aadd928be9a3c7280ee9feffc4a142924b07"
 		score = 70
 		quality = 85
@@ -353029,8 +353640,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Ivanti_EPMM_Mobileiron_Core_CVE_2023_35078_Jul23_1
 		date = "2023-07-25"
 		modified = "2023-12-05"
 		reference = "Ivanti Endpoint Manager Mobile (EPMM) CVE-2023-35078 - Analysis Guidance"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ebc59032b7450aa438ca30170560c95550cda6ff7774b8ce1486309716da9e6c"
 		score = 75
 		quality = 60
@@ -353051,8 +353662,8 @@ rule SIGNATURE_BASE_MAL_WAR_Ivanti_EPMM_Mobileiron_Mi_War_Aug23 : CVE_2023_35078
 		date = "2023-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L16-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L16-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0083727e34118d628c8507459bfb7f949f11af8197e201066e29e263e2c3f944"
 		score = 85
 		quality = 85
@@ -353075,8 +353686,8 @@ rule SIGNATURE_BASE_MAL_WAR_Ivanti_EPMM_Mobileiron_Logclear_JAVA_Aug23 : CVE_202
 		date = "2023-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L34-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L34-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c42c2eca784d7089aab56addca11bad658a4a6c34a81ae823bd0c3dad41a1c99"
 		score = 80
 		quality = 85
@@ -353102,8 +353713,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Xsltransform_Aug21 : FILE
 		date = "2020-02-23"
 		modified = "2023-12-05"
 		reference = "https://gist.github.com/JohnHammond/cdae03ca5bc2a14a735ad0334dcb93d6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/webshell_xsl_transform.yar#L1-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/webshell_xsl_transform.yar#L1-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3ac0b50adc4c56769d0248e213e9426a22e0f5086bf081da57f835ff1c77b716"
 		score = 75
 		quality = 85
@@ -353129,8 +353740,8 @@ rule SIGNATURE_BASE_APT34_Malware_HTA : FILE
 		date = "2017-12-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt34.yar#L12-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt34.yar#L12-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0bf9b988b3ef46df29e0f91c3ea186aaab8a1ccb79563e97521311bf2e1215d7"
 		score = 75
 		quality = 85
@@ -353159,8 +353770,8 @@ rule SIGNATURE_BASE_APT34_Malware_Exeruner : FILE
 		date = "2017-12-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt34.yar#L34-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt34.yar#L34-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "71840d9a0f8a5dc39656e6bf1ad94fa275bcd18baf6b374dfe040c161d62a960"
 		score = 75
 		quality = 85
@@ -353195,8 +353806,8 @@ rule SIGNATURE_BASE_APT_LNX_Academic_Camp_May20_Eraser_1 : FILE
 		date = "2020-05-16"
 		modified = "2023-12-05"
 		reference = "https://csirt.egi.eu/academic-data-centers-abused-for-crypto-currency-mining/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_academic_data_centers_camp_may20.yar#L1-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_academic_data_centers_camp_may20.yar#L1-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9a0410e86fa8fb8b599e5b8a6508d6889eb6e26600f0ecf222561ac4a169676d"
 		score = 75
 		quality = 85
@@ -353221,8 +353832,8 @@ rule SIGNATURE_BASE_APT_LNX_Academic_Camp_May20_Loader_1 : FILE
 		date = "2020-05-16"
 		modified = "2023-12-05"
 		reference = "https://csirt.egi.eu/academic-data-centers-abused-for-crypto-currency-mining/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_academic_data_centers_camp_may20.yar#L20-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_academic_data_centers_camp_may20.yar#L20-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a73883f9fdf3d53694d9f9efec5f8f15994c5fd80c5f2a87b1741db6b954a023"
 		score = 75
 		quality = 85
@@ -353246,8 +353857,8 @@ rule SIGNATURE_BASE_B374K_Back_Connect : FILE
 		date = "2016-08-18"
 		modified = "2023-12-05"
 		reference = "Internal Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_b374k_extra.yar#L8-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_b374k_extra.yar#L8-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dd89aefb6c1add44bfe2a706cd161a16f36a649f910ace16b641a7836525aa73"
 		score = 80
 		quality = 85
@@ -353272,11 +353883,11 @@ rule SIGNATURE_BASE_Chinachopper_Generic : FILE
 		date = "2015-03-10"
 		modified = "2022-10-27"
 		reference = "https://www.fireeye.com/content/dam/legacy/resources/pdfs/fireeye-china-chopper-report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_webshell_chinachopper.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_webshell_chinachopper.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "34cb81b077d6dae5b4565001b2ab28897c6c554f00aa102601fb9c416c6c0f09"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 
@@ -353298,8 +353909,8 @@ rule SIGNATURE_BASE_Projectm_Darkcomet_1 : FILE
 		date = "2016-03-26"
 		modified = "2023-01-27"
 		reference = "http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_m.yar#L10-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_m.yar#L10-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cc488690ce442e9f98bac651218f4075ca36c355d8cd83f7a9f5230970d24157"
 		logic_hash = "81ffaa382bb6f817fe2917a096a3eee49d2e8c281271da551ccd65679692712f"
 		score = 75
@@ -353327,8 +353938,8 @@ rule SIGNATURE_BASE_Projectm_Crimsondownloader : FILE
 		date = "2016-03-26"
 		modified = "2023-12-05"
 		reference = "http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_m.yar#L32-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_m.yar#L32-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "dc8bd60695070152c94cbeb5f61eca6e4309b8966f1aa9fdc2dd0ab754ad3e4c"
 		logic_hash = "3c9a4f5aca4c9fc26d371027a32e349a456ef25d6b403a66b9afb1ee19dd4d00"
 		score = 75
@@ -353356,8 +353967,8 @@ rule SIGNATURE_BASE_APT15_Malware_Mar18_Royalcli : FILE
 		date = "2018-03-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HZ5XMN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt15.yar#L13-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt15.yar#L13-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "27fb5e8ff299201d1d13f4a45c401570f76ddfa4c3c1153eff50187170ada06e"
 		score = 75
 		quality = 85
@@ -353387,8 +353998,8 @@ rule SIGNATURE_BASE_APT15_Malware_Mar18_Royaldns : FILE
 		date = "2018-03-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HZ5XMN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt15.yar#L34-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt15.yar#L34-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5d42f48d7d816c0b0ea05145e9dd43b1b2589f3131bf286e1b39c0efaf1c6fac"
 		score = 75
 		quality = 85
@@ -353418,8 +354029,8 @@ rule SIGNATURE_BASE_APT15_Malware_Mar18_BS2005 : FILE
 		date = "2018-03-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HZ5XMN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt15.yar#L61-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt15.yar#L61-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "306903da4ecc9f5bf670d8c49039dee0ce5500c185acaef74786a2c109a4734b"
 		score = 75
 		quality = 85
@@ -353450,8 +354061,8 @@ rule SIGNATURE_BASE_APT15_Malware_Mar18_Msexchangetool : FILE
 		date = "2018-03-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HZ5XMN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt15.yar#L89-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt15.yar#L89-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4e9e29bc69383ab6248241622394afddde6e18032ed6e2b64575362773f25a94"
 		score = 75
 		quality = 85
@@ -353478,8 +354089,8 @@ rule SIGNATURE_BASE_Clean_Apt15_Patchedcmd : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt15.yar#L118-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt15.yar#L118-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "90d1f65cfa51da07e040e066d4409dc8a48c1ab451542c894a623bc75c14bf8f"
 		logic_hash = "08a68e14793d2f44ee75e49a43521c7d8bc1fc5ddd005e1fb71cc844966e16ba"
 		score = 75
@@ -353504,8 +354115,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Royalcli_1 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt15.yar#L133-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt15.yar#L133-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6df9b712ff56009810c4000a0ad47e41b7a6183b69416251e060b5c80cd05785"
 		logic_hash = "3cc0cd81db58e20fbf31fbd9fe65d113b7160e7d2b6739c01987d9e317099b9b"
 		score = 75
@@ -353536,8 +354147,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Royalcli_2 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt15.yar#L154-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt15.yar#L154-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c57ae92ba84355652cd56c8eaad3f277a8f514f8d078f053f3e8208b8bec535f"
 		score = 75
 		quality = 85
@@ -353562,8 +354173,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Royaldll
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt15.yar#L196-L243"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt15.yar#L196-L243"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d"
 		logic_hash = "2ed0d38993a072da189f02233bd7cc0bf1be02e926f687db224f52de9b3a44fc"
 		score = 75
@@ -353593,8 +354204,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Royaldll_2 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt15.yar#L245-L261"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt15.yar#L245-L261"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d"
 		logic_hash = "94e2b61ff19b1377f461203cb22c607e718683691e54a3de3ed32bf6ed2897fa"
 		score = 75
@@ -353620,8 +354231,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Exchange_Tool : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt15.yar#L263-L283"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt15.yar#L263-L283"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d21a7e349e796064ce10f2f6ede31c71"
 		logic_hash = "e7b5ac97f3dcf125e64001be53aca73ee19c1be8b192a762f231106c47f76867"
 		score = 75
@@ -353653,8 +354264,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Generic
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt15.yar#L285-L307"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt15.yar#L285-L307"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e939a5ab4a4b2b289d5809e18dd57dd85e3da19a176719adba4707dfd605fc81"
 		score = 75
 		quality = 85
@@ -353677,8 +354288,8 @@ rule SIGNATURE_BASE_APT_UNC1151_Windowsinstaller_Silent_Installproduct_Macrometh
 		date = "2021-07-28"
 		modified = "2023-12-05"
 		reference = "Thttps://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unc1151_ua.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unc1151_ua.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aec1bb992061fdf1abf5c1a61cf9ec9e54c1f13be36ceb84890b058ade273b70"
 		score = 75
 		quality = 85
@@ -353704,8 +354315,8 @@ rule SIGNATURE_BASE_Enigmapacker_Rare : FILE
 		date = "2017-04-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_enigma_protector.yar#L8-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_enigma_protector.yar#L8-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a001b563db1b75581432d42a435683f24e244b6b354f83409b5b9d6d0314d63a"
 		score = 60
 		quality = 85
@@ -353729,8 +354340,8 @@ rule SIGNATURE_BASE_Enigma_Protected_Malware_May17_Rhxfiles : FILE
 		date = "2017-05-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_enigma_protector.yar#L25-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_enigma_protector.yar#L25-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "838ab7dddda798d2f5c79fc5417693f8489195b3024c43d9ad1aab05fcfd71eb"
 		score = 75
 		quality = 85
@@ -353754,8 +354365,8 @@ rule SIGNATURE_BASE_Enigma_Protected_Malware : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/OEVQ9w"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_enigma_protector.yar#L41-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_enigma_protector.yar#L41-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1a254d4d593b73d16d1cfbd73d7d4b2732a080cb98d70972de0826433b004152"
 		score = 75
 		quality = 85
@@ -353779,8 +354390,8 @@ rule SIGNATURE_BASE_Fidelis_Advisory_Purchase_Order_Pps
 		date = "2015-06-09"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/ZjJyti"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fidelis_phishing_plain_sight.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fidelis_phishing_plain_sight.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "45cfee6413accff36a39ced861a29c611d6efe24e1ca87f17467106f8565642b"
 		score = 75
 		quality = 85
@@ -353802,8 +354413,8 @@ rule SIGNATURE_BASE_Fidelis_Advisory_Cedt370
 		date = "2015-06-09"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/ZjJyti"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fidelis_phishing_plain_sight.yar#L16-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fidelis_phishing_plain_sight.yar#L16-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1070d3c63a7091c0982e67134f9dc3cd790bb0b5c2ac08f3a00e3b97ef53d64b"
 		score = 75
 		quality = 85
@@ -353827,8 +354438,8 @@ rule SIGNATURE_BASE_EXPL_HKTL_Macos_Switcharoo_CVE_2022_46689_Dec22 : CVE_2022_4
 		date = "2022-12-19"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_macos_switcharoo_dec22.yar#L2-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_macos_switcharoo_dec22.yar#L2-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c2cbe12a01a38db522c49143c5168d3519ef974b4e6157cb251aa66707c69d78"
 		score = 80
 		quality = 85
@@ -353867,8 +354478,8 @@ rule SIGNATURE_BASE_EXPL_Macos_Switcharoo_Indicator_Dec22 : CVE_2022_46689 FILE
 		date = "2022-12-19"
 		modified = "2023-12-05"
 		reference = "https://github.com/zhuowei/MacDirtyCowDemo"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_macos_switcharoo_dec22.yar#L42-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_macos_switcharoo_dec22.yar#L42-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9b9ea134fc4b3a7b15ae585ced2e12cbe1defc54bc6175282d6b7a2a0b65abd1"
 		score = 65
 		quality = 85
@@ -353889,8 +354500,8 @@ rule SIGNATURE_BASE_Stuxnet_Malware_1
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stuxnet.yar#L10-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stuxnet.yar#L10-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8caa6bddef3c05e572ef342513190832900dcb1a7a56589ed7df48b3c6992ed1"
 		score = 75
 		quality = 85
@@ -353915,8 +354526,8 @@ rule SIGNATURE_BASE_Stuxnet_Malware_2 : FILE
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stuxnet.yar#L43-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stuxnet.yar#L43-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ecf992f8fd38b1ab3e05bfe05f260bcaf617f168484477aa81acb9b517b9f3e7"
 		score = 75
 		quality = 85
@@ -353940,8 +354551,8 @@ rule SIGNATURE_BASE_Stuxnet_Dll : FILE
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stuxnet.yar#L59-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stuxnet.yar#L59-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0c192153c268fdd330d3b9e2eb0d8383bd50ce6d036409f0cc0c9273ba8201b3"
 		score = 75
 		quality = 85
@@ -353964,8 +354575,8 @@ rule SIGNATURE_BASE_Stuxnet_Shortcut_To : FILE
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stuxnet.yar#L74-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stuxnet.yar#L74-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a8119500d38bcfc60620265386f31899e586f62e1ceeeff365fd0018ab39c30e"
 		score = 75
 		quality = 85
@@ -353988,8 +354599,8 @@ rule SIGNATURE_BASE_Stuxnet_Malware_3 : FILE
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stuxnet.yar#L89-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stuxnet.yar#L89-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d8c546fb74b419d46bab855fa07a55833ab0a23eb4081ce24a5d4ab0e4bf09dc"
 		score = 75
 		quality = 85
@@ -354019,8 +354630,8 @@ rule SIGNATURE_BASE_Stuxnet_Malware_4 : FILE
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stuxnet.yar#L112-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stuxnet.yar#L112-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a4ad77490d17cf897c4639f0b9f9473267886e99a94b4f506670207497117764"
 		score = 75
 		quality = 85
@@ -354046,8 +354657,8 @@ rule SIGNATURE_BASE_Stuxnet_Maindll_Decrypted_Unpacked
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stuxnet.yar#L130-L150"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stuxnet.yar#L130-L150"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bec740cdb4c1748d0fb546691cf8feb38c0e61adad60c069c5866f5034cb7ed9"
 		score = 75
 		quality = 85
@@ -354077,8 +354688,8 @@ rule SIGNATURE_BASE_Stuxnet_S7Hkimdb : FILE
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stuxnet.yar#L152-L188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stuxnet.yar#L152-L188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a44063b6a542eca17f46802e9f644540f1d6b6cb9777c20ef9ea14e44c341a1c"
 		score = 75
 		quality = 85
@@ -354104,8 +354715,8 @@ rule SIGNATURE_BASE_MAL_Wshrat_Dotnet_Packer_Feb21 : FILE
 		date = "2021-03-09"
 		modified = "2023-12-05"
 		reference = "https://yoroi.company/research/threatening-within-budget-how-wsh-rat-is-abused-by-cyber-crooks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_wsh_rat.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_wsh_rat.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "18159b140c314a00111fb9453e60d19c11633628a4fe2ad8299b839165b39424"
 		score = 75
 		quality = 85
@@ -354131,8 +354742,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Byteencoder_Jan25 : FILE
 		date = "2025-01-23"
 		modified = "2025-03-20"
 		reference = "https://www.securityweek.com/newly-discovered-turla-malware-targets-linux-systems/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/seaspy_backdoor_jan25.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/seaspy_backdoor_jan25.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3e0312ce8d0c1e5c192dbb93cac4770a1205c56dc9d02a0510c7e10a15251de5"
 		hash = "301d58a6a1819466e77209dbf8ca635cbee3b45516e5ee228fea50ae4a27b7d5"
 		hash = "957c0c135b50d1c209840ec7ead60912a5ccefd2873bf5722cb85354cea4eb37"
@@ -354160,8 +354771,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Stackstring_Technique_Jan25 : FILE
 		date = "2025-01-23"
 		modified = "2025-03-20"
 		reference = "https://www.securityweek.com/newly-discovered-turla-malware-targets-linux-systems/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/seaspy_backdoor_jan25.yar#L24-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/seaspy_backdoor_jan25.yar#L24-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0e65a80c6331a0e8d7df05ac217a8a7fe03b88f1d304f2ff0a26b92ed89153f3"
 		hash = "3e0312ce8d0c1e5c192dbb93cac4770a1205c56dc9d02a0510c7e10a15251de5"
 		hash = "301d58a6a1819466e77209dbf8ca635cbee3b45516e5ee228fea50ae4a27b7d5"
@@ -354189,8 +354800,8 @@ rule SIGNATURE_BASE_Mswin_Check_Lm_Group : FILE
 		date = "2015-06-13"
 		modified = "2021-03-15"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L9-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L9-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "115d87d7e7a3d08802a9e5fd6cd08e2ec633c367"
 		logic_hash = "74be6bd9c6e01cc4ec7785b6950c8cf6acf549c06990a9d1734f4a3487a04ba7"
 		score = 70
@@ -354215,8 +354826,8 @@ rule SIGNATURE_BASE_WAF_Bypass : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L30-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L30-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "860a9d7aac2ce3a40ac54a4a0bd442c6b945fa4e"
 		logic_hash = "e66d51b465e5d919555084d299a22f07a949a0a9adf4a3f246f6b5222d39b91a"
 		score = 75
@@ -354244,8 +354855,8 @@ rule SIGNATURE_BASE_Guilin_Veterans_Cookie_Spoofing_Tool : FILE
 		date = "2015-06-13"
 		modified = "2023-01-27"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L50-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L50-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "06b1969bc35b2ee8d66f7ce8a2120d3016a00bb1"
 		logic_hash = "5fd136f44ebce28db4f77f2f8730eb67fc4c2d58921b73378b8d87e1444a4b67"
 		score = 75
@@ -354271,8 +354882,8 @@ rule SIGNATURE_BASE_Marathontool : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L69-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L69-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "084a27cd3404554cc799d0e689f65880e10b59e3"
 		logic_hash = "2d52d640ef44d933791d1da0d1263dba15702180c730500e04d364dd6b4d6081"
 		score = 75
@@ -354297,8 +354908,8 @@ rule SIGNATURE_BASE_PLUGIN_Trackid : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L86-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L86-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a114181b334e850d4b33e9be2794f5bb0eb59a09"
 		logic_hash = "a62112dbf2ef696e4eb7f6787a0e0930c29d9834f46c87493954498fa4b375f6"
 		score = 75
@@ -354326,8 +354937,8 @@ rule SIGNATURE_BASE_Pc_Pc2015 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L106-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L106-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "de4f098611ac9eece91b079050b2d0b23afe0bcb"
 		logic_hash = "34d66d8b9e637c067ec2d9387b7b57458312d75892e33b95eb1095200799cf3b"
 		score = 75
@@ -354352,8 +354963,8 @@ rule SIGNATURE_BASE_Sekurlsa : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L123-L139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L123-L139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6acecd18fc7da1c5eb0d04e848aae9ce59d2b1b5"
 		logic_hash = "dea05c7f19a834cc936c452ca2f6f4286e6c3dae002747c27913960199451c3f"
 		score = 75
@@ -354379,8 +354990,8 @@ rule SIGNATURE_BASE_Mysqlfast : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L141-L159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L141-L159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "32b60350390fe7024af7b4b8fbf50f13306c546f"
 		logic_hash = "3ea75954831e705d0d25efa115288e66868d9b814f0990fd048bbe1209a8d933"
 		score = 75
@@ -354408,8 +355019,8 @@ rule SIGNATURE_BASE_Dtools2_02_Dtools : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L161-L179"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L161-L179"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9f99771427120d09ec7afa3b21a1cb9ed720af12"
 		logic_hash = "51e30d39f388546ac233b4b97a38f225c90d2f006bc509dd7eecfb408aef9be5"
 		score = 75
@@ -354437,8 +355048,8 @@ rule SIGNATURE_BASE_Dll_Packetx : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L181-L196"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L181-L196"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3f0908e0a38512d2a4fb05a824aa0f6cf3ba3b71"
 		logic_hash = "161d174376c599b1b794fa1174349ae12b198842d89769baec4b9664729a3983"
 		score = 50
@@ -354462,8 +355073,8 @@ rule SIGNATURE_BASE_Sqldbx_Zhs : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L198-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L198-L217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e34228345498a48d7f529dbdffcd919da2dea414"
 		logic_hash = "b0215d29c58c252c1717f08135eab65794a99ed669c2225bcba690ae7d7a034c"
 		score = 75
@@ -354492,8 +355103,8 @@ rule SIGNATURE_BASE_Ms10048_X86 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L219-L237"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L219-L237"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e57b453966e4827e2effa4e153f2923e7d058702"
 		logic_hash = "50e45cae87f5d1cc4903a16f9283dd751d90cde0c71f3124467b4ff15bd34f1b"
 		score = 75
@@ -354521,8 +355132,8 @@ rule SIGNATURE_BASE_Dos_Ch : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L239-L257"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L239-L257"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "60bbb87b08af840f21536b313a76646e7c1f0ea7"
 		logic_hash = "49ab2c75267c2ed5c15c8fbdc6fa0f8826f6e7a45a2861d6ba4b293ffca6bcd6"
 		score = 75
@@ -354550,8 +355161,8 @@ rule SIGNATURE_BASE_Dubrute_Dubrute : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L259-L275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L259-L275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8aaae91791bf782c92b97c6e1b0f78fb2a9f3e65"
 		logic_hash = "1e6d8bd24a37e3f4b7de88989251ae904128ff1bf766d4a4408ff8990c6dfd2f"
 		score = 75
@@ -354577,8 +355188,8 @@ rule SIGNATURE_BASE_Cookietools : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L277-L294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L277-L294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b6a3727fe3d214f4fb03aa43fb2bc6fadc42c8be"
 		logic_hash = "7f8c59ef58a92db15d8965e54ed6e26834e268581581af2a0ff98a6f46564e7e"
 		score = 75
@@ -354605,8 +355216,8 @@ rule SIGNATURE_BASE_Update_Pcinit : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L296-L314"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L296-L314"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a6facc4453f8cd81b8c18b3b3004fa4d8e2f5344"
 		logic_hash = "ee4b17dfb0d70464669edab1b7610efa607adb2918306ae6c50130024008a169"
 		score = 75
@@ -354634,8 +355245,8 @@ rule SIGNATURE_BASE_Dat_Nasllib : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L316-L331"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L316-L331"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fb0d4263118faaeed2d68e12fab24c59953e862d"
 		logic_hash = "7d2f3c67fe78028a51ba01c88d7eb62c38fe3c918bb03eee41b6583bc464ad78"
 		score = 75
@@ -354660,8 +355271,8 @@ rule SIGNATURE_BASE_Dos_1 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L333-L347"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L333-L347"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b554f0687a12ec3a137f321cc15e052ff219f28c"
 		logic_hash = "d4cf3e738743e5402602e045cf590b969dca2d6f7f1bdd57cc398df3392560d9"
 		score = 75
@@ -354685,8 +355296,8 @@ rule SIGNATURE_BASE_Othertools_Servu : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L349-L365"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L349-L365"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5c64e6879a9746a0d65226706e0edc7a"
 		logic_hash = "fda476bdcc0bb496331ca9f506a1221d401d8671d23f61f1b88219c688163169"
 		score = 75
@@ -354712,8 +355323,8 @@ rule SIGNATURE_BASE_Ustrrefadd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L367-L384"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L367-L384"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b371b122460951e74094f3db3016264c9c8a0cfa"
 		logic_hash = "e44f180e081494e28b35b4129eb2c1817ed3e83f23d86f0d3dd4dcf27941cdf1"
 		score = 75
@@ -354740,8 +355351,8 @@ rule SIGNATURE_BASE_Xscanlib : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L386-L402"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L386-L402"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c5cb4f75cf241f5a9aea324783193433a42a13b0"
 		logic_hash = "ff18c527df9ff2a4d72bcc5e4905d6f42877d42536edcb13608c6e0e6773aa63"
 		score = 75
@@ -354767,8 +355378,8 @@ rule SIGNATURE_BASE_Idtools_For_Winxp_Idttool : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L404-L419"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L404-L419"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ebab6e4cb7ea82c8dc1fe4154e040e241f4672c6"
 		logic_hash = "9e14db3721afaba3ea5e9767afff593bf2b137306fe673acd7926bf6efc78391"
 		score = 75
@@ -354793,8 +355404,8 @@ rule SIGNATURE_BASE_Goodtoolset_Ms11046 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L421-L438"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L421-L438"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f8414a374011fd239a6c6d9c6ca5851cd8936409"
 		logic_hash = "2fb36a589613f97d0c3a4da58c65352689062a8ba6d432b5f3cf3b51a7e77f8c"
 		score = 75
@@ -354821,8 +355432,8 @@ rule SIGNATURE_BASE_Cmdshell32 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L440-L455"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L440-L455"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3c41116d20e06dcb179e7346901c1c11cd81c596"
 		logic_hash = "cfe3d72d33d7a3c2b70d4fa0767a921c1cfcd360b2094af40b067789cace95af"
 		score = 75
@@ -354847,8 +355458,8 @@ rule SIGNATURE_BASE_Sniffer_Analyzer_Ssclone_1210_Full_Version : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L457-L473"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L457-L473"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6882125babb60bd0a7b2f1943a40b965b7a03d4e"
 		logic_hash = "982a213a106794e2cddb6148b3d3a119ae17fc318ad03237da1018e1859523d7"
 		score = 75
@@ -354874,8 +355485,8 @@ rule SIGNATURE_BASE_X64_Klock : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L475-L491"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L475-L491"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "44825e848bc3abdb6f31d0a49725bb6f498e9ccc"
 		logic_hash = "3fe00c08607d20daa055db2f551009ff1c447f1a651d4a78aba91621d53424f5"
 		score = 75
@@ -354901,8 +355512,8 @@ rule SIGNATURE_BASE_Dos_Down32 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L493-L508"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L493-L508"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0365738acd728021b0ea2967c867f1014fd7dd75"
 		logic_hash = "c1aaaaaaae2ea720d3fc1516d88d678895bcda81344e8c1f4f57e5a20e770123"
 		score = 75
@@ -354927,8 +355538,8 @@ rule SIGNATURE_BASE_Marathontool_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L510-L525"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L510-L525"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "75b5d25cdaa6a035981e5a33198fef0117c27c9c"
 		logic_hash = "7581b63a7bddeac93c65b2943b9f5f568464d8f300bc7385ca73880996bd390b"
 		score = 75
@@ -354953,8 +355564,8 @@ rule SIGNATURE_BASE_Scanms_Scanms : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L527-L544"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L527-L544"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "47787dee6ddea2cb44ff27b6a5fd729273cea51a"
 		logic_hash = "d6b33e603953194dab67104cbb9649710515050cf73afb18b2c9083a9e228e6d"
 		score = 75
@@ -354981,8 +355592,8 @@ rule SIGNATURE_BASE_CN_Tools_Pcshare : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L546-L565"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L546-L565"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ee7ba9784fae413d644cdf5a093bd93b73537652"
 		logic_hash = "57bd1629abe0af1345f505514b99deb4e63ebce7363f3b0abcb76e7201d9b7b7"
 		score = 75
@@ -355011,8 +355622,8 @@ rule SIGNATURE_BASE_Pw_Inspector : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L567-L582"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L567-L582"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4f8e3e101098fc3da65ed06117b3cb73c0a66215"
 		logic_hash = "3b54466d80692923b93689a9e43e30dfbc63e5982cb633120795817098d68e05"
 		score = 75
@@ -355037,8 +355648,8 @@ rule SIGNATURE_BASE_Dll_Loadex : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L584-L603"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L584-L603"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "213d9d0afb22fe723ff570cf69ff8cdb33ada150"
 		logic_hash = "588f4f4d0a2f8f8e76de0a5b1217191c1cace69f934582d4fc3c974fb94b8c3e"
 		score = 75
@@ -355067,8 +355678,8 @@ rule SIGNATURE_BASE_Dat_Report : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L605-L619"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L605-L619"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4582a7c1d499bb96dad8e9b227e9d5de9becdfc2"
 		logic_hash = "e3b21f37fae388958758af535727844d6e9696862fd9968340e1a619592c53b6"
 		score = 75
@@ -355092,8 +355703,8 @@ rule SIGNATURE_BASE_Dos_Iis7 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L621-L638"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L621-L638"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0a173c5ece2fd4ac8ecf9510e48e95f43ab68978"
 		logic_hash = "e0cbcb63cd2a542e6394792070392d393b2a3485f5a5ef3c6ba0f113ae9270ec"
 		score = 75
@@ -355120,8 +355731,8 @@ rule SIGNATURE_BASE_Switchsniffer : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L640-L654"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L640-L654"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1e7507162154f67dff4417f1f5d18b4ade5cf0cd"
 		logic_hash = "4c75473399a7d47b63c6247248fd2792c675740ac671028b1c0a8ba1a02f35aa"
 		score = 75
@@ -355145,8 +355756,8 @@ rule SIGNATURE_BASE_Dbexpora : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L656-L671"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L656-L671"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b55b007ef091b2f33f7042814614564625a8c79f"
 		logic_hash = "2dad6cedae6a3a446c2c4829516bffa5608ea4d1c13c907796cf4d13ec37965e"
 		score = 75
@@ -355171,8 +355782,8 @@ rule SIGNATURE_BASE_Sqlcracker : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L673-L690"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L673-L690"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1aa5755da1a9b050c4c49fc5c58fa133b8380410"
 		logic_hash = "3724f4b746da413f99880564ae72bc0de867120f1f7eacaf856d42492ebe359e"
 		score = 75
@@ -355199,8 +355810,8 @@ rule SIGNATURE_BASE_Freeversion_Debug : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L692-L711"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L692-L711"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d11e6c6f675b3be86e37e50184dadf0081506a89"
 		logic_hash = "f7f8302c70c5aed1885724a1bca4efdf0547cc5be62e7dd6bcd8cc2079f71f96"
 		score = 75
@@ -355229,8 +355840,8 @@ rule SIGNATURE_BASE_Dos_Look : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L713-L728"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L713-L728"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e1a37f31170e812185cf00a838835ee59b8f64ba"
 		logic_hash = "341c72eaa5db1953e008423374c3f322de0f8dc33fd8181362172982b52e2b8a"
 		score = 75
@@ -355255,8 +355866,8 @@ rule SIGNATURE_BASE_Ntgodmode : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L730-L747"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L730-L747"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8baac735e37523d28fdb6e736d03c67274f7db77"
 		logic_hash = "55efa908ebfcede207d3fe0b1072cce262af0e627e91ba8746e7a8924b8e75bd"
 		score = 75
@@ -355283,8 +355894,8 @@ rule SIGNATURE_BASE_Webcrack4_Routerpasswordcracking : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L749-L766"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L749-L766"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "00c68d1b1aa655dfd5bb693c13cdda9dbd34c638"
 		logic_hash = "48456f82163806852ecef3d71c2c8247f6c74c31ce28472c80a914a98247bdb3"
 		score = 75
@@ -355311,8 +355922,8 @@ rule SIGNATURE_BASE_Hscan_Gui : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L768-L783"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L768-L783"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1885f0b7be87f51c304b39bc04b9423539825c69"
 		logic_hash = "c87cfe78324638ac9d35c7fd1e47f24014c470b0892ceceaf394278d9706157b"
 		score = 75
@@ -355337,8 +355948,8 @@ rule SIGNATURE_BASE_S_Multifunction_Scanners_S : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L785-L809"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L785-L809"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "79b60ffa1c0f73b3c47e72118e0f600fcd86b355"
 		logic_hash = "96f0692c54d74388f8602a03475d95a2fcd89692dd189f9363592745a70c234b"
 		score = 75
@@ -355373,8 +355984,8 @@ rule SIGNATURE_BASE_HKTL_CN_Dos_Getpass : FILE
 		modified = "2023-01-06"
 		old_rule_name = "Dos_GetPass"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L811-L830"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L811-L830"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d18d952b24110b83abd17e042f9deee679de6a1a"
 		logic_hash = "ea1410984fb1f66422faa943f1f16873f4e0d5ff1afa68c2d28f36889e214a52"
 		score = 75
@@ -355402,8 +356013,8 @@ rule SIGNATURE_BASE_HKTL_CN_Update_Pcmain : FILE
 		modified = "2023-01-06"
 		old_rule_name = "update_PcMain"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L832-L858"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L832-L858"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "aa68323aaec0269b0f7e697e69cce4d00a949caa"
 		logic_hash = "aa905379f65a8d964b921f2b74b61d94f97536466a7fc48f05c437d617cf35f6"
 		score = 90
@@ -355437,8 +356048,8 @@ rule SIGNATURE_BASE_HKTL_CN_Dos_Sys : FILE
 		modified = "2023-01-06"
 		old_rule_name = "Dos_sys"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L860-L878"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L860-L878"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b5837047443f8bc62284a0045982aaae8bab6f18"
 		logic_hash = "3b3f55c45ebfe4ab6d8e6b06a3c452c84d4f755f984d913c683a49a8fd570d9d"
 		score = 75
@@ -355465,8 +356076,8 @@ rule SIGNATURE_BASE_HKTL_CN_Dat_Xpf : FILE
 		modified = "2023-01-06"
 		old_rule_name = "dat_xpf"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L880-L897"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L880-L897"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "761125ab594f8dc996da4ce8ce50deba49c81846"
 		logic_hash = "c46b10ef17a9fee2be15fc9cc8b8aeec94d656b86e7208e1ad1f5efcd95fddf5"
 		score = 75
@@ -355492,8 +356103,8 @@ rule SIGNATURE_BASE_HKTL_CN_Project1 : FILE
 		modified = "2023-01-06"
 		old_rule_name = "Project1"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L899-L916"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L899-L916"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d1a5e3b646a16a7fcccf03759bd0f96480111c96"
 		logic_hash = "c26590f13a185eb42a27d27e6b5996f7fdf4d5c146fb74062686f356ec4db47d"
 		score = 75
@@ -355518,8 +356129,8 @@ rule SIGNATURE_BASE_Arp_EMP_V1_0 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L918-L931"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L918-L931"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ae4954c142ad1552a2abaef5636c7ef68fdd99ee"
 		logic_hash = "e46b0f730945dad3c75b6865f30005f4d5fa09c53e3a27c275ca22da9cc89e8d"
 		score = 75
@@ -355542,8 +356153,8 @@ rule SIGNATURE_BASE_CN_Tools_Myupnp : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L933-L948"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L933-L948"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "15b6fca7e42cd2800ba82c739552e7ffee967000"
 		logic_hash = "0bdd0d98dc5218bbe799e5e510c5f27d74a1ef398b09962f4267f846088f726e"
 		score = 75
@@ -355568,8 +356179,8 @@ rule SIGNATURE_BASE_CN_Tools_Shiell : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L950-L966"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L950-L966"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b432d80c37abe354d344b949c8730929d8f9817a"
 		logic_hash = "44c494c24c090b21c3c201d57f910e8f4d5132a863715a090fa1e18c9d349d48"
 		score = 75
@@ -355595,8 +356206,8 @@ rule SIGNATURE_BASE_Cndcom_Cndcom : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L968-L988"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L968-L988"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "08bbe6312342b28b43201125bd8c518531de8082"
 		logic_hash = "226be7ea7b09b2b87eeec006c8054b9fb59eb8324def14a4a0db97f94fb39d62"
 		score = 75
@@ -355626,8 +356237,8 @@ rule SIGNATURE_BASE_Isdebug_V1_4 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L990-L1010"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L990-L1010"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ca32474c358b4402421ece1cb31714fbb088b69a"
 		logic_hash = "d656327c33533b5ef7dc70ec00250ee35d878794fae189829a0ecad958f96616"
 		score = 75
@@ -355657,8 +356268,8 @@ rule SIGNATURE_BASE_HTTPSCANNER : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1012-L1026"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1012-L1026"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ae2929346944c1ea3411a4562e9d5e2f765d088a"
 		logic_hash = "0f1460101198d8b139b7cc0674bef2fc7b3d2a24249f521396b7bbe4318a83d5"
 		score = 75
@@ -355682,8 +356293,8 @@ rule SIGNATURE_BASE_Hscan_V1_20_Pipecmd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1028-L1049"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1028-L1049"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "64403ce63b28b544646a30da3be2f395788542d6"
 		logic_hash = "91ed275896c2520893ba1af26b2563c0bd3564a9c5f9d812f35464469e27307b"
 		score = 75
@@ -355714,8 +356325,8 @@ rule SIGNATURE_BASE_Dos_Fp : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1051-L1067"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1051-L1067"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "41d57d356098ff55fe0e1f0bcaa9317df5a2a45c"
 		logic_hash = "cc09743269ee36862c95c9323ad271ca9b6c350cf25163d126fef0f86bc6f671"
 		score = 75
@@ -355741,8 +356352,8 @@ rule SIGNATURE_BASE_Dos_Netstat : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1069-L1085"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1069-L1085"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d0444b7bd936b5fc490b865a604e97c22d97e598"
 		logic_hash = "e2b908308616c3f2c94849b4f22f0e9bb130b5759d89161604505ff25681be55"
 		score = 75
@@ -355768,8 +356379,8 @@ rule SIGNATURE_BASE_CN_Tools_Xsniff : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1087-L1104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1087-L1104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d61d7329ac74f66245a92c4505a327c85875c577"
 		logic_hash = "a32d07ecd635ad71edaa37d9b1e5f66d8ce5a7f84f1bba6eb06deb1f49a879c8"
 		score = 75
@@ -355796,8 +356407,8 @@ rule SIGNATURE_BASE_Mssqlpass : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1106-L1121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1106-L1121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "172b4e31ed15d1275ac07f3acbf499daf9a055d7"
 		logic_hash = "8037316eb157f8693bd342911af5fe5292f3ef8a3c169c80bc70edbabd7a92e6"
 		score = 75
@@ -355822,8 +356433,8 @@ rule SIGNATURE_BASE_Wsockexpert : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1123-L1141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1123-L1141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2962bf7b0883ceda5e14b8dad86742f95b50f7bf"
 		logic_hash = "34ac3c5f0651ccab851d67da8863e0e305f981cf53a06d46c23f19736cc1c400"
 		score = 75
@@ -355851,8 +356462,8 @@ rule SIGNATURE_BASE_Ms_Viru_Racle : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1143-L1159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1143-L1159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "13116078fff5c87b56179c5438f008caf6c98ecb"
 		logic_hash = "d36db04c6a62a72e9f3079d09aedc9056c0a5032b4594af4d02ba55373f8b6a4"
 		score = 75
@@ -355878,8 +356489,8 @@ rule SIGNATURE_BASE_Lamescan3 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1161-L1177"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1161-L1177"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3130eefb79650dab2e323328b905e4d5d3a1d2f0"
 		logic_hash = "8246128fa4378b0479a0c051965188c7c3fa0f52c8acc8934ef8af3155a85590"
 		score = 75
@@ -355905,8 +356516,8 @@ rule SIGNATURE_BASE_CN_Tools_Pc : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1179-L1195"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1179-L1195"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5cf8caba170ec461c44394f4058669d225a94285"
 		logic_hash = "1da263362e4c2ec8194bb80bfc3f25ff8c4b708919ba02ea02687d5404b99720"
 		score = 75
@@ -355932,8 +356543,8 @@ rule SIGNATURE_BASE_Dos_Down64 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1197-L1215"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1197-L1215"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "43e455e43b49b953e17a5b885ffdcdf8b6b23226"
 		logic_hash = "d181c2075762fc3bb5b61bcdef57eb6533cb59dde03c4b901b6ce5b8323f3c8a"
 		score = 75
@@ -355961,8 +356572,8 @@ rule SIGNATURE_BASE_Epathobj_Exp32 : FILE
 		date = "2015-06-13"
 		modified = "2022-12-21"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1217-L1235"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1217-L1235"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ed86ff44bddcfdd630ade8ced39b4559316195ba"
 		logic_hash = "8959837257848a08240d0423971b9d3a850a7e9cc796de2c9b2d34814923f8ec"
 		score = 75
@@ -355989,8 +356600,8 @@ rule SIGNATURE_BASE_Tools_Unknown : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1237-L1254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1237-L1254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4be8270c4faa1827177e2310a00af2d5bcd2a59f"
 		logic_hash = "493bb63d4dd519efbf53a29fa44ef74f0a85943b2d9f49f11e3daa57c6b03d8e"
 		score = 75
@@ -356017,8 +356628,8 @@ rule SIGNATURE_BASE_PLUGIN_Ajunk : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1256-L1271"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1256-L1271"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "eb430fcfe6d13b14ff6baa4b3f59817c0facec00"
 		logic_hash = "e37504aab506138493ddc0979697502819824ef00c7931599130fafb5d84a7a9"
 		score = 75
@@ -356043,8 +356654,8 @@ rule SIGNATURE_BASE_Iisputscanner : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1273-L1316"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1273-L1316"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9869c70d6a9ec2312c749aa17d4da362fa6e2592"
 		logic_hash = "b2af9003cef528610280866bf00a9716b4421a5f7c65e7c8ec3202af9a592de1"
 		score = 75
@@ -356097,8 +356708,8 @@ rule SIGNATURE_BASE_Idtools_For_Winxp_Idttool_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1318-L1335"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1318-L1335"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "07feb31dd21d6f97614118b8a0adf231f8541a67"
 		logic_hash = "831f42abd7374b2ca2b4115a73aae2123e2212b0854d4cc0950b8e66a28e38a3"
 		score = 75
@@ -356125,8 +356736,8 @@ rule SIGNATURE_BASE_Hkmjjiis6 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1337-L1358"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1337-L1358"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4cbc6344c6712fa819683a4bd7b53f78ea4047d7"
 		logic_hash = "4ea95b7a5bd24e0dfdcef045d101b7f15e18b20f1328901bb340d9aaad336981"
 		score = 75
@@ -356157,8 +356768,8 @@ rule SIGNATURE_BASE_Dos_Lcx : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1360-L1384"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1360-L1384"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b6ad5dd13592160d9f052bb47b0d6a87b80a406d"
 		logic_hash = "bbe215fb27825b4f4bbfa71808ac945f341efbc70a21f79689065982a843d7f1"
 		score = 75
@@ -356192,8 +356803,8 @@ rule SIGNATURE_BASE_X_Way2_5_X_Way : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1386-L1407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1386-L1407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8ba8530fbda3e8342e8d4feabbf98c66a322dac6"
 		logic_hash = "6261de5db1e7527f7726effe26ed5f88638e6cb378db4c99183dddcd42ae231f"
 		score = 75
@@ -356224,8 +356835,8 @@ rule SIGNATURE_BASE_Tools_Sqlcmd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1409-L1428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1409-L1428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "99d56476e539750c599f76391d717c51c4955a33"
 		logic_hash = "aa600f7c56d72d767e9ca51d8b1ee2b2c62302ea1afbed39e4670debd30c5247"
 		score = 75
@@ -356254,8 +356865,8 @@ rule SIGNATURE_BASE_Sword1_5 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1430-L1449"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1430-L1449"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "96ee5c98e982aa8ed92cb4cedb85c7fda873740f"
 		logic_hash = "09e09f7ea16dc917388cbccb22a7abfed9b693a33d61698f0e838f029402c256"
 		score = 75
@@ -356284,8 +356895,8 @@ rule SIGNATURE_BASE_Tools_Scan : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1451-L1466"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1451-L1466"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c580a0cc41997e840d2c0f83962e7f8b636a5a13"
 		logic_hash = "d8bf2e4a4634f74ce548a5824090502f2ccef382bdbcaf795df711e88a325912"
 		score = 75
@@ -356310,8 +356921,8 @@ rule SIGNATURE_BASE_Dos_C : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1468-L1487"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1468-L1487"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3deb6bd52fdac6d5a3e9a91c585d67820ab4df78"
 		logic_hash = "2865b50e6a323462fab39bd84571939c618cf6f00e147039f6e699ba4d195a00"
 		score = 75
@@ -356340,8 +356951,8 @@ rule SIGNATURE_BASE_Arpsniffer : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1489-L1506"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1489-L1506"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7d8753f56fc48413fc68102cff34b6583cb0066c"
 		logic_hash = "eb0a425be0fff87eb58689a4eee4b6729e8ee985e6224790111322d4b182caf1"
 		score = 75
@@ -356368,8 +356979,8 @@ rule SIGNATURE_BASE_Pw_Inspector_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1508-L1524"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1508-L1524"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e0a1117ee4a29bb4cf43e3a80fb9eaa63bb377bf"
 		logic_hash = "7d2021ff471f03deb9e6d8b62fcb218ae3198f21fd7b8fa1fdd9b96228b8c2f8"
 		score = 75
@@ -356395,8 +357006,8 @@ rule SIGNATURE_BASE_Datpcshare : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1526-L1542"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1526-L1542"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "87acb649ab0d33c62e27ea83241caa43144fc1c4"
 		logic_hash = "15297a8019192371032fc11b966d1a89d951c176da6d64e80ca5a201f55341c0"
 		score = 75
@@ -356422,8 +357033,8 @@ rule SIGNATURE_BASE_Tools_Xport : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1544-L1565"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1544-L1565"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9584de562e7f8185f721e94ee3cceac60db26dda"
 		logic_hash = "9eea73732643f74b4802af0672f5c3ab09cc54cfecd80f8903efc26b7ceaec29"
 		score = 75
@@ -356454,8 +357065,8 @@ rule SIGNATURE_BASE_Pc_Xai : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1567-L1586"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1567-L1586"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f285a59fd931ce137c08bd1f0dae858cc2486491"
 		logic_hash = "80659fcf1721b20f459ac0480401bdf643c95b46118d03320bc6d4e4ee4b67f7"
 		score = 75
@@ -356484,8 +357095,8 @@ rule SIGNATURE_BASE_Radmin_Hash : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1588-L1605"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1588-L1605"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "be407bd5bf5bcd51d38d1308e17a1731cd52f66b"
 		logic_hash = "d6ee13a2ed30bb44471593386521f67be0d6ccd6f8a0ebf8557012a099f81d3d"
 		score = 75
@@ -356512,8 +357123,8 @@ rule SIGNATURE_BASE_Oseditor : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1607-L1624"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1607-L1624"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6773c3c6575cf9cfedbb772f3476bb999d09403d"
 		logic_hash = "6531c0b3c0f6123d9eda34ed028f05054e4805e5c329da4b29e4f37f9b5fc1b2"
 		score = 75
@@ -356540,8 +357151,8 @@ rule SIGNATURE_BASE_Goodtoolset_Ms11011 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1626-L1642"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1626-L1642"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5ad7a4962acbb6b0e3b73d77385eb91feb88b386"
 		logic_hash = "99dd27eba7da44c71098446e17abfe626de91e899e28c2d2e99e7b54b9e0c825"
 		score = 75
@@ -356567,8 +357178,8 @@ rule SIGNATURE_BASE_Freeversion_Release : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1644-L1662"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1644-L1662"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f42e4b5748e92f7a450eb49fc89d6859f4afcebb"
 		logic_hash = "38722afb3b955aced2e68e2048a3268722524f61784dcb45c6a695b5684230eb"
 		score = 75
@@ -356596,8 +357207,8 @@ rule SIGNATURE_BASE_Churrasco : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1664-L1681"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1664-L1681"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a8d4c177948a8e60d63de9d0ed948c50d0151364"
 		logic_hash = "36ca7c8d1579eeb571c182c033c312b3b231313b8950c1e24eeb3df793b004c4"
 		score = 75
@@ -356624,8 +357235,8 @@ rule SIGNATURE_BASE_X64_Kiwicmd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1682-L1697"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1682-L1697"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "569ca4ff1a5ea537aefac4a04a2c588c566c6d86"
 		logic_hash = "b49a70a49a67fbb57d643b38155482177f594bd1f01f5464c4f36b265aac48d8"
 		score = 75
@@ -356650,8 +357261,8 @@ rule SIGNATURE_BASE_Sql1433_SQL : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1699-L1715"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1699-L1715"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "025e87deadd1c50b1021c26cb67b76b476fafd64"
 		logic_hash = "5ceecc4f345cb603a0b03180f3f09f97e5f951b5d75c469aefffe3ec62916a8f"
 		score = 75
@@ -356675,8 +357286,8 @@ rule SIGNATURE_BASE_Cookietools2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1717-L1733"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1717-L1733"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cb67797f229fdb92360319e01277e1345305eb82"
 		logic_hash = "8ddb8ea0bc047877d91f25375745ab8fa66af28b6b41de36e0fb16ea8284fce5"
 		score = 75
@@ -356702,8 +357313,8 @@ rule SIGNATURE_BASE_Cyclotron : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1735-L1752"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1735-L1752"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5b63473b6dc1e5942bf07c52c31ba28f2702b246"
 		logic_hash = "f3a0edf54039479c9f4e46b20249465bbe1bca57f47afeba37965e6e3fc0127f"
 		score = 75
@@ -356730,8 +357341,8 @@ rule SIGNATURE_BASE_Xscan_Gui : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1754-L1770"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1754-L1770"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a9e900510396192eb2ba4fb7b0ef786513f9b5ab"
 		logic_hash = "366db7eb19725a0a42ce371d7bfb50a22a259f0bc0252927af626e8c1c0b9b59"
 		score = 75
@@ -356757,8 +357368,8 @@ rule SIGNATURE_BASE_CN_Tools_Hscan : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1772-L1792"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1772-L1792"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "17a743e40790985ececf5c66eaad2a1f8c4cffe8"
 		logic_hash = "9bc4800249bffcc4b8fc1191d600f0b9b2a7b0c1f067039c83c03671a0b4b5c5"
 		score = 75
@@ -356788,8 +357399,8 @@ rule SIGNATURE_BASE_Goodtoolset_Pr : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1794-L1812"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1794-L1812"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f6676daf3292cff59ef15ed109c2d408369e8ac8"
 		logic_hash = "0673bc445422f4339c9e81ff8ae8a9b2bb9bc1f107b85fe34906444a1754c43b"
 		score = 75
@@ -356817,8 +357428,8 @@ rule SIGNATURE_BASE_Hydra_7_4_1_Hydra : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1814-L1832"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1814-L1832"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3411d0380a1c1ebf58a454765f94d4f1dd714b5b"
 		logic_hash = "f52696cbf7355c982d1a1e0c73dce65324845c5ffc13c541e326720332b4788d"
 		score = 75
@@ -356846,8 +357457,8 @@ rule SIGNATURE_BASE_CN_Tools_Srss_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1834-L1856"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1834-L1856"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c418b30d004051bbf1b2d3be426936b95b5fea6f"
 		logic_hash = "e674ac7a99a67e2ebe8b4c4232e3435dd041b794f6c08a87ef7b8179127d6fc7"
 		score = 75
@@ -356878,8 +357489,8 @@ rule SIGNATURE_BASE_Dos_Ntgod : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1858-L1874"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1858-L1874"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "adefd901d6bbd8437116f0170b9c28a76d4a87bf"
 		logic_hash = "77b9204add5d25dcc36eabc07cabea2bdc67a23873c2faf7706e7fba5ed53f8b"
 		score = 75
@@ -356905,8 +357516,8 @@ rule SIGNATURE_BASE_CN_Tools_Vnclink : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1876-L1891"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1876-L1891"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "cafb531822cbc0cfebbea864489eebba48081aa1"
 		logic_hash = "21328e2a871dfcfda47991a1f1e897efd27471420d644c09a94004cf5b0f9869"
 		score = 75
@@ -356931,8 +357542,8 @@ rule SIGNATURE_BASE_Tools_Ntcmd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1893-L1911"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1893-L1911"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a3ae8659b9a673aa346a60844208b371f7c05e3c"
 		logic_hash = "c2487306a0d82ab76a048c001361c25bcd61d0f7a57a3b22df1c70299f0a72ba"
 		score = 75
@@ -356960,8 +357571,8 @@ rule SIGNATURE_BASE_Mysql_Pwd_Crack : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1913-L1930"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1913-L1930"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "57d1cb4d404688804a8c3755b464a6e6248d1c73"
 		logic_hash = "d272b98a6cf2749482ee501734d0043564ba528770161cb0ed4f032409305f22"
 		score = 75
@@ -356988,8 +357599,8 @@ rule SIGNATURE_BASE_Cmdshell64 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1932-L1951"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1932-L1951"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5b92510475d95ae5e7cd6ec4c89852e8af34acf1"
 		logic_hash = "fd8010ab2ab51feed62475f840ffaeef92cf1266c139b8f669b7fa5ff646fdab"
 		score = 75
@@ -357018,8 +357629,8 @@ rule SIGNATURE_BASE_Ms_Viru_V : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1953-L1971"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1953-L1971"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ecf4ba6d1344f2f3114d52859addee8b0770ed0d"
 		logic_hash = "028b589c11eeacb2edfeeaeaebf2da370e540cba964c9ebbb19e4c734afe190f"
 		score = 75
@@ -357047,8 +357658,8 @@ rule SIGNATURE_BASE_CN_Tools_Vscan : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1973-L1990"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1973-L1990"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0365fe05e2de0f327dfaa8cd0d988dbb7b379612"
 		logic_hash = "2bbf0a3fb2b3fc9b646c6f8fc021f65a38e1b64edd74301481051541f8938902"
 		score = 75
@@ -357075,8 +357686,8 @@ rule SIGNATURE_BASE_Dos_Iis : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L1992-L2011"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L1992-L2011"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "61ffd2cbec5462766c6f1c44bd44eeaed4f3d2c7"
 		logic_hash = "d6852af79eac659f4dfa3019793290e0498739f02a06c5540cd7d2c65b46b960"
 		score = 75
@@ -357105,8 +357716,8 @@ rule SIGNATURE_BASE_Iisputscannesr : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2013-L2027"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2013-L2027"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2dd8fee20df47fd4eed5a354817ce837752f6ae9"
 		logic_hash = "27c190050aabcdff3713b388adb0113ad2334c107a2a7b3d682c209b102cf642"
 		score = 75
@@ -357130,8 +357741,8 @@ rule SIGNATURE_BASE_HKTL_Unknown_CN_Generate : FILE
 		date = "2015-06-13"
 		modified = "2022-01-20"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2029-L2047"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2029-L2047"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2cb4c3916271868c30c7b4598da697f59e9c7a12"
 		logic_hash = "a83000880bd71f4ee6507cb448b611cb670a47a4dc47c400930d3a41ca594a5d"
 		score = 75
@@ -357158,8 +357769,8 @@ rule SIGNATURE_BASE_Pc_Rejoice : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2049-L2067"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2049-L2067"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fe634a9f5d48d5c64c8f8bfd59ac7d8965d8f372"
 		logic_hash = "9e22a98b5065a95a7f169fda8d6d4112101bffa11a1407e03ec152db41857206"
 		score = 75
@@ -357187,8 +357798,8 @@ rule SIGNATURE_BASE_Ms11080_Withcmd : FILE
 		date = "2015-06-13"
 		modified = "2022-12-21"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2069-L2087"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2069-L2087"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "745e5058acff27b09cfd6169caf6e45097881a49"
 		logic_hash = "cd7167269538a5dd197260682ad777f87e43cc2155acf3ce731d1a065395cf4a"
 		score = 75
@@ -357215,8 +357826,8 @@ rule SIGNATURE_BASE_Othertools_Xiaoa : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2089-L2107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2089-L2107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6988acb738e78d582e3614f83993628cf92ae26d"
 		logic_hash = "451ed602bd1e9dd7e4020108ea133b60c546965bd77be349d07be42150f80fee"
 		score = 75
@@ -357244,8 +357855,8 @@ rule SIGNATURE_BASE_Unknown2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2109-L2128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2109-L2128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "32508d75c3d95e045ddc82cb829281a288bd5aa3"
 		logic_hash = "dea499eaa87cc454a31672fb842539779926d50785ef827162fde84bfcdcc54a"
 		score = 75
@@ -357274,8 +357885,8 @@ rule SIGNATURE_BASE_Hydra_7_3_Hydra : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2130-L2147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2130-L2147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2f82b8bf1159e43427880d70bcd116dc9e8026ad"
 		logic_hash = "23194c2df0b8bdedc4fc66c423b0aebb10217de328a194b26560d4cc9a5531e3"
 		score = 75
@@ -357302,8 +357913,8 @@ rule SIGNATURE_BASE_Oraclescan : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2149-L2165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2149-L2165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "10ff7faf72fe6da8f05526367b3522a2408999ec"
 		logic_hash = "b9454f47123c32d6c6b51722aeadac9acc2a6232c259703c36ea00c83d8977e6"
 		score = 75
@@ -357329,8 +357940,8 @@ rule SIGNATURE_BASE_Sqltools : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2167-L2186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2167-L2186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "38a9caa2079afa2c8d7327e7762f7ed9a69056f7"
 		logic_hash = "35b84c3445e92d61ca5e638a2eb19128dca2174327c6325436287d8d3f0bb976"
 		score = 75
@@ -357360,8 +357971,8 @@ rule SIGNATURE_BASE_HKTL_Portscanner_533_NET_Jun15 : FILE
 		modified = "2023-12-05"
 		old_rule_name = "portscanner"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2188-L2205"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2188-L2205"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1de367d503fdaaeee30e8ad7c100dd1e320858a4"
 		logic_hash = "446cbc1b8046bfd182e0b1c98fe37c8b8ef98f600f5d80d9de83b45aeaf2b386"
 		score = 75
@@ -357387,8 +357998,8 @@ rule SIGNATURE_BASE_Kappfree : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2207-L2222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2207-L2222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e57e79f190f8a24ca911e6c7e008743480c08553"
 		logic_hash = "b1b644f9b033ac8372369e81628ee3f6fe094f80d11b8f4f6c192a5e81d2e543"
 		score = 75
@@ -357413,8 +358024,8 @@ rule SIGNATURE_BASE_Smartniff : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2224-L2239"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2224-L2239"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "67609f21d54a57955d8fe6d48bc471f328748d0a"
 		logic_hash = "bac770ae3c8e7f619da0b0ff4243716ff8212dce0f36c08c127af892548fe0b6"
 		score = 75
@@ -357439,8 +358050,8 @@ rule SIGNATURE_BASE_Chinachopper_Caidao : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2241-L2259"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2241-L2259"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "056a60ec1f6a8959bfc43254d97527b003ae5edb"
 		logic_hash = "7e16a452c98e36a4946bcede5552bef7f6fc82314b28b506307cf010a0890ea6"
 		score = 75
@@ -357468,8 +358079,8 @@ rule SIGNATURE_BASE_Kiwitaskmgr_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2261-L2276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2261-L2276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8bd6c9f2e8be3e74bd83c6a2d929f8a69422fb16"
 		logic_hash = "6d197e9b7bb9bbd759d6c8c882f7d7412512ba10208cb52a08fcde5e32fd1733"
 		score = 75
@@ -357494,8 +358105,8 @@ rule SIGNATURE_BASE_Kappfree_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2278-L2294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2278-L2294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5d578df9a71670aa832d1cd63379e6162564fb6b"
 		logic_hash = "1862f1283e8a268f523b3922b3630ebbca9a81cc5aed19e5068315e6346d25c2"
 		score = 75
@@ -357521,8 +358132,8 @@ rule SIGNATURE_BASE_X_Way2_5_Sqlcmd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2296-L2324"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2296-L2324"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5152a57e3638418b0d97a42db1c0fc2f893a2794"
 		logic_hash = "59fd25a786d56885e456fca154800a8313cd04a23fd9374361cc37b86be109a1"
 		score = 75
@@ -357560,8 +358171,8 @@ rule SIGNATURE_BASE_Win32_Klock : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2326-L2341"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2326-L2341"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7addce4434670927c4efaa560524680ba2871d17"
 		logic_hash = "e9f1d38de15ce06d55cf276e0f2becd9f9dbf5bd22f9061de03761d7ccdd3e60"
 		score = 75
@@ -357586,8 +358197,8 @@ rule SIGNATURE_BASE_Ipsearcher : FILE
 		date = "2015-06-13"
 		modified = "2022-12-21"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2343-L2360"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2343-L2360"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1e96e9c5c56fcbea94d26ce0b3f1548b224a4791"
 		logic_hash = "e63349ede826bc7b0e9c94d122e5b294c11a598fcf7096b80be726146e796a80"
 		score = 75
@@ -357613,8 +358224,8 @@ rule SIGNATURE_BASE_Ms10048_X64 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2362-L2378"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2362-L2378"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "418bec3493c85e3490e400ecaff5a7760c17a0d0"
 		logic_hash = "f6e353a9e4f751632ca5fda1663f0ba66b16b60df90570ccdaf836eaaa6a78ca"
 		score = 75
@@ -357640,8 +358251,8 @@ rule SIGNATURE_BASE_Hscangui : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2380-L2396"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2380-L2396"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "af8aced0a78e1181f4c307c78402481a589f8d07"
 		logic_hash = "9c0eb87dcf8aa107b5289d196650aebcf49c24f57a317de0afdadd61fb5bb5b7"
 		score = 75
@@ -357667,8 +358278,8 @@ rule SIGNATURE_BASE_Goodtoolset_Ms11080 : FILE
 		date = "2015-06-13"
 		modified = "2022-12-21"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2398-L2417"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2398-L2417"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f0854c49eddf807f3a7381d3b20f9af4a3024e9f"
 		logic_hash = "a5b03dded6146dae48bca962e7c5419c2ea69f8709ae7f2c9355bd178d5d77fb"
 		score = 75
@@ -357696,8 +358307,8 @@ rule SIGNATURE_BASE_Epathobj_Exp64 : FILE
 		date = "2015-06-13"
 		modified = "2022-12-21"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2419-L2438"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2419-L2438"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "09195ba4e25ccce35c188657957c0f2c6a61d083"
 		logic_hash = "dc4073a7d319cffbbce7b3c7b7cf02b007839b72fe14ec1fbdcd3343d57cf7bf"
 		score = 75
@@ -357725,8 +358336,8 @@ rule SIGNATURE_BASE_Kelloworld_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2440-L2455"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2440-L2455"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "55d5dabd96c44d16e41f70f0357cba1dda26c24f"
 		logic_hash = "a575c30c06bd84196cbf01a9b5ef3a042cf29553610421b019227d30a2c7ad1c"
 		score = 75
@@ -357751,8 +358362,8 @@ rule SIGNATURE_BASE_Hscan_V1_20_Hscan : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2457-L2474"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2457-L2474"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "568b06696ea0270ee1a744a5ac16418c8dacde1c"
 		logic_hash = "8e30c366c5d5c34a7b50ba4dec17a46c173196b773fff6965891802bcebeb112"
 		score = 75
@@ -357779,8 +358390,8 @@ rule SIGNATURE_BASE__Project1_Generate_Rejoice : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2476-L2497"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2476-L2497"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b66bb4d392881468b33a8ee4458f33bfe7a82d34cc3927eedccd54ad94ff6a04"
 		score = 75
 		quality = 85
@@ -357811,8 +358422,8 @@ rule SIGNATURE_BASE__Hscan_Hscan_Hscangui : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2499-L2519"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2499-L2519"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5466c3dd8b2b777186bfab9d0948905eb3692ce05cf4748fb5b7b896dc3cb251"
 		score = 75
 		quality = 85
@@ -357842,8 +358453,8 @@ rule SIGNATURE_BASE_Kiwi_Tools : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2521-L2554"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2521-L2554"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ce7b3c7d57740257013d9d589444a3b53e81254619bd3f09ece917c70bba03ce"
 		score = 75
 		quality = 85
@@ -357886,8 +358497,8 @@ rule SIGNATURE_BASE_Kiwi_Tools_Gentil_Kiwi : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cn_hacktools.yar#L2556-L2587"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cn_hacktools.yar#L2556-L2587"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1a88bb31e985ae2119b578494ce9130204b41eece5929865c0822cdc82eaba75"
 		score = 75
 		quality = 85
@@ -357929,8 +358540,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_1 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L13-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L13-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d8ed432fea930eb9b4d695a4a68b833f4324fe0bbea3f0ccac2fe5934bfa1c22"
 		score = 75
 		quality = 85
@@ -357954,8 +358565,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_2 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L33-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L33-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0c298176e5849b2b202089f27cffb7646243d19a90898bbf079a97d2f624a27e"
 		score = 75
 		quality = 85
@@ -357980,8 +358591,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_3 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L53-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L53-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ad39864eec58b1c655bd3d510faa314702d118cee845da55d189e7252174eafb"
 		score = 75
 		quality = 85
@@ -358005,8 +358616,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_4 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L68-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L68-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1889ce1101ebb352c33279d40641f1f2312c45c6f7e267f4912a9faf320e5971"
 		score = 75
 		quality = 85
@@ -358042,8 +358653,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_6 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L101-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L101-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ee671bc09cc0c84c9817ed800f1416a75f18a70fd2cf6a7e9f063fffa01fa003"
 		score = 75
 		quality = 85
@@ -358068,8 +358679,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_7 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L117-L130"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L117-L130"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "115774c17003408a04e4b2678f32392b5439b55f3d4688476f6f877520acf75d"
 		score = 75
 		quality = 85
@@ -358091,8 +358702,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_8 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L132-L145"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L132-L145"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1a42667463ff006b155c93b8986ab75441ba00d0c3c146c2d4c6929250627d8d"
 		score = 75
 		quality = 85
@@ -358115,8 +358726,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_10 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L147-L163"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L147-L163"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "14d0ab1114c168d7222a49e68ba12718b6285969e667b95be665d59b1fc98358"
 		score = 75
 		quality = 85
@@ -358141,8 +358752,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_11 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L165-L178"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L165-L178"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "847681b3e9d4fc38c483663f5a7e16e7f8f95cfa77728d7316edbe6fbf5fe2c1"
 		score = 75
 		quality = 85
@@ -358166,8 +358777,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_12 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L180-L201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L180-L201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "31798a39d10bfa4520d91e1f555302e9ac4e38d90f8bc27376a5e7e1ccfcc5e1"
 		score = 75
 		quality = 85
@@ -358196,8 +358807,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_13 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L203-L215"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L203-L215"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8cc611685a822e0484146a08f4ebc2fa8dd260dc8627929333060696d8dc35ce"
 		score = 75
 		quality = 85
@@ -358218,8 +358829,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_14 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L217-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L217-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "37515683804e9aa076a588048713b420501b2aaf6b8617501ef550484abd1c03"
 		score = 75
 		quality = 85
@@ -358243,8 +358854,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_15 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L233-L248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L233-L248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8541231fe1e48d7130aed64eee964f8eda6792b5dd3e708b98e9cc6f1f620cd0"
 		score = 75
 		quality = 85
@@ -358268,8 +358879,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_16 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L250-L263"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L250-L263"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2d0ee163e7f6f04bfe6941575d0916e18ce2e5c2426e0af326c9567560df3122"
 		score = 75
 		quality = 85
@@ -358292,8 +358903,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_17 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L265-L284"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L265-L284"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ca1dc3a03926af15527d2cb95c87457c285891d42a0aa642f49414153bcfc39e"
 		score = 75
 		quality = 85
@@ -358323,8 +358934,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_18 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L286-L313"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L286-L313"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8ec1a1262874f636906186b569d231d6e3dd97ed6ef5cbddcbaf9f80cee301a0"
 		score = 75
 		quality = 85
@@ -358356,8 +358967,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_19 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L315-L332"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L315-L332"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "218c16d1b67e3e80dc7fdaf67a869e92b39744cb336e70761ac960da36c00372"
 		score = 75
 		quality = 85
@@ -358385,8 +358996,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_20 : FILE
 		date = "2018-05-04"
 		modified = "2023-01-06"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L334-L355"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L334-L355"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e2739a89451a4eba0bae345203dd4c0e26f715bb079830e36c772861fdd0f4de"
 		score = 75
 		quality = 85
@@ -358413,8 +359024,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_21 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L357-L376"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L357-L376"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4fdb162575bd108bb35e5c8ed10f7cac7539a15349218222dbb82d8eae8ad4bb"
 		score = 75
 		quality = 85
@@ -358442,8 +359053,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_22 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L378-L395"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L378-L395"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "af2d7917f54ca365465383484b6d19a941d4801898d162a6d3afa7b7c8491a0f"
 		score = 75
 		quality = 85
@@ -358470,8 +359081,8 @@ rule SIGNATURE_BASE_MAL_Airdviper_Sample_Apr18_1 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L398-L422"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L398-L422"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cbe1f36320eb9640ffbb6495faf7e5a062c5929d022bb56cbf0ebee810ef4e94"
 		score = 75
 		quality = 85
@@ -358501,8 +359112,8 @@ rule SIGNATURE_BASE_MAL_Winnti_Sample_May18_1 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L426-L440"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L426-L440"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e235396de278120cbc4700f239c41e7f21e97ba111c07022ae505de540dda2bc"
 		score = 75
 		quality = 85
@@ -358527,8 +359138,8 @@ rule SIGNATURE_BASE_MAL_Visel_Sample_May18_1 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_burning_umbrella.yar#L442-L460"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_burning_umbrella.yar#L442-L460"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3200e3224e037a116451b09ce265c1794a05406876376531ac81eb720fcb6945"
 		score = 75
 		quality = 85
@@ -358553,8 +359164,8 @@ rule SIGNATURE_BASE_ONHAT_Proxy_Hacktool : FILE
 		date = "2016-05-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/p32Ozf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_onhat_proxy.yar#L8-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_onhat_proxy.yar#L8-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d8c088ecdedbd74ca174244c407c3bb27ccd082ec515c62ee19c93e0d45d3f3b"
 		score = 100
 		quality = 85
@@ -358587,8 +359198,8 @@ rule SIGNATURE_BASE_MAL_Exilerat_Feb19_1 : FILE
 		date = "2019-02-04"
 		modified = "2023-12-05"
 		reference = "https://creativecommons.org/licenses/by-nc/4.0/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_exile_rat.yar#L4-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_exile_rat.yar#L4-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0556bc0dbd33502d5bf823cf265a4e133d9af43076abe35a86cf5e20ab314e35"
 		score = 75
 		quality = 85
@@ -358615,8 +359226,8 @@ rule SIGNATURE_BASE_MAL_Compromised_Cert_Ducktail_Stealer_Jun23 : FILE
 		date = "2023-06-16"
 		modified = "2023-08-12"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_ducktail_compromised_certs_jun23.yar#L2-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_ducktail_compromised_certs_jun23.yar#L2-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9b7916700359d662e99003727f5293f5a937254ff265c3bc8bb8763e196daa0e"
 		score = 80
 		quality = 85
@@ -358657,8 +359268,8 @@ rule SIGNATURE_BASE_SUSP_Certificate_Payload : FILE
 		date = "2018-08-02"
 		modified = "2023-12-05"
 		reference = "https://blog.nviso.be/2018/08/02/powershell-inside-a-certificate-part-3/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_cert_payloads.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_cert_payloads.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "909cf4209bbb876a042d86e017f65ce3764d2fde7a602406ed8531ba97c9fb9b"
 		score = 50
 		quality = 85
@@ -358680,8 +359291,8 @@ rule SIGNATURE_BASE_Quasar_RAT_Jan18_1 : FILE
 		date = "2018-01-29"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_quasar_vermin.yar#L11-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_quasar_vermin.yar#L11-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4b2c8695a053a714e97f3e108f0f359d9e49151297a21e460b3201d8f4e72a89"
 		score = 75
 		quality = 85
@@ -358712,8 +359323,8 @@ rule SIGNATURE_BASE_Vermin_Keylogger_Jan18_1 : FILE
 		date = "2018-01-29"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_quasar_vermin.yar#L35-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_quasar_vermin.yar#L35-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a8afe017f32400e1e498d23746f5cb59c3c67f6abefe9b2e36bec81ca82ecfed"
 		score = 75
 		quality = 85
@@ -358755,8 +359366,8 @@ rule SIGNATURE_BASE_Apt_Backspace : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_backspace.yar#L6-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_backspace.yar#L6-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6cbfeb7526de65eb2e3c848acac05da1e885636d17c1c45c62ad37e44cd84f99"
 		logic_hash = "6fa86ada5c965bd9c199c2a1cf9b691499a3d423da7db50c8987b6725c0c0f29"
 		score = 75
@@ -358780,8 +359391,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Darkside_May21_1 : FILE
 		date = "2021-05-10"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/020c1740-717a-4191-8917-5819aa25f385/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_darkside.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_darkside.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "84de92b0b36e373aa61e314a04597bd0578a04af34c501ae9071e5f4fa27c07a"
 		score = 75
 		quality = 85
@@ -358809,8 +359420,8 @@ rule SIGNATURE_BASE_MAL_Ransomware_Win_DARKSIDE_V1_1 : FILE
 		date = "2021-03-22"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_darkside.yar#L25-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_darkside.yar#L25-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1a700f845849e573ab3148daef1a3b0b"
 		logic_hash = "b3612510bd1f2ca7543e217e97037b02d312bcda2b2df16d9be3216749ea4beb"
 		score = 75
@@ -358832,8 +359443,8 @@ rule SIGNATURE_BASE_MAL_Dropper_Win_Darkside_1 : FILE
 		date = "2021-05-11"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_darkside.yar#L39-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_darkside.yar#L39-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "131b3666ae444e0de043eafdf7cfd3324b927d18d8ad56d5004ea09b2da5610e"
 		score = 75
 		quality = 79
@@ -358860,8 +359471,8 @@ rule SIGNATURE_BASE_MAL_Backdoor_Win_C3_1 : FILE
 		date = "2021-05-11"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_darkside.yar#L58-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_darkside.yar#L58-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7cdac4b82a7573ae825e5edb48f80be5"
 		logic_hash = "369c54b9426edb449004466d30e1010ecefe8cfbea106306eb8eb90b27610dbf"
 		score = 75
@@ -358890,8 +359501,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Crime_Dearcry_Mar2021_1 : FILE
 		date = "2021-03-12"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/phillip_misner/status/1370197696280027136"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_dearcry_ransom.yar#L1-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_dearcry_ransom.yar#L1-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e55507475888087c84f9624f82516e8a40aaf59bf2fbea72129a1dd134b28110"
 		score = 75
 		quality = 85
@@ -358923,8 +359534,8 @@ rule SIGNATURE_BASE_MAL_CRIME_RANSOM_Dearcry_Mar21_1 : FILE
 		date = "2021-03-12"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/phillip_misner/status/1370197696280027136"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_dearcry_ransom.yar#L29-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_dearcry_ransom.yar#L29-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c4af7c29e917078f8658aca68ec95f8a03934f42c81fdd421639437e24f304bc"
 		score = 75
 		quality = 85
@@ -358955,8 +359566,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L12-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L12-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4df04daf70da482877874c530a3ad76fddebec2946931b60f98aa6c4e31f21ae"
 		score = 85
 		quality = 85
@@ -358979,8 +359590,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V2 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L28-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L28-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c9bdf38303fadee3e2cfc99b70942a92ab382817a28401e8c8ab8035384c97c1"
 		score = 85
 		quality = 85
@@ -359004,8 +359615,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V3 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L45-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L45-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e418620b45bc11804eae24db3cba8421758c214fc9f660a17761bbf3395ad744"
 		score = 85
 		quality = 85
@@ -359026,8 +359637,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V4 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L60-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L60-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eb8e4ed38e2e4d3991543c526c7dc458eec78c517d2c5eaa06a3a3cfb48d770f"
 		score = 85
 		quality = 85
@@ -359049,8 +359660,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V5 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L75-L91"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L75-L91"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e9660dfe76bfe1eb17b434f2ddef4975495e952396212c41550d932dbb8e8205"
 		score = 85
 		quality = 85
@@ -359074,8 +359685,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V7 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L112-L124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L112-L124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ff8443460e1818fd63e4dcf678bb592940b32978a70ab1633ebaa61c590d3916"
 		score = 85
 		quality = 85
@@ -359096,8 +359707,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L126-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L126-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6708239ea43fd36a7c9431cd2c6c185c0d406d65c4a31374c5e96bdc3e53de43"
 		score = 85
 		quality = 85
@@ -359118,8 +359729,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V3 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L140-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L140-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ebfedcec6f22d802a9980ad533f21e90b77fe929a813850be1b25304d3973c3b"
 		score = 85
 		quality = 85
@@ -359143,8 +359754,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V5 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L157-L171"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L157-L171"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b0929b808f62e3c59c0afbe959ebf67a3a985e0a0a72bcb112c9693a98351555"
 		score = 85
 		quality = 85
@@ -359167,8 +359778,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V6 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L173-L186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L173-L186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "93ce725a8af03d6f08eafe99ff3984e03a434b1f0071c6dbe560bafc3eefb576"
 		score = 85
 		quality = 85
@@ -359190,8 +359801,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V7 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L188-L208"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L188-L208"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dd65443065f044a2956ae51140423dab202effff5f12dd686f6c4fd54d8a4a0b"
 		score = 85
 		quality = 85
@@ -359220,8 +359831,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V9 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L210-L236"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L210-L236"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5947dbb08c9d0851b7993e5ccf177f97dcb330d4b390833843f69932c921ce7a"
 		score = 85
 		quality = 85
@@ -359255,8 +359866,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V10 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L238-L251"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L238-L251"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "62d47c1076b05bc9a531ef6e48f17f730932826b4b0f311887e3b14c639b937d"
 		score = 85
 		quality = 85
@@ -359278,8 +359889,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V11 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L253-L267"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L253-L267"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "72b9e4de0389df3a14f92660e91749dea4d31905eb7391163c3503bc953d661f"
 		score = 85
 		quality = 85
@@ -359302,8 +359913,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V14 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L269-L293"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L269-L293"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4abb1e1c68ced667f04a69c58c89187f9ccc0633c5dc5f396ba8d210bf405f93"
 		score = 85
 		quality = 85
@@ -359336,8 +359947,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V15 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L295-L310"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L295-L310"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fac61e80803941193c41ecf8b3fcbee21b5cc41542989ecd93542c32e87da983"
 		score = 85
 		quality = 85
@@ -359360,8 +359971,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V16 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L312-L329"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L312-L329"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "638cb66e5ff52ac5a1df0954969e7c54a3b25518228e4f8f344aafe6760985d2"
 		score = 85
 		quality = 85
@@ -359386,8 +359997,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V17 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L331-L347"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L331-L347"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ea2793e6ce9e9d97e70a9452a38eb4d5ddbcc275af6ae7f5d094dc77e112d278"
 		score = 85
 		quality = 85
@@ -359412,8 +360023,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V18 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L349-L376"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L349-L376"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d982b3b1407e140f586772ce409e47bd29e567af41e466cd94d0983c93aab917"
 		score = 85
 		quality = 85
@@ -359448,8 +360059,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V19 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L378-L404"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L378-L404"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "42bee6ddf0b13774efb6712135c3e0b4eae6364120f8973272820f5f669671d1"
 		score = 85
 		quality = 85
@@ -359483,8 +360094,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V20 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L406-L423"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L406-L423"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "72c62a764c5c7c19a07957fd6fbfcffd689900cc2759d408d239fe08a3b76b9c"
 		score = 85
 		quality = 85
@@ -359509,8 +360120,8 @@ rule SIGNATURE_BASE_IMPLANT_3_V1
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L425-L442"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L425-L442"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4c7b6c76bc10784abf96cc71b34ffc9a9de569fd536505528752221d22b26629"
 		score = 85
 		quality = 85
@@ -359536,8 +360147,8 @@ rule SIGNATURE_BASE_IMPLANT_3_V2 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L444-L464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L444-L464"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0a658888dcc7b7f4620f08449c6ec492756750e64f15b048f7cdee7de4fc0479"
 		score = 85
 		quality = 85
@@ -359565,8 +360176,8 @@ rule SIGNATURE_BASE_IMPLANT_3_V3 : FILE
 		date = "2017-02-10"
 		modified = "2021-03-15"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L466-L485"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L466-L485"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "313f837b90bcf09455427e4411acb5406f4dae9d69373d8d2c0cfc014e27ee96"
 		score = 65
 		quality = 85
@@ -359590,8 +360201,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L487-L503"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L487-L503"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "51135d9fe62f5fd1fb7ef6c386dcdd86525dd469064662c2314cfee6e952d6ec"
 		score = 85
 		quality = 85
@@ -359616,8 +360227,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V2 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L505-L520"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L505-L520"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dd4edd238cdc3d376c1d5bcea6c8df57f4ef03369c0ca22107241812e0a1bb94"
 		score = 85
 		quality = 85
@@ -359640,8 +360251,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V3_Alternativerule : HIGHVOL FILE
 		date = "2017-02-12"
 		modified = "2025-07-01"
 		reference = "US CERT Grizzly Steppe Report"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L788-L803"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L788-L803"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "35468f7699b96fcaaaa032eef7dae34ec314e9c652f9f8b2e8ca7343fb5cec50"
 		score = 75
 		quality = 85
@@ -359666,8 +360277,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V4 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L807-L822"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L807-L822"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "49c912f29f5ffbd90366a510285ef3f06c804af86829808c175c8be519ce01c4"
 		score = 85
 		quality = 85
@@ -359691,8 +360302,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V5 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L824-L838"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L824-L838"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9d4233ccf148919d0ad0be726b9dfa9e26a9afcebb7b26fa4db4c3da8c46d13e"
 		score = 85
 		quality = 85
@@ -359713,8 +360324,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V7 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L859-L881"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L859-L881"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "27ae70d384488660c1f80040503d3eb6541112fd6332edc5820bc6718d76b847"
 		score = 85
 		quality = 85
@@ -359745,8 +360356,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V8
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L883-L911"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L883-L911"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dd072702c59822587d7ede0bc59c5672fbaa9a05595940781554fadb32e109f7"
 		score = 85
 		quality = 85
@@ -359783,8 +360394,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V9
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L913-L933"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L913-L933"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c0e48bf0839965f9bda9cc475aba5b4934c27c426a8fa4423fb24aa9d792e2e4"
 		score = 85
 		quality = 77
@@ -359813,8 +360424,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V10 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L935-L966"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L935-L966"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f22fd45eb77ff1a8202f4bd0d0c43787c8184300e96aff021e13371ae7bd5553"
 		score = 85
 		quality = 81
@@ -359854,8 +360465,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V11 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L968-L985"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L968-L985"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7bdeddc4334ed6557175b5eefc78d69283d6c91f98970bd0cfe6365b3ab477f4"
 		score = 85
 		quality = 85
@@ -359880,8 +360491,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V13 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1011-L1032"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1011-L1032"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "576c07c44105d2a38ca715d366f68058b2b3118f25e91d2d3e2d20e932fc9453"
 		score = 85
 		quality = 85
@@ -359910,8 +360521,8 @@ rule SIGNATURE_BASE_IMPLANT_5_V1
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1034-L1051"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1034-L1051"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d94192d408036bf02052dc5145b78fea61323810b2abdbba64c65e1f6387ea42"
 		score = 85
 		quality = 85
@@ -359937,8 +360548,8 @@ rule SIGNATURE_BASE_IMPLANT_5_V2
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1053-L1192"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1053-L1192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "43e3df19ecd2068636b92c7a5c0399b22f8fa478e3e1562f392e78c5a268a1e5"
 		score = 85
 		quality = 60
@@ -360086,8 +360697,8 @@ rule SIGNATURE_BASE_IMPLANT_5_V3
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1194-L1207"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1194-L1207"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aec1314858732d30b62a033e85eea50b3375e4f5b0e1818a941979d5be672297"
 		score = 85
 		quality = 85
@@ -360109,8 +360720,8 @@ rule SIGNATURE_BASE_IMPLANT_5_V4
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1209-L1225"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1209-L1225"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "98a08860453496d9629f62c64fed50a24b8378dcfa39b8b654610c2ac9084fa8"
 		score = 85
 		quality = 85
@@ -360135,8 +360746,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1227-L1243"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1227-L1243"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c60402a029034545df302485c14e9485f806f2bc7d5fd759e84d1ecba9854837"
 		score = 85
 		quality = 85
@@ -360159,8 +360770,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V2 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1245-L1258"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1245-L1258"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7e81e8bcc305b9b7166db85d81278c96edf232bf60040ef15a2376f204ca3046"
 		score = 85
 		quality = 85
@@ -360181,8 +360792,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V3 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1260-L1275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1260-L1275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "833a6a3a4ff8ca43d4cf8053bfd1da49df96d9833dd3fe0f3ffbf6ce6c114681"
 		score = 85
 		quality = 85
@@ -360205,8 +360816,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V4 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1277-L1291"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1277-L1291"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f5388668e148223bc94680ea84e83b0f2896ccf433523d171c8f46d7069f9a4b"
 		score = 85
 		quality = 85
@@ -360228,8 +360839,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V5 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1293-L1327"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1293-L1327"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b3ba650818ddbc58ce272ae4851ae3151a8cf1c9cc6f8e234a50b52c95d951fe"
 		score = 85
 		quality = 85
@@ -360271,8 +360882,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V6 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1329-L1343"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1329-L1343"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "77b5f95cd897c82c200ee6fa3970824adccfd7c56639d92361095f919781d731"
 		score = 85
 		quality = 85
@@ -360294,8 +360905,8 @@ rule SIGNATURE_BASE_IMPLANT_7_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1368-L1381"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1368-L1381"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "996f81fe006e0ab15adab46275fdb60251e6c6616da33df600fadfc2684c24af"
 		score = 85
 		quality = 85
@@ -360317,8 +360928,8 @@ rule SIGNATURE_BASE_IMPLANT_8_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1383-L1411"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1383-L1411"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "437bda331405f9203747ffbfb107ec26e33973ebfc9f02e153697f7b8c22ad4f"
 		score = 65
 		quality = 85
@@ -360349,8 +360960,8 @@ rule SIGNATURE_BASE_IMPLANT_9_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1431-L1448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1431-L1448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1166ef923d39952f4131a693c58b8bab5dcbe87f6a6b548a706d1fa10a82e22c"
 		score = 85
 		quality = 85
@@ -360375,8 +360986,8 @@ rule SIGNATURE_BASE_IMPLANT_10_V2 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1469-L1482"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1469-L1482"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dc201d25b1d6cf8f88ae3bee18057902c4d64316aa9debc9248b0d8aa7f6d170"
 		score = 85
 		quality = 85
@@ -360398,8 +361009,8 @@ rule SIGNATURE_BASE_Unidentified_Malware_Two
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_grizzlybear_uscert.yar#L1521-L1543"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_grizzlybear_uscert.yar#L1521-L1543"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cd9adfb9e27e4d6b27498cc029e15132343f036cca60210528720a533fe20d9a"
 		score = 85
 		quality = 85
@@ -360429,8 +361040,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Unit78020_Sep15 : FILE
 		modified = "2023-01-31"
 		old_rule_name = "Unit78020_Malware_Gen1"
 		reference = "http://threatconnect.com/camerashy/?utm_campaign=CameraShy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unit78020_malware.yar#L8-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unit78020_malware.yar#L8-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "85244d4e2b9e03fa4ab8268ffbedffb839bca598b1e863d3d0b3914294d3ddf0"
 		score = 80
 		quality = 83
@@ -360477,8 +361088,8 @@ rule SIGNATURE_BASE_Unit78020_Malware_1 : FILE
 		date = "2015-09-24"
 		modified = "2023-12-05"
 		reference = "http://threatconnect.com/camerashy/?utm_campaign=CameraShy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unit78020_malware.yar#L60-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unit78020_malware.yar#L60-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a93d01f1cc2d18ced2f3b2b78319aadc112f611ab8911ae9e55e13557c1c791a"
 		logic_hash = "589dfb39630fd396b1f8c5d9d0ecccfc058edfd8e74e3bd06d1bfb9f91ad1798"
 		score = 75
@@ -360506,8 +361117,8 @@ rule SIGNATURE_BASE_Unit78020_Malware_Gen2 : FILE
 		date = "2015-09-24"
 		modified = "2023-12-05"
 		reference = "http://threatconnect.com/camerashy/?utm_campaign=CameraShy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unit78020_malware.yar#L80-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unit78020_malware.yar#L80-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fd3cb904499a985830543174126761a3cdcff134d61b93b1105a489c00bd042f"
 		score = 75
 		quality = 85
@@ -360538,8 +361149,8 @@ rule SIGNATURE_BASE_Unit78020_Malware_Gen3 : FILE
 		date = "2015-09-24"
 		modified = "2023-12-05"
 		reference = "http://threatconnect.com/camerashy/?utm_campaign=CameraShy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unit78020_malware.yar#L103-L132"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unit78020_malware.yar#L103-L132"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "304b3f429e144f1f4b0f7794e77f3059ec6b3e5c6fdf4c7b820a77db1cf8cfcb"
 		score = 75
 		quality = 85
@@ -360576,8 +361187,8 @@ rule SIGNATURE_BASE_APT_Sidewinder_NET_Loader_Aug_2020_1_1 : FILE
 		date = "2020-08-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ShadowChasing1/status/1297902086747598852"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sidewinder.yar#L4-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sidewinder.yar#L4-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5ee7029143c589f26e6c325e163bfac85507c950f09778bd51ec2bdf4d4263fa"
 		score = 75
 		quality = 83
@@ -360604,8 +361215,8 @@ rule SIGNATURE_BASE_APT_MAL_Sidewinder_Implant : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://cybersecurity.att.com/blogs/labs-research/a-global-perspective-of-the-sidewinder-apt"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sidewinder.yar#L24-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sidewinder.yar#L24-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bfad86dbdc04463e7e4cc126fd05fc9107617a7ea1bd3f283c0e0170862bd59b"
 		score = 75
 		quality = 85
@@ -360641,8 +361252,8 @@ rule SIGNATURE_BASE_Susp_Indicators_EXE : FILE
 		date = "2018-01-05"
 		modified = "2023-12-05"
 		reference = "https://pastebin.com/8qaiyPxs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_netwire_rat.yar#L11-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_netwire_rat.yar#L11-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9cb66435b78893daa5583475b14f0df2a5e8612f3aaf5cb02160991ab4d57d1b"
 		score = 60
 		quality = 85
@@ -360670,8 +361281,8 @@ rule SIGNATURE_BASE_Suspicious_BAT_Strings : FILE
 		date = "2018-01-05"
 		modified = "2023-12-05"
 		reference = "https://pastebin.com/8qaiyPxs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_netwire_rat.yar#L32-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_netwire_rat.yar#L32-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e643a5ef41d084e1b1a20be2c56328b72fedddbbce3c79d1e93cc8cfaa633e12"
 		score = 60
 		quality = 85
@@ -360693,8 +361304,8 @@ rule SIGNATURE_BASE_Malicious_BAT_Strings : FILE
 		date = "2018-01-05"
 		modified = "2023-12-05"
 		reference = "https://pastebin.com/8qaiyPxs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_netwire_rat.yar#L47-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_netwire_rat.yar#L47-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1f39b3fd11e7450eb1eaddeeca60aa4970568efda6053029f85df42e2f9fdd6e"
 		score = 60
 		quality = 85
@@ -360717,8 +361328,8 @@ rule SIGNATURE_BASE_Freemilk_APT_Mal_1 : FILE
 		date = "2017-10-05"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_freemilk.yar#L13-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_freemilk.yar#L13-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d66feceb01ecdd84345def58270a8788b563c99a7efadf9a3049c5fbbbd15da8"
 		score = 75
 		quality = 85
@@ -360750,8 +361361,8 @@ rule SIGNATURE_BASE_Freemilk_APT_Mal_2 : FILE
 		date = "2017-10-05"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_freemilk.yar#L41-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_freemilk.yar#L41-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ad2cc04542e93add3e7856574d4de5aa371cc31542f87b1e90d30e12e0149341"
 		score = 75
 		quality = 85
@@ -360777,8 +361388,8 @@ rule SIGNATURE_BASE_Freemilk_APT_Mal_3 : FILE
 		date = "2017-10-05"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_freemilk.yar#L62-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_freemilk.yar#L62-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "be68f624a2a374525857193d27f0645be5d10c198954dd90350448c3127e4bb5"
 		score = 75
 		quality = 83
@@ -360805,8 +361416,8 @@ rule SIGNATURE_BASE_Freemilk_APT_Mal_4 : FILE
 		date = "2017-10-05"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_freemilk.yar#L80-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_freemilk.yar#L80-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "deedb1da7e3421cd300fceea354a690e22005bab16eb0cc20b46f912393b637d"
 		score = 75
 		quality = 85
@@ -360835,8 +361446,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_Lazarus_VHD_Ransomware_Oct20_1 : FILE
 		date = "2020-10-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_vhd_ransomware.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_vhd_ransomware.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "95c56c5111bb227da8f8a3f8aa4f23e1348bc76ff76a05fc3cae89f9fad1bb52"
 		score = 75
 		quality = 85
@@ -360865,8 +361476,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_Lazarus_VHD_Ransomware_Oct20_2 : FILE
 		date = "2020-10-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_vhd_ransomware.yar#L26-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_vhd_ransomware.yar#L26-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cf28771a854b3bacc911375c09f6c6bc6ddebff95612a509890c56a5a14e8921"
 		score = 75
 		quality = 85
@@ -360891,8 +361502,8 @@ rule SIGNATURE_BASE_APT17_Sample_FXSST_DLL : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/ZiJyQv"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt17_malware.yar#L10-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt17_malware.yar#L10-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "52f1add5ad28dc30f68afda5d41b354533d8bce3"
 		logic_hash = "51d6da6c3ec46dc9e991a6a36de6d79626f1859296cda65e9027951c13aa4cd5"
 		score = 75
@@ -360925,8 +361536,8 @@ rule SIGNATURE_BASE_Wmimplant
 		date = "2017-03-24"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_wmi_implant.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_wmi_implant.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6422514d25b723e7ab92c1af1301e51d9a93aa41da98791d96c4754a91b5a18e"
 		score = 75
 		quality = 85
@@ -360954,8 +361565,8 @@ rule SIGNATURE_BASE_Malrtf_Ole2Link : EXPLOIT FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_rtf_ole2link.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_rtf_ole2link.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d7ef764a0006b81c2b50699aa1fccb35c7c7da982cb8d56e02097114468e298f"
 		score = 75
 		quality = 85
@@ -360981,8 +361592,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Embedded_Worddoc : FILE
 		date = "2023-01-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_100days_of_yara_2023.yar#L3-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_100days_of_yara_2023.yar#L3-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "120ca851663ef0ebef585d716c9e2ba67bd4870865160fec3b853156be1159c5"
 		logic_hash = "a53fbfe0ccb5a4ab2320cde10d17f29770d888cf21cda4fdccc3d7ae8d123293"
 		score = 65
@@ -361007,8 +361618,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Smallscreensize
 		date = "2023-01-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_100days_of_yara_2023.yar#L22-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_100days_of_yara_2023.yar#L22-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "285985c21e34f8412b49dbfe04abad9f93af195801d0a8870ec3795b8a9a3787"
 		score = 65
 		quality = 85
@@ -361031,8 +361642,8 @@ rule SIGNATURE_BASE_MAL_Janicab_LNK
 		date = "2023-01-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_100days_of_yara_2023.yar#L46-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_100days_of_yara_2023.yar#L46-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0c7e8427ee61672568983e51bf03e0bcf6f2e9c01d2524d82677b20264b23a3f"
 		hash = "22ede766fba7551ad0b71ef568d0e5022378eadbdff55c4a02b42e63fcb3b17c"
 		hash = "4920e6506ca557d486e6785cb5f7e4b0f4505709ffe8c30070909b040d3c3840"
@@ -361064,8 +361675,8 @@ rule SIGNATURE_BASE_SUSP_ELF_Invalid_Version : FILE
 		date = "2023-01-01"
 		modified = "2023-12-05"
 		reference = "https://tmpout.sh/1/1.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_100days_of_yara_2023.yar#L70-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_100days_of_yara_2023.yar#L70-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "05379bbf3f46e05d385bbd853d33a13e7e5d7d50"
 		logic_hash = "33f096318647867bcd90d7ba77878f43d34477b2b2cbd7410c191e60573d6cd5"
 		score = 55
@@ -361085,8 +361696,8 @@ rule SIGNATURE_BASE_MAL_ELF_Torchtriton : FILE
 		date = "2023-01-02"
 		modified = "2023-12-05"
 		reference = "https://www.bleepingcomputer.com/news/security/pytorch-discloses-malicious-dependency-chain-compromise-over-holidays/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_100days_of_yara_2023.yar#L88-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_100days_of_yara_2023.yar#L88-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2385b29489cd9e35f92c072780f903ae2e517ed422eae67246ae50a5cc738a0e"
 		logic_hash = "12de3c3785aaf3623097db58abfe8ee2cbd9a0e712bf752165952de9a5fdb07d"
 		score = 75
@@ -361117,8 +361728,8 @@ rule SIGNATURE_BASE_MAL_GOLDBACKDOOR_LNK
 		date = "2023-01-02"
 		modified = "2023-12-05"
 		reference = "https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_100days_of_yara_2023.yar#L119-L142"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_100days_of_yara_2023.yar#L119-L142"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "120ca851663ef0ebef585d716c9e2ba67bd4870865160fec3b853156be1159c5"
 		logic_hash = "043d01758c722964e848e51cf2747c5879f03f0fd43af827e2035abf113daf9d"
 		score = 75
@@ -361149,8 +361760,8 @@ rule SIGNATURE_BASE_MAL_EXE_Lockbit_V2 : FILE
 		date = "2023-01-01"
 		modified = "2023-01-06"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_100days_of_yara_2023.yar#L144-L169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_100days_of_yara_2023.yar#L144-L169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "00260c390ffab5734208a7199df0e4229a76261c3f5b7264c4515acb8eb9c2f8"
 		logic_hash = "9472727d75e34d8bf87c56b74a6dfc04052e621b5fe31732ea9a10c76a05e0c0"
 		score = 80
@@ -361181,8 +361792,8 @@ rule SIGNATURE_BASE_MAL_EXE_Prestigeransomware : FILE
 		date = "2023-01-04"
 		modified = "2023-01-06"
 		reference = "https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_100days_of_yara_2023.yar#L171-L195"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_100days_of_yara_2023.yar#L171-L195"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "5fc44c7342b84f50f24758e39c8848b2f0991e8817ef5465844f5f2ff6085a57"
 		logic_hash = "2f51ca71d28c8d0df8de22011e16919672d5f9d3f3d94594c5d0cbf7f1585a1e"
 		score = 80
@@ -361211,8 +361822,8 @@ rule SIGNATURE_BASE_MAL_EXE_Royalransomware : FILE
 		date = "2023-01-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_100days_of_yara_2023.yar#L197-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_100days_of_yara_2023.yar#L197-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a8384c9e3689eb72fa737b570dbb53b2c3d103c62d46747a96e1e1becf14dfea"
 		logic_hash = "6f93bade7709945b478cbdc721d85ad9243d56ace19fba25835cec13a6210dfb"
 		score = 75
@@ -361243,8 +361854,8 @@ rule SIGNATURE_BASE_MAL_PY_Dimorf
 		date = "2023-01-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/Ort0x36/Dimorf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_100days_of_yara_2023.yar#L224-L242"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_100days_of_yara_2023.yar#L224-L242"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7499b21f77d07364983b94134a60f7c99e71a5392386437d459a196bf71852fb"
 		score = 75
 		quality = 85
@@ -361270,8 +361881,8 @@ rule SIGNATURE_BASE_Equationgroup_Emptycriss : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L15-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L15-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fcfbe4a8a959491dfba9e5d958e43221d83a1e49dcf005872a1b71efb1226d99"
 		score = 75
 		quality = 85
@@ -361296,8 +361907,8 @@ rule SIGNATURE_BASE_Equationgroup_Scripme : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L32-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L32-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5cffded6563bb3c94868f25e086be8d92837a7656707bf4e6a9e9f375d9ee7e0"
 		score = 75
 		quality = 85
@@ -361323,8 +361934,8 @@ rule SIGNATURE_BASE_Equationgroup_Crypttool : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L50-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L50-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ae2d5eda038326376511450e1f5bd2bbf6264d23df013b005b322d70eb6266a0"
 		score = 75
 		quality = 85
@@ -361348,8 +361959,8 @@ rule SIGNATURE_BASE_Equationgroup_Dumppoppy : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L66-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L66-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b6fb6a3799196375796da6f3a0169246145e668019dd692da67ca6f06d09c3dc"
 		score = 75
 		quality = 85
@@ -361374,8 +361985,8 @@ rule SIGNATURE_BASE_Equationgroup_Auditcleaner : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L84-L102"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L84-L102"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "30a6ae9ce7d02c1d945d57eabf29f430ad4cdbc48dba5fe71654efc2c59fde08"
 		score = 75
 		quality = 85
@@ -361402,8 +362013,8 @@ rule SIGNATURE_BASE_Equationgroup_Reverse_Shell : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L104-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L104-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6dc388fecbf606b19c04626d64f5fe4184f07c2a1597a6f8337aa4a827b2d89b"
 		score = 75
 		quality = 85
@@ -361427,8 +362038,8 @@ rule SIGNATURE_BASE_Equationgroup_Tnmunger : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L120-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L120-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ddb957ca9350288d0fa98ba20847a99dcba931b5a03d0ae94cd3409f82f728eb"
 		score = 75
 		quality = 85
@@ -361452,8 +362063,8 @@ rule SIGNATURE_BASE_Equationgroup_Ys_Ratload : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L136-L151"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L136-L151"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "82d00b7eecdb60911ecd933387eeb2ce4eec9721993beee60247d1273ad3368f"
 		score = 75
 		quality = 85
@@ -361478,8 +362089,8 @@ rule SIGNATURE_BASE_Equationgroup_Eh_1_1_0 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L153-L168"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L153-L168"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d0972bb57076606b3c84f3cbbb0be85cd5663c7cd6f6d9f09a2991cb6532bfa9"
 		score = 75
 		quality = 85
@@ -361504,8 +362115,8 @@ rule SIGNATURE_BASE_Equationgroup_Evolvingstrategy_1_0_1 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L170-L188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L170-L188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "87d25f1a4ca4a75292ab6cdcd1a79890c4475c2a9b34761ed92988bd517b4497"
 		score = 75
 		quality = 85
@@ -361531,8 +362142,8 @@ rule SIGNATURE_BASE_Equationgroup_Toast_V3_2_0 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L190-L205"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L190-L205"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a505eaafb6882e2701fe0a9b8712f85c1073d83291436eeaa7f4c52876d12359"
 		score = 75
 		quality = 85
@@ -361557,8 +362168,8 @@ rule SIGNATURE_BASE_Equationgroup_Sshobo : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L207-L223"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L207-L223"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "90c892e06ccedb6a3208d728e9f3c27c14bbe1b4c13b63d4a350bbbf38efbe9d"
 		score = 75
 		quality = 85
@@ -361584,8 +362195,8 @@ rule SIGNATURE_BASE_Equationgroup_Magicjack_V1_1_0_0_Client_1_1_0_0 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L225-L239"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L225-L239"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "44e853b8d148f84107d29449aa44b2e52226c9d2f397c019aa0f1d347863e388"
 		score = 75
 		quality = 85
@@ -361609,8 +362220,8 @@ rule SIGNATURE_BASE_Equationgroup_Packrat : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L241-L256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L241-L256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7e88e14e0d9c8e8f5ccca3bea78b875bf75fbf0dd54badc339237ca94f0d6373"
 		score = 75
 		quality = 85
@@ -361635,8 +362246,8 @@ rule SIGNATURE_BASE_Equationgroup_Telex : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L258-L274"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L258-L274"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9661bc43831307cb04883cfe8e54ebb2fe72bf3d7731b2b483cd19c40a5aeaa9"
 		score = 75
 		quality = 85
@@ -361662,8 +362273,8 @@ rule SIGNATURE_BASE_Equationgroup_Calserver : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L276-L291"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L276-L291"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "85080074058703a696ac7f978abd8f4d5234f6553c19736fb52375421c4af42b"
 		score = 75
 		quality = 85
@@ -361688,8 +362299,8 @@ rule SIGNATURE_BASE_Equationgroup_Porkclient : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L293-L308"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L293-L308"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4de13f1cac8698fc86e44d29143877924aec4e6712415ee6b35810afed8072d6"
 		score = 75
 		quality = 85
@@ -361714,8 +362325,8 @@ rule SIGNATURE_BASE_Equationgroup_Electricslide : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L310-L326"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L310-L326"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0803b61afc592d4fba523dc54d8f856a557b916a9f6e256efccd50178e8e024c"
 		score = 75
 		quality = 85
@@ -361741,8 +362352,8 @@ rule SIGNATURE_BASE_Equationgroup_Libxmexploit2 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L328-L343"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L328-L343"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7bd88d15cca38e91c65e8373194e35ab9492a80eb27b22ad4000e192f2d9b886"
 		score = 75
 		quality = 85
@@ -361767,8 +362378,8 @@ rule SIGNATURE_BASE_Equationgroup_Wrap_Telnet : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L345-L360"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L345-L360"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aa7fda8b95b697bb0541642677579f9db9df379048421481cdb66068032bf681"
 		score = 75
 		quality = 85
@@ -361793,8 +362404,8 @@ rule SIGNATURE_BASE_Equationgroup_Elgingamble
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L362-L378"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L362-L378"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e561794d969b6198f71115087db8cc89043f2079252eef22458450e16596b0eb"
 		score = 75
 		quality = 85
@@ -361820,8 +362431,8 @@ rule SIGNATURE_BASE_Equationgroup_Cmsd : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L380-L397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L380-L397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2b9c7ef750c2e45df7839395db51c93204bc9855f5de05bd59c50bb6a964bc8b"
 		score = 75
 		quality = 85
@@ -361847,8 +362458,8 @@ rule SIGNATURE_BASE_Equationgroup_Ebbshave : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L399-L415"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L399-L415"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8a1a5ddefc646dc55161eb9b2a1b0e4176df7e99660db48b245af3ef9ab0871c"
 		score = 75
 		quality = 85
@@ -361874,8 +362485,8 @@ rule SIGNATURE_BASE_Equationgroup_Eggbasket : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L417-L432"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L417-L432"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e4800d5c820a18d3483dc5c055c0e2f5374ce3b160ecb4d940a00ec4a90ca50d"
 		score = 75
 		quality = 85
@@ -361900,8 +362511,8 @@ rule SIGNATURE_BASE_Equationgroup_Jparsescan : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L434-L448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L434-L448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d86b6757abb5ad1902e91f100e6a6bea52e6e14684d184b6b8138270484275f4"
 		score = 75
 		quality = 85
@@ -361925,8 +362536,8 @@ rule SIGNATURE_BASE_Equationgroup_Sambal : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L450-L467"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L450-L467"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6066332b16996a9d8635d3752f46c6529cfc2c94d3d6f0c9791f2068c982bf3e"
 		score = 75
 		quality = 85
@@ -361953,8 +362564,8 @@ rule SIGNATURE_BASE_Equationgroup_Pclean_V2_1_1_2 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L469-L483"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L469-L483"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9323ef0c76348d242b010cf0f1c6a1bf5dd120a02418350bb0ed137f468ac624"
 		score = 75
 		quality = 85
@@ -361978,8 +362589,8 @@ rule SIGNATURE_BASE_Equationgroup_Envisioncollision : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L485-L501"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L485-L501"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8cd8c24b212ca71feb6093682fc614c88790c10d7c7d72dac65b047e5791894a"
 		score = 75
 		quality = 85
@@ -362005,8 +362616,8 @@ rule SIGNATURE_BASE_Equationgroup_Cmsex : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L503-L520"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L503-L520"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "997e08a49c5ae82bcc590e5febd449a4d3e9098f5aa154ccc0824b976f0a6365"
 		score = 75
 		quality = 85
@@ -362033,8 +362644,8 @@ rule SIGNATURE_BASE_Equationgroup_Exze : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L522-L537"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L522-L537"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b8678f58da689be9507a345b6b80ece6cdb7a78d73db339bdc15ad0a66b4a2e6"
 		score = 75
 		quality = 85
@@ -362059,8 +362670,8 @@ rule SIGNATURE_BASE_Equationgroup_DUL : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L539-L553"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L539-L553"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "55df9a844352babf0c30075139e2a62cbf9db898280546d27b172e4d611ce1c0"
 		score = 75
 		quality = 85
@@ -362084,8 +362695,8 @@ rule SIGNATURE_BASE_Equationgroup_Slugger2 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L555-L574"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L555-L574"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c736fdfa96d5e99bc4d093c03a81b8a4f58501ec8c03a2891f9f694d88b5284"
 		score = 75
 		quality = 85
@@ -362113,8 +362724,8 @@ rule SIGNATURE_BASE_Equationgroup_Ebbisland : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L576-L594"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L576-L594"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1f4b5054d4239e23146f0764ffe9037b658ecdb9a5f479956c5c45abc1012a17"
 		score = 75
 		quality = 85
@@ -362142,8 +362753,8 @@ rule SIGNATURE_BASE_Equationgroup_Jackpop : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L596-L614"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L596-L614"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6efc4ccd2727f93713ad35dc1f054fa25e976e8c3d95f00226fbd56d7f1ce30b"
 		score = 75
 		quality = 85
@@ -362170,8 +362781,8 @@ rule SIGNATURE_BASE_Equationgroup_Parsescan : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L616-L630"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L616-L630"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "25e0bc21f93cd72814cd6114883ed903af84a62dced126201b6037a476dbd2cd"
 		score = 75
 		quality = 85
@@ -362195,8 +362806,8 @@ rule SIGNATURE_BASE_Equationgroup_Jscan : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L632-L646"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L632-L646"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d3bbdb90da9fa5b8b41a8b5d35a9b42e4fa15f291146575b0ef22e81441dcbde"
 		score = 75
 		quality = 85
@@ -362220,8 +362831,8 @@ rule SIGNATURE_BASE_Equationgroup_Promptkill : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L648-L662"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L648-L662"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7b46161b8cbb9a539171349b3e2a58f8e5a48c344b6d99020b3e96da9c878771"
 		score = 75
 		quality = 85
@@ -362245,8 +362856,8 @@ rule SIGNATURE_BASE_Equationgroup_Epoxyresin_V1_0_0 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L664-L681"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L664-L681"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c1cbc18f05b299837463aa27a9c47ea0355ca5974b2c6ab1e0a18cc9ad1b26a1"
 		score = 75
 		quality = 83
@@ -362272,8 +362883,8 @@ rule SIGNATURE_BASE_Equationgroup_Estopmoonlit : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L683-L699"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L683-L699"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "06293b6f48d2595f3426088cddc4b0c4d1ebc1de90fa640d5b5e806a45a2b6bd"
 		score = 75
 		quality = 85
@@ -362299,8 +362910,8 @@ rule SIGNATURE_BASE_Equationgroup_Envoytomato : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L701-L715"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L701-L715"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f15b3b4281ec45a7a71c9bf8b88c60befec665f78b76a615c5912a6b7f94235b"
 		score = 75
 		quality = 85
@@ -362324,8 +362935,8 @@ rule SIGNATURE_BASE_Equationgroup_Smash : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L717-L732"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L717-L732"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "073496e34dded05be40ee851442f9c0ec998f35e02a5d4221677a195b792f786"
 		score = 75
 		quality = 85
@@ -362350,8 +362961,8 @@ rule SIGNATURE_BASE_Equationgroup_Ratload : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L734-L749"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L734-L749"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "34298175663a01b26e317c31c720f2f4fe93a5c7e375c9642664479d8672e8cd"
 		score = 75
 		quality = 85
@@ -362376,8 +362987,8 @@ rule SIGNATURE_BASE_Equationgroup_Ys : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L751-L766"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L751-L766"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4962cc732ce3dea6dc52c7d91ce94089eb4498ba4c442ecc6363ea75de47de31"
 		score = 75
 		quality = 85
@@ -362402,8 +363013,8 @@ rule SIGNATURE_BASE_Equationgroup_Ewok : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L768-L784"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L768-L784"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d10d75885daa8cd20e5d7d7e142d1e7a2dbc10a50debf7892629f67b948bbdbe"
 		score = 75
 		quality = 85
@@ -362429,8 +363040,8 @@ rule SIGNATURE_BASE_Equationgroup_Xspy : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L786-L799"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L786-L799"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "94ab45d6c94c63c5c9c68ee3d509143af4eb574058c0cd4f26eed8058dbd9213"
 		score = 75
 		quality = 85
@@ -362453,8 +363064,8 @@ rule SIGNATURE_BASE_Equationgroup_Estesfox
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L801-L814"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L801-L814"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bfbc8ac62dcb61b492b1803de535f51ceb54ac83e45071270a6ef5faeaa521b2"
 		score = 75
 		quality = 85
@@ -362477,8 +363088,8 @@ rule SIGNATURE_BASE_Equationgroup_Elatedmonkey_1_0_1_1 : FILE
 		date = "2017-04-08"
 		modified = "2022-08-18"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L816-L832"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L816-L832"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "756337ecb951357c5440ea2fe010982089539c35dc556288d61db6de22348c1f"
 		score = 75
 		quality = 85
@@ -362503,8 +363114,8 @@ rule SIGNATURE_BASE_Equationgroup_Scanner : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L834-L849"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L834-L849"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b0454fd41d3591fc5811da6407a422b7c28d0b923109cdfa85b337cc7fffb178"
 		score = 75
 		quality = 85
@@ -362529,8 +363140,8 @@ rule SIGNATURE_BASE_Equationgroup__Ftshell_Ftshell_V3_10_3_0 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L853-L871"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L853-L871"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1eb7915fd057b2cc5f788ca11b3c71210ce5e7ac29c52790c249490435e62926"
 		score = 75
 		quality = 85
@@ -362558,8 +363169,8 @@ rule SIGNATURE_BASE_Equationgroup__Scanner_Scanner_V2_1_2 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L873-L892"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L873-L892"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c42aaacea1347fd64d7f91421f692e77e33e273d4c2e71806ef7f5f086aba11"
 		score = 75
 		quality = 85
@@ -362588,8 +363199,8 @@ rule SIGNATURE_BASE_Equationgroup__Ghost_Sparc_Ghost_X86_3 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L894-L912"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L894-L912"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c4ad8e06934c1ece520863951f14cbf86d1bc4bba97aede1d58def1e5c7df4eb"
 		score = 75
 		quality = 85
@@ -362617,8 +363228,8 @@ rule SIGNATURE_BASE_Equationgroup__Pclean_V2_1_1_Pclean_V2_1_1_4 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L914-L930"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L914-L930"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5622d6fff876fa5d07795491d14f0396378c1b07b69cf8bcabb5e0bd3c19e72a"
 		score = 75
 		quality = 85
@@ -362644,8 +363255,8 @@ rule SIGNATURE_BASE_Equationgroup__Jparsescan_Parsescan_5 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L932-L950"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L932-L950"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "719baa53db53f4cc4f3e9ed935814e42e5cb4b7fb8eaaa373feb73df69bfcde0"
 		score = 75
 		quality = 85
@@ -362673,8 +363284,8 @@ rule SIGNATURE_BASE_Equationgroup__Funnelout_V4_1_0_1 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L952-L969"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L952-L969"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ae0b387725017de2766593ea55677dca36eee68107e0692a7d5e2526db74765b"
 		score = 75
 		quality = 85
@@ -362701,8 +363312,8 @@ rule SIGNATURE_BASE_Equationgroup__Magicjack_V1_1_0_0_Client : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L971-L988"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L971-L988"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5e22b01aa9b1283fa7a326b7c0f8047ed373fac750c89e9ba02c49f0f454e275"
 		score = 75
 		quality = 85
@@ -362729,8 +363340,8 @@ rule SIGNATURE_BASE_Equationgroup__Ftshell : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L990-L1007"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L990-L1007"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "84c646b2c81f870f650fafd26471017b00b3b7020e72390f818304958e694572"
 		score = 75
 		quality = 85
@@ -362757,8 +363368,8 @@ rule SIGNATURE_BASE_Equationgroup_Store_Linux_I386_V_3_3_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1018-L1033"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1018-L1033"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f284c2fecee23f01f83e0534d7d56a88b102e6dcc02a26321fe246604dc8cb0e"
 		score = 75
 		quality = 85
@@ -362783,8 +363394,8 @@ rule SIGNATURE_BASE_Equationgroup_Morerats_Client_Genkey : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1035-L1049"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1035-L1049"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c1d823e297b0b1f47f12a3240d59f5ecc482f1140e5b2962f76ec2fff719664a"
 		score = 75
 		quality = 85
@@ -362808,8 +363419,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursetingle_2_0_1_2_Mswin32_V_2_0_1 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1051-L1065"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1051-L1065"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bc27edc946beb5065d4fe43e53a33b448c24c7dd3eae0cedd4770c02fce7836b"
 		score = 75
 		quality = 85
@@ -362833,8 +363444,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursesleepy_Mswin32_V_1_0_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1067-L1082"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1067-L1082"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0dcbf2b314ff9c392ae0cb4f14762dd20c6b85f7f547af683db3aea1c57dee57"
 		score = 75
 		quality = 85
@@ -362859,8 +363470,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursehelper_Win2K_I686_V_2_2_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1084-L1100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1084-L1100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f6c92fc3540750a1223682b1672575b3a3120f5ebf63190a9b31d7e4e5ce13c7"
 		score = 75
 		quality = 85
@@ -362885,8 +363496,8 @@ rule SIGNATURE_BASE_Equationgroup_Morerats_Client_Addkey : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1102-L1117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1102-L1117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ec5b7499e3c3cc6b581c381ae61a4c987691c0d93dd589a5907fd7419335963a"
 		score = 75
 		quality = 85
@@ -362911,8 +363522,8 @@ rule SIGNATURE_BASE_Equationgroup_Noclient_3_3_2 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1119-L1136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1119-L1136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "14b1f135da81fd9a071e0f692bc7f1ab6f6f63d7dd05e1557e5c2d51135727b6"
 		score = 75
 		quality = 85
@@ -362939,8 +363550,8 @@ rule SIGNATURE_BASE_Equationgroup_Curseflower_Mswin32_V_1_0_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1138-L1153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1138-L1153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e70954945b3a5e08e5ae216b16702056b403dbf14391276eae1ed13e8273c1ee"
 		score = 75
 		quality = 85
@@ -362964,8 +363575,8 @@ rule SIGNATURE_BASE_Equationgroup_Tmpwatch : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1155-L1169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1155-L1169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6fab5100f6ee0bf9a4e13e262c8d47e600f5aad64c7e04fe08fa42a5d78c38e8"
 		score = 75
 		quality = 85
@@ -362989,8 +363600,8 @@ rule SIGNATURE_BASE_Equationgroup_Orleans_Stride_Sunos5_9_V_2_4_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1171-L1186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1171-L1186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1380b22e661926ebb2878d89c80e115a58d0bfc060681a55564c97c1e9f36765"
 		score = 75
 		quality = 85
@@ -363015,8 +363626,8 @@ rule SIGNATURE_BASE_Equationgroup_Morerats_Client_Noprep : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1188-L1203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1188-L1203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c27815333e05d318bc32d01e755386bc1d1dbfd9f2b92a460fbd0f703e9ba210"
 		score = 75
 		quality = 85
@@ -363041,8 +363652,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursezinger_Linuxrh7_3_V_2_0_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1205-L1221"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1205-L1221"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa56fe4dd44d266741a3f0b0edfc24660b260c1ade45c23171f22bc43a3bee75"
 		score = 75
 		quality = 85
@@ -363068,8 +363679,8 @@ rule SIGNATURE_BASE_Equationgroup_Seconddate_Implantstandalone_3_0_3 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1223-L1238"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1223-L1238"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8d56f471104bfb2ef2bf730e5a8b60c123706f12eb52226895b123b16eed2883"
 		score = 75
 		quality = 85
@@ -363094,8 +363705,8 @@ rule SIGNATURE_BASE_Equationgroup_Watcher_Solaris_I386_V_3_3_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1240-L1256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1240-L1256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "61ded97e99e6bdfe2738c6d73719b3182d970aba8ea9d7cab751349669129de2"
 		score = 75
 		quality = 85
@@ -363121,8 +363732,8 @@ rule SIGNATURE_BASE_Equationgroup_Gr_Dev_Bin_Now : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1258-L1272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1258-L1272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1d7f009c5593ac1b1517024b828b016d705b63f6812a49d909f35c34b936e6d7"
 		score = 75
 		quality = 85
@@ -363146,8 +363757,8 @@ rule SIGNATURE_BASE_Equationgroup_Gr_Dev_Bin_Post : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1274-L1287"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1274-L1287"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ffd95302df11d1ebab37817e967a1ad4d1e85e62b38a0ccd6adf0f36925e64c1"
 		score = 75
 		quality = 85
@@ -363170,8 +363781,8 @@ rule SIGNATURE_BASE_Equationgroup_Curseyo_Win2K_V_1_0_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1289-L1306"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1289-L1306"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ad9bb848a0c4805a14465ff44e3c967c9afa7369536a211a8a1fb100902fbb55"
 		score = 75
 		quality = 85
@@ -363197,8 +363808,8 @@ rule SIGNATURE_BASE_Equationgroup_Gr : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1308-L1322"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1308-L1322"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6df2a36e51fbe23e090094a91da76ca881a65d7e129c6e428ffef13787f230bc"
 		score = 75
 		quality = 85
@@ -363222,8 +363833,8 @@ rule SIGNATURE_BASE_Equationgroup_Curseroot_Win2K_V_2_1_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1324-L1340"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1324-L1340"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "64ea35c9287ed35b5e7fbc8aaa228f87bc003111dd6fc35f5277eeea5f371a2c"
 		score = 75
 		quality = 85
@@ -363249,8 +363860,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursewham_Curserazor_Cursezinger_Curseroot_Win
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1342-L1362"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1342-L1362"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a5a8e6a516b51c2eed616c80a1162990c1dda4460ec7786793d66820ca15b5a4"
 		score = 75
 		quality = 85
@@ -363279,8 +363890,8 @@ rule SIGNATURE_BASE_Equationgroup_Watcher_Linux_I386_V_3_3_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1364-L1381"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1364-L1381"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "245662b561178f4d929ed858811846b2a49dc80af25396864a3d7bd90d16ac2b"
 		score = 75
 		quality = 85
@@ -363307,8 +363918,8 @@ rule SIGNATURE_BASE_Equationgroup_Charm_Saver_Win2K_V_2_0_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1383-L1399"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1383-L1399"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "87cea1f46a3165485274165e840a4945d6f6a6f9ff7fd011e685e8bb90acae8a"
 		score = 75
 		quality = 85
@@ -363333,8 +363944,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursehappy_Win2K_V_6_1_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1401-L1415"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1401-L1415"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3bf5878c3be20a7a543d4937c6d820df726062e39ee262a6c31f7e91b32fd55e"
 		score = 75
 		quality = 85
@@ -363358,8 +363969,8 @@ rule SIGNATURE_BASE_Equationgroup_Morerats_Client_Store : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1417-L1433"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1417-L1433"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "34dc21d933d56b6f6c342ca110d9cff7bb51d9fd1b88b359861e5b5650679ad0"
 		score = 75
 		quality = 85
@@ -363385,8 +363996,8 @@ rule SIGNATURE_BASE_Equationgroup_Watcher_Linux_X86_64_V_3_3_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1435-L1450"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1435-L1450"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "be2ca3791ef1025db6a1dd6bcdf1a9f0b224c3f7585af4546029840251c50094"
 		score = 75
 		quality = 85
@@ -363411,8 +364022,8 @@ rule SIGNATURE_BASE_Equationgroup_Linux_Exactchange : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1452-L1472"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1452-L1472"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a0bcf5aa1f434fe9698a7408df68870d4908cdf87f22bb4acfedc50bb2c8f11f"
 		score = 75
 		quality = 85
@@ -363442,8 +364053,8 @@ rule SIGNATURE_BASE_Equationgroup_X86_Linux_Exactchange : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1474-L1490"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1474-L1490"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9365eb74a364eb83150672919ea1abe635465fe3239fff26ba91037c74971466"
 		score = 75
 		quality = 85
@@ -363469,8 +364080,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Eclipsedwing_Rpcproxy_Pcdlllaunc
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1502-L1519"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1502-L1519"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8a01ea872c161521301182b922ece893f9ad1a33d902ec94963946f3b07d7266"
 		score = 75
 		quality = 85
@@ -363497,8 +364108,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Explodingcantouch_1_2_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1521-L1536"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1521-L1536"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9239a61e71c86fc239f75baa9c781da18553e3c502495ad7429eaf3c744e870c"
 		score = 75
 		quality = 85
@@ -363523,8 +364134,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Architouch_1_0_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1538-L1551"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1538-L1551"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cb6959b7b50e6f2895bab5f3355bef836c9a9774285cfb5fea339ce3d2c67f73"
 		score = 75
 		quality = 85
@@ -363547,8 +364158,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Erraticgopher_1_0_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1553-L1569"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1553-L1569"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6b099bd202a962e64cb4f417eb7e09893b869e950eb0740394d222e8b4b89283"
 		score = 75
 		quality = 85
@@ -363574,8 +364185,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Esteemaudit_2_1_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1571-L1585"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1571-L1585"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "272d435758c0021bfd84d84c00eb05ece2461a39d092693b61d362365ab098cd"
 		score = 75
 		quality = 85
@@ -363599,8 +364210,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Darkpulsar_1_1_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1587-L1601"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1587-L1601"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "da8e1723da9e2d9955a3042bceb313d7d10903bfc078ba090c1c5a57be243b96"
 		score = 75
 		quality = 85
@@ -363624,8 +364235,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Educatedscholar_1_0_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1603-L1617"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1603-L1617"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0265ce5dfb5697a0610a6023b75f6e3ef2ef0308f639978a8617337df2e16c77"
 		score = 75
 		quality = 85
@@ -363649,8 +364260,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Doublepulsar_1_3_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1619-L1634"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1619-L1634"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1b7ed9dbd4312541bd4d939602f63ce1d909729cce1845b018be6a07a9cb7fe2"
 		score = 75
 		quality = 85
@@ -363675,8 +364286,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Erraticgophertouch_1_0_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1636-L1651"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1636-L1651"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "08646f7887daddd8efac875bc7b111df7a52feae0a4b81bfd2d2ae7ef9453b5e"
 		score = 75
 		quality = 85
@@ -363701,8 +364312,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Smbtouch_1_1_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1653-L1666"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1653-L1666"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b5eb9d45dfc47470236923a5b8174bc17733e4333db6f8bbe63c4f4bc913cf26"
 		score = 75
 		quality = 85
@@ -363725,8 +364336,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Educatedscholartouch_1_0_0 : FIL
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1668-L1682"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1668-L1682"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4c06fad158db8337ff768ad1553401ec31eee6b0d50333ce91a3a12e79d8981a"
 		score = 75
 		quality = 85
@@ -363750,8 +364361,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Esteemaudittouch_2_1_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1684-L1698"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1684-L1698"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f4e62ec7a68115d5ff155ea94fb2c99b9177e928533338a111e531c694ff7b8f"
 		score = 75
 		quality = 85
@@ -363775,8 +364386,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Rpctouch_2_1_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1700-L1714"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1700-L1714"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3ea1f30c0a2c91cc9ca2eec8eaab167c83f4f52c2732d03d1e7fb99e63986662"
 		score = 75
 		quality = 85
@@ -363800,8 +364411,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Mofconfig_1_0_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1716-L1729"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1716-L1729"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a922eb01efa52601b72c3d91a26585504fcf706a9ed16a36328f94f5871b0b24"
 		score = 75
 		quality = 85
@@ -363824,8 +364435,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Easypi_Explodingcan : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1731-L1747"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1731-L1747"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c5978d8cbffde2339cadd84f44d1df24e76f298a2f05bd9a6565246bfae1b1e3"
 		score = 75
 		quality = 85
@@ -363851,8 +364462,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Eclipsedwingtouch_1_0_4 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1749-L1763"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1749-L1763"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4707dbbb302b9b2192bdd23e4b64e25b5b2f49c3dd7951905a07cb5b54d524d9"
 		score = 75
 		quality = 85
@@ -363876,8 +364487,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Iistouch_1_2_2 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1765-L1779"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1765-L1779"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f4f5e17d3777d6ae8bfd0646eeffcd631331e4d8966f5124ebc9352438dc790f"
 		score = 75
 		quality = 85
@@ -363901,8 +364512,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Namedpipetouch_2_0_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1781-L1800"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1781-L1800"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "63d4395db4672b7a146dbd285e42344fb895b38f67fa9f7885b73855d7211190"
 		score = 75
 		quality = 85
@@ -363930,8 +364541,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Easybee_1_0_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1802-L1816"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1802-L1816"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e3488a1d686b9ad468553cfe2c939e70ea6b9a21409df8b06bb54418495576ec"
 		score = 75
 		quality = 85
@@ -363955,8 +364566,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Regread_1_1_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1818-L1832"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1818-L1832"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5bf833d7fb073ad74037cf6df4729c75d50641a46a962aee8deac19e31b74419"
 		score = 75
 		quality = 85
@@ -363980,8 +364591,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Englishmansdentist_1_2_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1834-L1848"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1834-L1848"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cd415731c1c8398d2b0b1758c4e7eb3e708620b269f9312cf0a750ab2099162e"
 		score = 75
 		quality = 85
@@ -364005,8 +364616,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Architouch_Eternalsynergy_Smbtou
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1850-L1870"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1850-L1870"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "faeac75104a15cac8528663a82eadbc7bc22cc0a1d1a3b3dfccb6ea46fb24a67"
 		score = 75
 		quality = 85
@@ -364035,8 +364646,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Eternalromance_2 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1872-L1889"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1872-L1889"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "481a08bc73ac66245c0712599a61cccdf5127276a09a67cf894f76b7763c5c9b"
 		score = 75
 		quality = 85
@@ -364063,8 +364674,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Emphasismine : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1891-L1910"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1891-L1910"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "20ec32f5e9e439fb212985d5ae104ae5742231f594423cd125a9e64ed6eb234a"
 		score = 75
 		quality = 85
@@ -364093,8 +364704,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Eternalromance : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1912-L1930"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1912-L1930"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "757740038b9b1e1d099bb208104e9f48e7eb57ffb2de09e83c66df7914b816cb"
 		score = 75
 		quality = 85
@@ -364122,8 +364733,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gen4 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1932-L1963"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1932-L1963"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "68a85b4109a2222dce0625aae8a55541206b9275236232e5049e5b4ee28d8e52"
 		score = 75
 		quality = 85
@@ -364163,8 +364774,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gen1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1965-L1984"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1965-L1984"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cd40d51ba26706517dae332d84f574eb206a424693cfb586375695e364990b5d"
 		score = 75
 		quality = 85
@@ -364193,8 +364804,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gen2 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L1986-L2012"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L1986-L2012"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2c0833e92e23d595ebcf4af042febc44fba594356a647eb98e48b6fabf018d72"
 		score = 75
 		quality = 85
@@ -364229,8 +364840,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gen3 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2014-L2042"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2014-L2042"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "99b293d441fd27a6295e6a93123cf45e787472fb61575d566e7b4e0c61226fdb"
 		score = 75
 		quality = 85
@@ -364267,8 +364878,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Yak : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2054-L2070"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2054-L2070"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "69b9514508f557376d876262793e5650289abfeeeee8b5ca9beaf42f3ec4d64c"
 		score = 75
 		quality = 85
@@ -364294,8 +364905,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Aduser_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2072-L2086"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2072-L2086"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d378773f4acd850e5a8d92d6cce84d57f659330edc025565cf4bc34afb0a6ae6"
 		score = 75
 		quality = 85
@@ -364319,8 +364930,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Remoteexecute_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2088-L2112"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2088-L2112"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aa46cb188ba820199c013633ade72ab1c8bea316384042e9e3b5098c439841a5"
 		score = 75
 		quality = 85
@@ -364354,8 +364965,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Banner_Implant9X : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2114-L2129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2114-L2129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5bda7b8ab097c0a5ca90b05147d4227e5a03735b99633b5081d80d2d72bceba9"
 		score = 75
 		quality = 85
@@ -364379,8 +364990,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Greatdoc_Dll_Config : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2131-L2147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2131-L2147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "edb14cc9e51bbf6b3ca2c52f841edfa3df1ca89b3e7c1b5a59baf3a13be0fc46"
 		score = 75
 		quality = 85
@@ -364406,8 +365017,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Scanner : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2149-L2166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2149-L2166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7f2ee4ac260b78764573187c501ed27fbfdf573e618f15dbd307177afa670605"
 		score = 75
 		quality = 85
@@ -364434,8 +365045,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Mcl_Ntmemory_Std : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2168-L2183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2168-L2183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5d3c76cf0ca0f798e1ca3c0a1b88c3bb425f1c36439842c4c33247dfcb44a877"
 		score = 75
 		quality = 85
@@ -364460,8 +365071,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Tacothief : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2185-L2198"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2185-L2198"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "565d94ac0dd65de0926d11ae08ee78f14dcb211ca97c77c39f394fb36890fc6f"
 		score = 75
 		quality = 85
@@ -364484,8 +365095,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Ntevt : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2200-L2219"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2200-L2219"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "29572cce9af51adf12db019f885f868fd77ff9034a6944a6286a4d2a0988842a"
 		score = 75
 		quality = 85
@@ -364512,8 +365123,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Processes_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2221-L2236"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2221-L2236"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e9e26224b7eafc999c9638d4591a45297e3293b0e90e63c2d207ee52848c4ce2"
 		score = 75
 		quality = 85
@@ -364538,8 +365149,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_St_Lp : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2238-L2254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2238-L2254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "38a48a931856e0eb8e16b7902f5e494b50f8895d4221b5359fc3339d1b52eb8e"
 		score = 75
 		quality = 85
@@ -364565,8 +365176,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Epwrapper : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2256-L2271"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2256-L2271"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9a1a54cd3fef3db9a20f3be25336fcbabe0d993403f001a04a02b5dbfd629543"
 		score = 75
 		quality = 85
@@ -364591,8 +365202,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Diba_Target_2000 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2273-L2290"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2273-L2290"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dfcd7d928c921dbe7162712ca74a105a938fd9ac675faaaa228d05139b2077de"
 		score = 75
 		quality = 85
@@ -364618,8 +365229,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Dllload_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2292-L2309"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2292-L2309"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ab50ad9e01c55b3f40e98e6e2cf77c1ad7d6d6ec81a56bbb2263a6e05912e272"
 		score = 75
 		quality = 85
@@ -364645,8 +365256,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_EXPA : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2311-L2327"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2311-L2327"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2aa4ee5b128714cfa7f5d29f7ef110e1b18fb7bc21351444b2472ff74c4139d3"
 		score = 75
 		quality = 85
@@ -364672,8 +365283,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Remoteexecute_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2329-L2345"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2329-L2345"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3eedb6abb09989784a7dc5e721f9901e936f2c0241967b48858e5e5897b9f24a"
 		score = 75
 		quality = 85
@@ -364698,8 +365309,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_DS_Parselogs : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2347-L2362"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2347-L2362"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e4c35476b512378d1e3c7e7e3e9dae16adb0d4de4ecab143d034110836c11d0d"
 		score = 75
 		quality = 85
@@ -364724,8 +365335,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Oracle_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2364-L2379"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2364-L2379"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "568a5d103527e6fd99bbac8d49a2d667f464fd16d5bf276f98c88c39e129b58b"
 		score = 75
 		quality = 85
@@ -364750,8 +365361,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Dmgz_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2381-L2395"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2381-L2395"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9ae3e0c30c9dbee311d4e5576b1a447ac57f8b1786dc5753246ad3c08ccecb85"
 		score = 75
 		quality = 85
@@ -364775,8 +365386,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setresourcename : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2397-L2413"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2397-L2413"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e26aac30e06da14060a955761d08e6f543db2f2747be2959b0090f60e6eb52a5"
 		score = 75
 		quality = 85
@@ -364802,8 +365413,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Drivers_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2415-L2431"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2415-L2431"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "45190a317f3d293dbc3015873080d1253bfb3298008f5dea69ab1a5780a70721"
 		score = 75
 		quality = 85
@@ -364828,8 +365439,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Shares_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2433-L2449"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2433-L2449"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "11a1af97d720286a7fadf8b056f8f7add70acb041a828441166f5c74bc7a819d"
 		score = 75
 		quality = 85
@@ -364855,8 +365466,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Ntfltmgr : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2451-L2475"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2451-L2475"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9f280baf785f54218cbf47f65419cfe23c687e58021f36b5d116904d2cec9a9b"
 		score = 75
 		quality = 85
@@ -364889,8 +365500,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Diba_Target_BH : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2477-L2492"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2477-L2492"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "273e38e287b1597753f653c0ed8300936581a1b767029d3f0ba757de589bcd5a"
 		score = 75
 		quality = 85
@@ -364915,8 +365526,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_LP : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2494-L2508"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2494-L2508"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cd7b92f13e0a00d23baef70e38b476b62394106dfa70e831786f398c573aa744"
 		score = 75
 		quality = 85
@@ -364940,8 +365551,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Remotecommand_Lp : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2510-L2524"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2510-L2524"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "974772264324e7721f51a88534aaa3b4eb1d409e04f673783caf4849d90522de"
 		score = 75
 		quality = 85
@@ -364965,8 +365576,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Lp_Mstcp : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2526-L2545"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2526-L2545"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5d1423661f95d955f411414138da45cc4be59b2e6bf8e70f471b8f41fc9ea3f4"
 		score = 75
 		quality = 83
@@ -364994,8 +365605,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Renamer : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2547-L2561"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2547-L2561"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4941f31be6674499b202a3071d795317e6d97fb19088ea370180708e3d04bca7"
 		score = 75
 		quality = 85
@@ -365019,8 +365630,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Exploit : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2563-L2579"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2563-L2579"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6f04ec5d1066b34ebee2504f7d229610e525743f7536d58bf99fc4f89ac6aa3b"
 		score = 75
 		quality = 85
@@ -365046,8 +365657,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Level3_Gen : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2581-L2600"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2581-L2600"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2ba0f5ada13bd8c71836f26e278c334fdbf2578eac189852befee7a81c07e169"
 		score = 75
 		quality = 85
@@ -365075,8 +365686,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Put_Implant9X : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2602-L2618"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2602-L2618"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e79a59e400aac544dc1160d5898e3053f88f7d5bc142440177526187650484e7"
 		score = 75
 		quality = 85
@@ -365101,8 +365712,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Promiscdetect_Safe : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2620-L2635"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2620-L2635"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4b8c2e9a00af4e6aed7f603dee0439357e3389180fbd2e83d6809e76dc7d0428"
 		score = 75
 		quality = 85
@@ -365127,8 +365738,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Packetscan_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2637-L2652"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2637-L2652"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aa2106d2aad3e81c864181c851574f76f48cd4fe48bb3327135f2956d271dfde"
 		score = 75
 		quality = 85
@@ -365153,8 +365764,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setports : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2654-L2668"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2654-L2668"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b2c61f6ca2d59d5e596e7c5c87ed3476d957763daeaf41e6f356bacf26415faf"
 		score = 75
 		quality = 85
@@ -365178,8 +365789,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Grdo_Filescanner_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-01-06"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2670-L2686"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2670-L2686"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ae88d27f41dd4888c445c654c919b3862fe3fc8c92aef816b22b2fb408a49cce"
 		score = 75
 		quality = 85
@@ -365204,8 +365815,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Msgks_Mskgu : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2688-L2704"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2688-L2704"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d3a230d29997ab247db2b7a2a0f369206513a98c16f744e2fb1fca6495d5e36b"
 		score = 75
 		quality = 85
@@ -365231,8 +365842,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Ifconfig_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2706-L2722"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2706-L2722"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e88f589bed7830a1be81c85c9eb77b7f5c14bef2f0f1b3be6293aa9c5e870278"
 		score = 75
 		quality = 85
@@ -365257,8 +365868,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Diba_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2724-L2739"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2724-L2739"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3ee7a1284e2abd0282606c22b9112bd1af536e5fd48ef27e8d9216da8e1fb1c5"
 		score = 75
 		quality = 85
@@ -365283,8 +365894,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Dsz_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2741-L2755"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2741-L2755"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3d76131a42aed642a8c54076544488a8d24ec16416469813324541d72e30101b"
 		score = 75
 		quality = 85
@@ -365308,8 +365919,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Genkey : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2757-L2770"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2757-L2770"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cdaa33645d0ea614891fc0579937e983b8b4f6c4830191518dc8272791dcc8df"
 		score = 75
 		quality = 85
@@ -365332,8 +365943,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Wmi_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2772-L2785"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2772-L2785"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "69754b6f26292aa1a457c71d079d934ce75794624c38e9d19c84ceb77a5fb26d"
 		score = 75
 		quality = 85
@@ -365356,8 +365967,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Clocksvc : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2787-L2807"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2787-L2807"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "04cdd8e4ca9df0231ca66caa8083eff1fe0834cdedc4360fce0a934970a6d162"
 		score = 75
 		quality = 85
@@ -365386,8 +365997,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Xxxridearea : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2809-L2825"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2809-L2825"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4d2eeabbb3bb27f46232fe0a43f0ecda9f3589dbe6b08fd4f8aac14f6d12090b"
 		score = 75
 		quality = 85
@@ -365413,8 +366024,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Yak_Min_Install : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2827-L2842"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2827-L2842"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f224c87c5626fee98dae5b4bbab2b4468bdd126ac63371ede53545d7cb177123"
 		score = 75
 		quality = 85
@@ -365439,8 +366050,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setouraddr : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2844-L2858"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2844-L2858"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d49bcef48afeb63b763c88443930f28be1d6f9f27d5f0bd9161d151fa3081868"
 		score = 75
 		quality = 85
@@ -365464,8 +366075,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Getadmin_LSADUMP_Modifyprivilege
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2860-L2882"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2860-L2882"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ee5c818c29ccb1b280669f7f5e828963c4523b73b68674d8c0aae72189f0208c"
 		score = 75
 		quality = 85
@@ -365496,8 +366107,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Sendpktrigger : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2884-L2897"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2884-L2897"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "277367e69406a84ff4ff6b57d05bf97468b0083e23f9c5cd14cdd26cad5846d7"
 		score = 75
 		quality = 85
@@ -365520,8 +366131,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Dmgz_Target_2 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2899-L2916"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2899-L2916"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ab9ab949ee17655e424f6a65d3605e9900d214d1c620e051104762d5c214419f"
 		score = 75
 		quality = 85
@@ -365547,8 +366158,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Mstcp32_DXGHLP16_Tdip : FILE
 		date = "2017-04-15"
 		modified = "2023-01-06"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2918-L2938"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2918-L2938"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "35fab86ca4cb287c8046a1764a91523673e12b5729d87c90b0c298dcbfcf86eb"
 		score = 75
 		quality = 85
@@ -365577,8 +366188,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Regprobe : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2940-L2955"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2940-L2955"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "01e7387c26ae3736c8fac1a3bb6ff283f8b06949af7a4ac36a556b292412bda2"
 		score = 75
 		quality = 85
@@ -365603,8 +366214,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Doublefeaturedll_Dll_2 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2957-L2974"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2957-L2974"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0d6751ebfb2541c86b74583b7867de0a193ca106bf77337c8b10f15cdeb596bd"
 		score = 75
 		quality = 85
@@ -365631,8 +366242,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gangsterthief_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2976-L2993"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2976-L2993"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c8145d6eedf20cf95baf329a6240b5b740273ff0a7f82edd3c346eb8c67e69e1"
 		score = 75
 		quality = 85
@@ -365659,8 +366270,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setcallbackports : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L2995-L3009"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L2995-L3009"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e087534589228ac1af8b8b8d2ebbc1bc99fc25b38cb4c4d840cab8e90e75644a"
 		score = 75
 		quality = 85
@@ -365684,8 +366295,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Diba_Target_BH_2000 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3011-L3025"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3011-L3025"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0cd3ba351b1c5716ed322c9f177a848322324526f3d39c2be5cc34bc6aee9fa6"
 		score = 75
 		quality = 85
@@ -365709,8 +366320,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Rc5 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3027-L3043"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3027-L3043"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6d9ba73fe2a6da99ba44b00bcb5ecf51e983ac245fd5c6e620d35e8120514464"
 		score = 75
 		quality = 85
@@ -365736,8 +366347,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Level_Generic : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3045-L3075"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3045-L3075"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ddb3441b62b477ab7e3406a22e2a246b60c1d1d25e4acf52ee452a2dfac2daf7"
 		score = 75
 		quality = 85
@@ -365776,8 +366387,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Level3_Http_Exe : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3077-L3094"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3077-L3094"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "50d83b157c338830eea6aba2e09e9d513dd5b50e257d1a16c0d51616bfa26a7f"
 		score = 75
 		quality = 85
@@ -365803,8 +366414,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Parsecapture : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3096-L3111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3096-L3111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8946bc6d1812a998757a4032755f37aa2be6121a958ebfb6fec90fa60da038fb"
 		score = 75
 		quality = 85
@@ -365829,8 +366440,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Activedirectory_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3113-L3127"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3113-L3127"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0dee634fe81870b21531046be512e9e54b127207c1910ca5ce5dfab63b1d0603"
 		score = 75
 		quality = 85
@@ -365854,8 +366465,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Legacy_Dll : HIGHVOL FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3129-L3144"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3129-L3144"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "923a595737bc83fe05d0ca7301c70e1cb03cecf97dfa99f5967b77b892a9a533"
 		score = 75
 		quality = 85
@@ -365880,8 +366491,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Svctouch : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3146-L3159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3146-L3159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0e876611ffe4740141a0454f68cfc7dd3c46e0fd44deeb9f3e0f66c8fccd3745"
 		score = 75
 		quality = 85
@@ -365904,8 +366515,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Pwd_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3161-L3176"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3161-L3176"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f565c42781ff4b0b37e7c00673fb2da2877018317cd415bdb47d4e019485c727"
 		score = 75
 		quality = 85
@@ -365929,8 +366540,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Kisucomms_Target_2000 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3178-L3198"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3178-L3198"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7d350228ad779d0453c1077afb2b533036eb1e43e4f74a433d68c781db963ab1"
 		score = 75
 		quality = 85
@@ -365957,8 +366568,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Sldecoder : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3200-L3214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3200-L3214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "81a74169dc8f93f314f384bd859df07a4ffaaf430b221b440de922fad3497535"
 		score = 75
 		quality = 85
@@ -365982,8 +366593,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Windows_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3216-L3229"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3216-L3229"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5b6b349c98a328b4bbdd6d8718af8477c36ec219bb0076dd56998395d0ef5f32"
 		score = 75
 		quality = 85
@@ -366006,8 +366617,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Msgkd_Msslu64_Msgki_Mssld : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3231-L3256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3231-L3256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f61ce58356ffca197d4a2a4aae43414bcb8f2f284dbee818124dd450f4b50cb9"
 		score = 75
 		quality = 85
@@ -366041,8 +366652,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setcallback : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3258-L3272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3258-L3272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "63a17dd56874085753cae92f70d6248ceaac6eaea99fda0d3a551e4988a73895"
 		score = 75
 		quality = 85
@@ -366066,8 +366677,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Doublefeaturereader_Doublefeatu
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3274-L3293"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3274-L3293"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9049e1fe31917ecc27e57afecd5845afcd966aac83d386b7c0995c1e3378a0d0"
 		score = 75
 		quality = 85
@@ -366095,8 +366706,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Vtuner_Vtuner_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3295-L3315"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3295-L3315"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8c161b36599b11264c31c54b94d6bdba53b3f13d27861ededc9f03bba394b775"
 		score = 75
 		quality = 85
@@ -366125,8 +366736,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Ecwi_ESKE_EVFR_RPC2_2 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3317-L3336"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3317-L3336"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "73522034c6588fee090eff87602568371562bdbcbe781ee6e152f3b854514690"
 		score = 75
 		quality = 85
@@ -366155,8 +366766,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__EAFU_Ecwi_ESKE_EVFR_RPC2_4 : FI
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3338-L3361"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3338-L3361"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ed6e0e4e5a0849aad64bbc47c047f3fe388052d0ebe89de0257d4422fb39be21"
 		score = 75
 		quality = 85
@@ -366188,8 +366799,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Sendcftrigger_Sendpktrigger_6 :
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3363-L3379"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3363-L3379"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4fb290bdf15e0701b6d543e1f978011046abe23e58c790ee1b992a5e0443a271"
 		score = 75
 		quality = 85
@@ -366215,8 +366826,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Addresource : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3381-L3398"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3381-L3398"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e59863ac7f1147cdbc34cbd2b09183487999d9f01974279c7ccc0c5af7a99976"
 		score = 75
 		quality = 85
@@ -366243,8 +366854,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ESKE_RPC2_8 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3400-L3416"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3400-L3416"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1fa706fb7f138d679421fe6c5b29d6bf93893adc8bffe9dffaafa728c1b2d1d5"
 		score = 75
 		quality = 85
@@ -366270,8 +366881,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ETBL_ETRE_10 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3441-L3458"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3441-L3458"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bc30c62da7a7fd9144efef6f44c50552234f372c38c4479a024fbb0ca72530de"
 		score = 75
 		quality = 85
@@ -366298,8 +366909,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_ETBL_ETRE_EVFR_11 : FI
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3460-L3479"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3460-L3479"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8d43aa4823de248308597bd02cd27e598808b94e1ad7348ddb9e27d8a37ac426"
 		score = 75
 		quality = 85
@@ -366328,8 +366939,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_EVFR_Ridearea2_12 : FI
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3481-L3498"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3481-L3498"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0119cd825c02a094ddd76c5cb27bee6cef112f25333eab62017448804b29286e"
 		score = 75
 		quality = 85
@@ -366356,8 +366967,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_13 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3500-L3516"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3500-L3516"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0a1859266b859d4da660a7fc7d0015954ff100c39b941b5461ba0c99b5103547"
 		score = 75
 		quality = 85
@@ -366383,8 +366994,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Nameprobe_SMBTOUCH_14 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3518-L3535"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3518-L3535"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c60fc34aa42810a5622fbe53122ded4ffb4ee321fed1badd481ce5c2ae5225ef"
 		score = 75
 		quality = 85
@@ -366411,8 +367022,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_EVFR_RPC2_15 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3537-L3555"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3537-L3555"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6c61d17e1a985deb31bd6e1d603283e77df477b52fce9eb8b6cb4e99b2f9c4dc"
 		score = 75
 		quality = 85
@@ -366440,8 +367051,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_EVFR_16 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3557-L3578"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3557-L3578"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3e6c4e013727bbbf3859374af46553067a9fc782f2eca582ea13d8eab03380ce"
 		score = 75
 		quality = 85
@@ -366472,8 +367083,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ETBL_ETRE_SMBTOUCH_17 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3580-L3597"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3580-L3597"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ef86350732b5064035ff58b63202be29e906d2b566af105f03298e3e339eda52"
 		score = 75
 		quality = 85
@@ -366500,8 +367111,8 @@ rule SIGNATURE_BASE_Equationgroup_Scanner_Output : FILE
 		date = "2017-04-17"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_eqgrp_apr17.yar#L3609-L3626"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_eqgrp_apr17.yar#L3609-L3626"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a8ac7e7f14d72798a1f6658eae4c66d871a525c8cb49afa2ca8656047da20524"
 		score = 75
 		quality = 85
@@ -366529,8 +367140,8 @@ rule SIGNATURE_BASE_Shadowpad_Nssock2 : FILE
 		date = "2017-08-15"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/shadowpad-in-corporate-networks/81432/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_shadowpad.yar#L13-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_shadowpad.yar#L13-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ea9675d5acfdc80cfa787db2c2dfe2169aa7c5e3ead35f020d0b0b664ecb4bf4"
 		score = 75
 		quality = 85
@@ -366555,8 +367166,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Adselfservice_CVE_2021_40539_ADSLOG_Sep21 : LOG CVE
 		date = "2021-09-20"
 		modified = "2023-12-05"
 		reference = "https://us-cert.cisa.gov/ncas/alerts/aa21-259a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_adselfservice_cve_2021_40539.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_adselfservice_cve_2021_40539.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "49b7857187c15f48e928747266adca44c227964cef72914616ea269b0e88fe73"
 		score = 70
 		quality = 85
@@ -366577,8 +367188,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Adselfservice_CVE_2021_40539_Weblog_Sep21_1 : LOG C
 		date = "2021-09-20"
 		modified = "2023-12-05"
 		reference = "https://us-cert.cisa.gov/ncas/alerts/aa21-259a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_adselfservice_cve_2021_40539.yar#L16-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_adselfservice_cve_2021_40539.yar#L16-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bc27afd63d32ac95711e5b4e70764fe0d1bcbb4b4b9b4e3f324e058bba2ef8f6"
 		score = 60
 		quality = 85
@@ -366600,8 +367211,8 @@ rule SIGNATURE_BASE_Sedll_Javascript_Decryptor : FILE
 		date = "2017-10-18"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/MZ7dRg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_leviathan.yar#L11-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_leviathan.yar#L11-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "26ef61d8bb1764dddd951526902fb510fbacc8b808fe99ddee1956dc8b59bd1d"
 		score = 75
 		quality = 85
@@ -366629,8 +367240,8 @@ rule SIGNATURE_BASE_Leviathan_Cobaltstrike_Sample_1 : FILE
 		date = "2017-10-18"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/MZ7dRg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_leviathan.yar#L33-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_leviathan.yar#L33-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9ebc8c2f8ddba302e0fbde69e27986236053a3d31c50cf3a2f979a9ebb90907f"
 		score = 75
 		quality = 85
@@ -366661,8 +367272,8 @@ rule SIGNATURE_BASE_Mockdll_Gen : FILE
 		date = "2017-10-18"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/MZ7dRg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_leviathan.yar#L57-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_leviathan.yar#L57-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cbe7b816199d251bfdc751f46bd95da6f0447ebd56f564619d24eb08bbd4a2c7"
 		score = 75
 		quality = 85
@@ -366689,8 +367300,8 @@ rule SIGNATURE_BASE_Vbscript_Favicon_File : FILE
 		date = "2017-10-18"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/MZ7dRg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_leviathan.yar#L77-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_leviathan.yar#L77-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5b89ea916adf6864c8b1cb7cd7ee6d74ea47bf17a0b03cc513046f8d260ae376"
 		score = 75
 		quality = 85
@@ -366716,8 +367327,8 @@ rule SIGNATURE_BASE_MAL_Win_Amadey_Jun25 : FILE
 		date = "2025-06-18"
 		modified = "2025-07-24"
 		reference = "https://0x0d4y.blog/amadey-targeted-analysis/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_win_amadey_jun25.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_win_amadey_jun25.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "08dc17aa8f7e83bc349339a9a1b48184b094d8c66273d7199a15b206c6416946"
 		score = 80
 		quality = 85
@@ -366745,8 +367356,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_LIBCUE_CVE_2023_43641_Oct23_1 : CVE_2023_43641 FIL
 		date = "2023-10-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/github/securitylab/blob/main/SecurityExploits/libcue/track_set_index_CVE-2023-43641/README.md"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_libcue_cve_2023_43641.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_libcue_cve_2023_43641.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a2cd3c1b0b3551ffb24bf7704c37c1be6c1a9655c74447d2f7f94540dd0ab188"
 		score = 70
 		quality = 85
@@ -366769,8 +367380,8 @@ rule SIGNATURE_BASE_Remsec_Executable_Blob_32
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_strider.yara#L8-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_strider.yara#L8-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1cfc43ab15b3d220a636c150315c30f5654e53fad67d20534ce4d5c00295e35e"
 		score = 80
 		quality = 85
@@ -366791,8 +367402,8 @@ rule SIGNATURE_BASE_Remsec_Executable_Blob_64
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_strider.yara#L22-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_strider.yara#L22-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "957e5b6afabec3fb1b169dd85d0e950107e219f7dec8ef779a18bd90d9824a97"
 		score = 80
 		quality = 85
@@ -366813,8 +367424,8 @@ rule SIGNATURE_BASE_Remsec_Executable_Blob_Parser
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_strider.yara#L36-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_strider.yara#L36-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2f6db962807c07ff1bbe8b53eeb386d7b0ac88f95b76439c0d8b65d597739bdd"
 		score = 80
 		quality = 85
@@ -366835,8 +367446,8 @@ rule SIGNATURE_BASE_Remsec_Encrypted_Api
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_strider.yara#L50-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_strider.yara#L50-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4f10c24a8480c17c2939fe3fecba2820b22f8a47bc2b2e73ac1080a355025d7c"
 		score = 80
 		quality = 85
@@ -366857,8 +367468,8 @@ rule SIGNATURE_BASE_Remsec_Packer_A
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_strider.yara#L64-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_strider.yara#L64-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b46a41686fbf1c63e8a8b583859f23bf789bc9f11ee6b1fb01bb08e602772e76"
 		score = 80
 		quality = 85
@@ -366879,8 +367490,8 @@ rule SIGNATURE_BASE_Remsec_Packer_B
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_strider.yara#L78-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_strider.yara#L78-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9c63b5934d60b59a33364ef56c913220e59b9798a682a7f97e6755270adf4e4b"
 		score = 80
 		quality = 85
@@ -366901,8 +367512,8 @@ rule SIGNATURE_BASE_PUP_Computraceagent : FILE
 		date = "2018-05-01"
 		modified = "2023-12-05"
 		reference = "https://asert.arbornetworks.com/lojack-becomes-a-double-agent/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fancybear_computrace_agent.yar#L1-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fancybear_computrace_agent.yar#L1-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "65e964e68be1e286ab3aa39677e250cf5994a7a08d0f6db286c0260cf77d6c48"
 		score = 75
 		quality = 85
@@ -366925,8 +367536,8 @@ rule SIGNATURE_BASE_APT_Crywiper_Dec22
 		date = "2022-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist-ru.translate.goog/novyj-troyanec-crywiper/106114/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ru_crywiper.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ru_crywiper.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7c22e02ed996cd820ed87a0c5d50e3264629cdd887aad4ea466cadeccaee2b2f"
 		score = 75
 		quality = 85
@@ -366950,8 +367561,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf : FILE
 		date = "2017-02-09"
 		modified = "2022-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L10-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L10-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4f0eab53a135242c7891b8c88e937a854c945a10000ca4cbf7b21f4596dca410"
 		score = 75
 		quality = 85
@@ -366973,8 +367584,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_2
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L25-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L25-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8f803a5d71a084e1ea453638bdeaa2dd590a1912be652b74b065d9afd332ffa2"
 		score = 75
 		quality = 85
@@ -366999,8 +367610,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Psh
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L42-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L42-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2e6015e8c91ccd8647e78220d10c2d704867369d962b734bb4522a1213be2f2d"
 		score = 75
 		quality = 85
@@ -367025,8 +367636,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Exe
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L59-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L59-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3baa242e90dd845e022785101ebc2d5c0d84007d20aef6a2bb6a9a8c6280d4eb"
 		score = 75
 		quality = 85
@@ -367054,8 +367665,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_3
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L79-L102"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L79-L102"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d1aeb97c19365f996dc1bc0fd6e01342878967be25d3e042158eba986af28b4a"
 		score = 75
 		quality = 83
@@ -367088,8 +367699,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_4
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L104-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L104-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8e84ef13aa72c7c35520b3534b908c7d00240915ab02f8216a2cef6440c322a2"
 		score = 75
 		quality = 85
@@ -367116,8 +367727,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Exe_2
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L123-L139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L123-L139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bd82f496ade1a62e0aee8c8c90cee84377cb90adf11c87652082e74c8c85e568"
 		score = 75
 		quality = 83
@@ -367143,8 +367754,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_5
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L141-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L141-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cb602670329391b091f87818a0f5defaa8f688f7921978510739b96ca63a2f12"
 		score = 75
 		quality = 85
@@ -367169,8 +367780,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_6
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L158-L177"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L158-L177"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b9498828a55477049922e50329d0c38ee34b8484562113a2686669ccbb8b3318"
 		score = 75
 		quality = 85
@@ -367199,8 +367810,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_7
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L179-L194"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L179-L194"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "167d295de5ffc9c88cf72f086fef4514f08cc3b9dd2d93b3ec36acffd6430370"
 		score = 75
 		quality = 85
@@ -367225,8 +367836,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_8
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L196-L215"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L196-L215"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d2b26276843cdfef2d1458ee6c3e2ecea962d1cd42bc21b86ebd03599bebcbc6"
 		score = 75
 		quality = 85
@@ -367255,8 +367866,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Cmd
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L217-L230"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L217-L230"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ea44b3d00733eb7d4f924ccaece5265fcd90a462acb954a134b5355ecb0621e5"
 		score = 75
 		quality = 85
@@ -367279,8 +367890,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_9 : FILE
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L232-L252"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L232-L252"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b5761b51b79f83c48deafaf3786cb90ef493ab0448cd67b86655cecb0160a627"
 		score = 75
 		quality = 83
@@ -367307,8 +367918,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_10 : FILE
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L254-L269"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L254-L269"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c772fdc40e110ef1287da680dc4ef1718b86856abab4d814ec7bc2ee1e7808ee"
 		score = 75
 		quality = 85
@@ -367333,8 +367944,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Svc : FILE
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L271-L285"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L271-L285"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "21c6aa2333335a5822328fb5176ca37060eb401640ed5cc340aefb63685078f4"
 		score = 75
 		quality = 85
@@ -367358,8 +367969,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_11
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L287-L302"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L287-L302"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f003989a99315b42c0c73beaa2928d0187fe92a4bf329912d64fac9f8fc9358c"
 		score = 75
 		quality = 83
@@ -367384,8 +367995,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Ref
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L304-L323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L304-L323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ed6e408575b88ff67479ac1b1a2f37c5fad3ec200a446700840ad4245386bfc4"
 		score = 75
 		quality = 85
@@ -367414,8 +368025,8 @@ rule SIGNATURE_BASE_MAL_Metasploit_Framework_UA : FILE
 		date = "2018-08-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/rapid7/metasploit-framework/commit/12a6d67be48527f5d3987e40cac2a0cbb4ab6ce7"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L325-L339"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L325-L339"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "986fea99735b93aed9dbf72582c009e11a1e7ba19b256902f93312474ef34b4a"
 		score = 65
 		quality = 85
@@ -367438,8 +368049,8 @@ rule SIGNATURE_BASE_HKTL_Meterpreter_Inmemory
 		date = "2020-06-29"
 		modified = "2023-04-21"
 		reference = "https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_metasploit_payloads.yar#L341-L363"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_metasploit_payloads.yar#L341-L363"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4b39dbcb276842a1306205cf2e51ce86b6d2aa21353d277df15f4ea3b3d97678"
 		score = 85
 		quality = 85
@@ -367468,8 +368079,8 @@ rule SIGNATURE_BASE_Xtreme_Sep17_1 : FILE
 		date = "2017-09-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_xtreme_rat.yar#L14-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_xtreme_rat.yar#L14-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fa78b43f729032291c27f67dc53bd39a85c9a50323c7adf909ca2a8c5acdd861"
 		score = 75
 		quality = 85
@@ -367498,8 +368109,8 @@ rule SIGNATURE_BASE_Xtreme_Sep17_2 : FILE
 		date = "2017-09-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_xtreme_rat.yar#L39-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_xtreme_rat.yar#L39-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cb86167e0267d52b1b7503abd8f5b988296e3cde12453ace529c4e043d2ca69e"
 		score = 75
 		quality = 85
@@ -367523,8 +368134,8 @@ rule SIGNATURE_BASE_Xtreme_Sep17_3 : FILE
 		date = "2017-09-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_xtreme_rat.yar#L55-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_xtreme_rat.yar#L55-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c110863028ab1f557270e52de608179ce582a47e0a20994f83d385ed285bda9a"
 		score = 75
 		quality = 85
@@ -367549,8 +368160,8 @@ rule SIGNATURE_BASE_Xtreme_RAT_Gen_Imp : FILE
 		date = "2017-09-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_xtreme_rat.yar#L71-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_xtreme_rat.yar#L71-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9cfd6473e7f8d1f899fe2cdbb49a4086ea7ac6151602d0964ed28b16d2d0188d"
 		score = 75
 		quality = 85
@@ -367570,8 +368181,8 @@ rule SIGNATURE_BASE_APT_SAP_Netweaver_Exploitation_Activity_Apr25_1 : SCRIPT CVE
 		date = "2025-04-25"
 		modified = "2025-05-15"
 		reference = "https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_sap_netweaver_apr25.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_sap_netweaver_apr25.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ab6c5e17bba15a3f968bdbe88a8cf4a039c55b6035d91fd3c6b30092be89af5c"
 		score = 70
 		quality = 85
@@ -367593,8 +368204,8 @@ rule SIGNATURE_BASE_APT_SAP_Netweaver_Exploitation_Activity_Apr25_2 : SCRIPT CVE
 		date = "2025-04-25"
 		modified = "2025-05-15"
 		reference = "https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_sap_netweaver_apr25.yar#L16-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_sap_netweaver_apr25.yar#L16-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dfc24a4f359e2bc899ab3924bd342c2c6bd8c757b7c1d3859a47f61b9e4039a9"
 		score = 70
 		quality = 85
@@ -367615,11 +368226,11 @@ rule SIGNATURE_BASE_SUSP_WEBSHELL_Cmd_Indicator_Apr25
 		date = "2025-04-25"
 		modified = "2025-05-07"
 		reference = "https://regex101.com/r/N6oZ2h/2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_sap_netweaver_apr25.yar#L29-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_sap_netweaver_apr25.yar#L29-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b992786a58389749db40fc90363f00c5df374d514374afc2d6fdff4429cb1ec0"
 		score = 60
-		quality = 60
+		quality = 85
 		tags = ""
 
 	strings:
@@ -367637,8 +368248,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic : FILE
 		date = "2021-01-14"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L83-L411"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L83-L411"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "bee1b76b1455105d4bfe2f45191071cf05e83a309ae9defcf759248ca9bceddd"
 		hash = "6bf351900a408120bee3fc6ea39905c6a35fe6efcf35d0a783ee92062e63a854"
 		hash = "e3b4e5ec29628791f836e15500f6fdea19beaf3e8d9981c50714656c50d3b365"
@@ -367668,7 +368279,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic : FILE
 		hash = "dd5d8a9b4bb406e0b8f868165a1714fe54ffb18e621582210f96f6e5ae850b33"
 		logic_hash = "03c1963ec7a0409970baa98dc3a62f721c092b41d4026475a38b1ef466426b75"
 		score = 70
-		quality = -134
+		quality = -109
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -367862,8 +368473,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Callback : FILE
 		date = "2021-01-14"
 		modified = "2023-09-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L413-L718"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L413-L718"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e98889690101b59260e871c49263314526f2093f"
 		hash = "63297f8c1d4e88415bc094bc5546124c9ed8d57aca3a09e36ae18f5f054ad172"
 		hash = "81388c8cc99353cdb42572bb88df7d3bd70eefc748c2fa4224b6074aa8d7e6a2"
@@ -367881,7 +368492,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Callback : FILE
 		hash = "487e8c08e85774dfd1f5e744050c08eb7d01c6877f7d03d7963187748339e8c4"
 		logic_hash = "e12dec5252a816c10443fe0e0b40b0b9b4a187b32facd8e09e1f057801da25f9"
 		score = 60
-		quality = -153
+		quality = -103
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -368079,8 +368690,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Base64_Encoded_Payloads : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L720-L870"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L720-L870"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "88d0d4696c9cb2d37d16e330e236cb37cfaec4cd"
 		hash = "e3b4e5ec29628791f836e15500f6fdea19beaf3e8d9981c50714656c50d3b365"
 		hash = "e726cd071915534761822805724c6c6bfe0fcac604a86f09437f03f301512dc5"
@@ -368098,7 +368709,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Base64_Encoded_Payloads : FILE
 		hash = "e2b1dfcfaa61e92526a3a444be6c65330a8db4e692543a421e19711760f6ffe2"
 		logic_hash = "8f606dc3e1e688cca144fe769af50980b4c25fa69b08c67aca8c676a6a060010"
 		score = 75
-		quality = -8
+		quality = 17
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -368196,8 +368807,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Unknown_1 : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L872-L894"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L872-L894"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "12ce6c7167b33cc4e8bdec29fb1cfc44ac9487d1"
 		hash = "cf4abbd568ce0c0dfce1f2e4af669ad2"
 		logic_hash = "ce2d4c87c001a45febf7eac5474aa0d24ea73067f9154203ef5653bf77e7028f"
@@ -368225,8 +368836,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Eval : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L896-L955"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L896-L955"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a61437a427062756e2221bfb6d58cd62439d09d9"
 		hash = "90c5cc724ec9cf838e4229e5e08955eec4d7bf95"
 		hash = "2b41abc43c5b6c791d4031005bf7c5104a98e98a00ee24620ce3e8e09a78e78f"
@@ -368248,7 +368859,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Eval : FILE
 		hash = "dd5d8a9b4bb406e0b8f868165a1714fe54ffb18e621582210f96f6e5ae850b33"
 		logic_hash = "4b7759e4761f5897bfb5e576df645a2e99cec4e703fb28d0fc275cf8f8848263"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -368282,8 +368893,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Double_Eval_Tiny : FILE
 		date = "2021-01-11"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L957-L1008"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L957-L1008"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f66fb918751acc7b88a17272a044b5242797976c73a6e54ac6b04b02f61e9761"
 		hash = "6b2f0a3bd80019dea536ddbf92df36ab897dd295840cb15bb7b159d0ee2106ff"
 		hash = "aabfd179aaf716929c8b820eefa3c1f613f8dcac"
@@ -368291,7 +368902,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Double_Eval_Tiny : FILE
 		hash = "006620d2a701de73d995fc950691665c0692af11"
 		logic_hash = "cf0405e8a44497574d75291bf86bf9413d9a64140e820f7f5a655fe5302c6918"
 		score = 75
-		quality = 17
+		quality = 42
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -368321,17 +368932,17 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC : FILE
 		author = "Arnim Rupp (https://github.com/ruppde)"
 		id = "f66e337b-8478-5cd3-b01a-81133edaa8e5"
 		date = "2021-01-12"
-		modified = "2025-07-09"
+		modified = "2025-09-22"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L1010-L1137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L1010-L1139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "eec9ac58a1e763f5ea0f7fa249f1fe752047fa60"
 		hash = "181a71c99a4ae13ebd5c94bfc41f9ec534acf61cd33ef5bce5fb2a6f48b65bf4"
 		hash = "76d4e67e13c21662c4b30aab701ce9cdecc8698696979e504c288f20de92aee7"
 		hash = "1d0643927f04cb1133f00aa6c5fa84aaf88e5cf14d7df8291615b402e8ab6dc2"
-		logic_hash = "c23896664a1fa7ccc94d19fb12bb72c00e1db09fd0d09943c01da40bffe100eb"
+		logic_hash = "d300de628add5912955f4915921dc387bd3ca3e7bf327e3d9f0ae82e3839a3ec"
 		score = 75
-		quality = -73
+		quality = -23
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -368350,6 +368961,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC : FILE
 		$gfp11 = "(eval (getenv \"EPROLOG\")))"
 		$gfp12 = "ZmlsZV9nZXRfY29udGVudHMoJ2h0dHA6Ly9saWNlbnNlLm9wZW5jYXJ0LWFwaS5jb20vbGljZW5zZS5waHA/b3JkZXJ"
 		$gfp13 = "assert(\\\""
+		$gfp14 = "PhutilUTF8TestCase"
+		$gfp15 = "chr(195).chr(128) => 'A',"
 		$php_short = "<?" wide ascii
 		$no_xml1 = "<?xml version" nocase wide ascii
 		$no_xml2 = "<?xml-stylesheet" nocase wide ascii
@@ -368399,14 +369012,14 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Encoded : FILE
 		date = "2021-04-18"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L1139-L1190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L1141-L1192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "119fc058c9c5285498a47aa271ac9a27f6ada1bf4d854ccd4b01db993d61fc52"
 		hash = "d5ca3e4505ea122019ea263d6433221030b3f64460d3ce2c7d0d63ed91162175"
 		hash = "8a1e2d72c82f6a846ec066d249bfa0aaf392c65149d39b7b15ba19f9adc3b339"
 		logic_hash = "c2a88e48374f949fcc9c14b773f7709c96b3147d1982ae9721708474ee5a3dcd"
 		score = 70
-		quality = -89
+		quality = -64
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -368438,8 +369051,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Encoded_Mixed_Dec_And_Hex : FILE
 		date = "2021-04-18"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L1192-L1248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L1194-L1250"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0e21931b16f30b1db90a27eafabccc91abd757fa63594ba8a6ad3f477de1ab1c"
 		hash = "929975272f0f42bf76469ed89ebf37efcbd91c6f8dac1129c7ab061e2564dd06"
 		hash = "88fce6c1b589d600b4295528d3fcac161b581f739095b99cd6c768b7e16e89ff"
@@ -368454,7 +369067,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Encoded_Mixed_Dec_And_Hex : FILE
 		hash = "0ff05e6695074f98b0dee6200697a997c509a652f746d2c1c92c0b0a0552ca47"
 		logic_hash = "d9b4d224d43915cf08050c173627b314c3e41a30ecfffe28038281eadc114e51"
 		score = 75
-		quality = -8
+		quality = 17
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -368483,8 +369096,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Tiny : FILE
 		date = "2021-01-12"
 		modified = "2024-03-11"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L1250-L1345"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L1252-L1347"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b7b7aabd518a2f8578d4b1bc9a3af60d155972f1"
 		hash = "694ec6e1c4f34632a9bd7065f73be473"
 		hash = "5c871183444dbb5c8766df6b126bd80c624a63a16cc39e20a0f7b002216b2ba5"
@@ -368550,8 +369163,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Str_Replace : FILE
 		date = "2021-01-12"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L1347-L1402"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L1349-L1404"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "691305753e26884d0f930cda0fe5231c6437de94"
 		hash = "7efd463aeb5bf0120dc5f963b62463211bd9e678"
 		hash = "fb655ddb90892e522ae1aaaf6cd8bde27a7f49ef"
@@ -368594,14 +369207,14 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Fopo : FILE
 		date = "2021-01-12"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L1404-L1464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L1406-L1466"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "fbcff8ea5ce04fc91c05384e847f2c316e013207"
 		hash = "6da57ad8be1c587bb5cc8a1413f07d10fb314b72"
 		hash = "a698441f817a9a72908a0d93a34133469f33a7b34972af3e351bdccae0737d99"
 		logic_hash = "076c0c256e5951cdcb2b7bc55030f55bec48c1bea953b8bd85559a3230e387ae"
 		score = 75
-		quality = 15
+		quality = 40
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -368642,8 +369255,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Gzinflated : FILE
 		date = "2021-01-12"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L1466-L1539"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L1468-L1541"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "49e5bc75a1ec36beeff4fbaeb16b322b08cf192d"
 		hash = "6f36d201cd32296bad9d5864c7357e8634f365cc"
 		hash = "ab10a1e69f3dfe7c2ad12b2e6c0e66db819c2301"
@@ -368697,15 +369310,15 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_3 : FILE
 		date = "2021-04-17"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L1541-L1847"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L1543-L1849"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "11bb1fa3478ec16c00da2a1531906c05e9c982ea"
 		hash = "d6b851cae249ea6744078393f622ace15f9880bc"
 		hash = "14e02b61905cf373ba9234a13958310652a91ece"
 		hash = "6f97f607a3db798128288e32de851c6f56e91c1d"
 		logic_hash = "aba86f6d8458bb119b9e495e6e77c1b89855bde31b12395a4d656878c5152932"
 		score = 70
-		quality = -223
+		quality = -198
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -368905,15 +369518,15 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Includer_Eval : FILE
 		date = "2021-01-13"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L1849-L1898"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L1851-L1900"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3a07e9188028efa32872ba5b6e5363920a6b2489"
 		hash = "ab771bb715710892b9513b1d075b4e2c0931afb6"
 		hash = "202dbcdc2896873631e1a0448098c820c82bcc8385a9f7579a0dc9702d76f580"
 		hash = "b51a6d208ec3a44a67cce16dcc1e93cdb06fe150acf16222815333ddf52d4db8"
 		logic_hash = "a7e9632c495e5d4cc883e2593c8ebe41cdf6a18b54bd6dfd3aec85352f19321c"
 		score = 75
-		quality = 21
+		quality = 46
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -368945,14 +369558,14 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Includer_Tiny : FILE
 		date = "2021-04-17"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L1900-L1945"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L1902-L1947"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0687585025f99596508783b891e26d6989eec2ba"
 		hash = "9e856f5cb7cb901b5003e57c528a6298341d04dc"
 		hash = "b3b0274cda28292813096a5a7a3f5f77378b8905205bda7bb7e1a679a7845004"
 		logic_hash = "e1efb6384009def30d845650fd0dd77319c3c7b4402cca074ca5c2a06372ab58"
 		score = 75
-		quality = 17
+		quality = 42
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -368981,8 +369594,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Dynamic : FILE
 		date = "2021-01-13"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L1947-L2020"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L1949-L2022"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "65dca1e652d09514e9c9b2e0004629d03ab3c3ef"
 		hash = "b8ab38dc75cec26ce3d3a91cb2951d7cdd004838"
 		hash = "c4765e81550b476976604d01c20e3dbd415366df"
@@ -369038,8 +369651,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Dynamic_Big : FILE
 		date = "2021-02-07"
 		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L2022-L2343"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L2024-L2345"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6559bfc4be43a55c6bb2bd867b4c9b929713d3f7f6de8111a3c330f87a9b302c"
 		hash = "9e82c9c2fa64e26fd55aa18f74759454d89f968068d46b255bd4f41eb556112e"
 		hash = "6def5296f95e191a9c7f64f7d8ac5c529d4a4347ae484775965442162345dc93"
@@ -369051,7 +369664,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Dynamic_Big : FILE
 		hash = "ee34d62e136a04e2eaf84b8daa12c9f2233a366af83081a38c3c973ab5e2c40f"
 		logic_hash = "1a29df7465b475e74d0f21f1705405e9663699a6e3c7b7107988ee3e202c3a25"
 		score = 50
-		quality = -336
+		quality = -361
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -369224,8 +369837,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Encoded_Big : FILE
 		date = "2021-02-07"
 		modified = "2024-12-16"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L2345-L2431"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L2347-L2433"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1d4b374d284c12db881ba42ee63ebce2759e0b14"
 		hash = "fc0086caee0a2cd20609a05a6253e23b5e3245b8"
 		hash = "b15b073801067429a93e116af1147a21b928b215"
@@ -369233,7 +369846,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Encoded_Big : FILE
 		hash = "042245ee0c54996608ff8f442c8bafb8"
 		logic_hash = "9c995f9c1c5e3a70dbb8170f6d1a2fba51c0f29184a5d3647016b520f4bfc0e3"
 		score = 50
-		quality = -125
+		quality = -75
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -369272,8 +369885,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Backticks : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L2433-L2481"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L2435-L2483"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "339f32c883f6175233f0d1a30510caa52fdcaa37"
 		hash = "8db86ad90883cd208cf86acd45e67c03f994998804441705d690cb6526614d00"
 		hash = "af987b0eade03672c30c095cee0c7c00b663e4b3c6782615fb7e430e4a7d1d75"
@@ -369282,7 +369895,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Backticks : FILE
 		hash = "8db86ad90883cd208cf86acd45e67c03f994998804441705d690cb6526614d00"
 		logic_hash = "faa064686a5632788497d0300ba017c3e564f3b70f07a01f2e49bf7c934feb28"
 		score = 75
-		quality = 19
+		quality = 44
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -369311,8 +369924,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Backticks_OBFUSC : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L2483-L2529"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L2485-L2531"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "23dc299f941d98c72bd48659cdb4673f5ba93697"
 		hash = "e3f393a1530a2824125ecdd6ac79d80cfb18fffb89f470d687323fb5dff0eec1"
 		hash = "1e75914336b1013cc30b24d76569542447833416516af0d237c599f95b593f9b"
@@ -369348,8 +369961,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_By_String_Known_Webshell : FILE
 		date = "2021-01-09"
 		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L2531-L2667"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L2533-L2669"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d889da22893536d5965541c30896f4ed4fdf461d"
 		hash = "10f4988a191774a2c6b85604344535ee610b844c1708602a355cf7e9c12c3605"
 		hash = "7b6471774d14510cf6fa312a496eed72b614f6fc"
@@ -369371,7 +369984,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_By_String_Known_Webshell : FILE
 		hash = "d52128bcfff5e9a121eab3d76382420c3eebbdb33cd0879fbef7c3426e819695"
 		logic_hash = "8909bf77b7bacdae092fd7a94099224bf1660a6d341e113412e93f864298851b"
 		score = 70
-		quality = -8
+		quality = 17
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -369458,8 +370071,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Strings_SUSP : FILE
 		date = "2021-01-12"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L2669-L2755"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L2671-L2757"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "0dd568dbe946b5aa4e1d33eab1decbd71903ea04"
 		hash = "dde2bdcde95730510b22ae8d52e4344997cb1e74"
 		hash = "499db4d70955f7d40cf5cbaf2ecaf7a2"
@@ -369467,7 +370080,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Strings_SUSP : FILE
 		hash = "1ab3ae4d613b120f9681f6aa8933d66fa38e4886"
 		logic_hash = "5c3837ab761ee2209fab5fc333b050a56d80addb03b088ae28040c7393429bb3"
 		score = 50
-		quality = 15
+		quality = 40
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -369520,8 +370133,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_In_Htaccess : FILE
 		date = "2021-01-07"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L2757-L2779"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L2759-L2781"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c026d4512a32d93899d486c6f11d1e13b058a713"
 		hash = "d79e9b13a32a9e9f3fa36aa1a4baf444bfd2599a"
 		hash = "e1d1091fee6026829e037b2c70c228344955c263"
@@ -369549,14 +370162,14 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Function_Via_Get : FILE
 		date = "2021-01-09"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L2781-L2825"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L2783-L2827"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ce739d65c31b3c7ea94357a38f7bd0dc264da052d4fd93a1eabb257f6e3a97a6"
 		hash = "d870e971511ea3e082662f8e6ec22e8a8443ca79"
 		hash = "73fa97372b3bb829835270a5e20259163ecc3fdbf73ef2a99cb80709ea4572be"
 		logic_hash = "309203db8e7374531d359e3a723418d47bead45034c4a7bd726fb714622dc039"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -369593,8 +370206,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Writer : FILE
 		date = "2021-04-17"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L2827-L2917"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L2829-L2919"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ec83d69512aa0cc85584973f5f0850932fb1949fb5fb2b7e6e5bbfb121193637"
 		hash = "407c15f94a33232c64ddf45f194917fabcd2e83cf93f38ee82f9720e2635fa64"
 		hash = "988b125b6727b94ce9a27ea42edc0ce282c5dfeb"
@@ -369653,8 +370266,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Writer : FILE
 		date = "2021-03-07"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L2919-L3089"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L2921-L3091"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "df6eaba8d643c49c6f38016531c88332e80af33c"
 		hash = "83642a926291a499916e8c915dacadd0d5a8b91f"
 		hash = "5417fad68a6f7320d227f558bf64657fe3aa9153"
@@ -369742,8 +370355,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_OBFUSC : FILE
 		date = "2021-01-12"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L3091-L3366"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L3093-L3368"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ad597eee256de51ffb36518cd5f0f4aa0f254f27517d28fb7543ae313b15e112"
 		hash = "e0d21fdc16e0010b88d0197ebf619faa4aeca65243f545c18e10859469c1805a"
 		hash = "54a5620d4ea42e41beac08d8b1240b642dd6fd7c"
@@ -369754,7 +370367,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_OBFUSC : FILE
 		hash = "cafc4ede15270ab3f53f007c66e82627a39f4d0f"
 		logic_hash = "96369062f963c3604c05808755fdfca922e5a6da960cb0ee05dee2df72d5d69b"
 		score = 75
-		quality = -142
+		quality = -117
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -369855,8 +370468,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic_Eval_On_Input : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L3368-L3472"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L3370-L3474"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d6b96d844ac395358ee38d4524105d331af42ede"
 		hash = "9be2088d5c3bfad9e8dfa2d7d7ba7834030c7407"
 		hash = "a1df4cfb978567c4d1c353e988915c25c19a0e4a"
@@ -369910,8 +370523,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Nano : FILE
 		date = "2021-01-13"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L3474-L3665"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L3476-L3667"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3b7910a499c603715b083ddb6f881c1a0a3a924d"
 		hash = "990e3f129b8ba409a819705276f8fa845b95dad0"
 		hash = "22345e956bce23304f5e8e356c423cee60b0912c"
@@ -369929,7 +370542,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Nano : FILE
 		hash = "28cfcfe28419a399c606bf96505bc68d6fe05624dba18306993f9fe0d398fbe1"
 		logic_hash = "1b969e098a0b2c86ceba9cbb7f31770ba04f1a4c225716ea27d7e4e4177c90c4"
 		score = 75
-		quality = -142
+		quality = -117
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -370021,8 +370634,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Encoded : FILE
 		date = "2021-03-14"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L3667-L3777"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L3669-L3779"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1bc7327f9d3dbff488e5b0b69a1b39dcb99b3399"
 		hash = "9885ee1952b5ad9f84176c9570ad4f0e32461c92"
 		hash = "27a020c5bc0dbabe889f436271df129627b02196"
@@ -370080,8 +370693,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Encoded_Aspcoding : FILE
 		date = "2021-03-14"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L3779-L3885"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L3781-L3887"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "7cfd184ab099c4d60b13457140493b49c8ba61ee"
 		hash = "f5095345ee085318235c11ae5869ae564d636a5342868d0935de7582ba3c7d7a"
 		logic_hash = "a0f0b8585b28b13a90c5d112997cacea00af8c89c81eda5edf05508ad41459ab"
@@ -370134,8 +370747,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_By_String : FILE
 		date = "2021-01-13"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L3887-L4065"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L3889-L4067"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f72252b13d7ded46f0a206f63a1c19a66449f216"
 		hash = "bd75ac9a1d1f6bcb9a2c82b13ea28c0238360b3a7be909b2ed19d3c96e519d3d"
 		hash = "56a54fe1f8023455800fd0740037d806709ffb9ece1eb9e7486ad3c3e3608d45"
@@ -370150,7 +370763,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_By_String : FILE
 		hash = "de173ea8dcef777368089504a4af0804864295b75e51794038a6d70f2bcfc6f5"
 		logic_hash = "b6ff83bc501753b893a0f5e60c6aafa292617279c0855ce3ba2d0b9b73325e8a"
 		score = 75
-		quality = -66
+		quality = -41
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -370254,15 +370867,15 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Sniffer : FILE
 		date = "2021-03-14"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L4067-L4202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L4069-L4204"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1206c22de8d51055a5e3841b4542fb13aa0f97dd"
 		hash = "60d131af1ed23810dbc78f85ee32ffd863f8f0f4"
 		hash = "c3bc4ab8076ef184c526eb7f16e08d41b4cec97e"
 		hash = "ed5938c04f61795834751d44a383f8ca0ceac833"
 		logic_hash = "874ec4c5dff024a899976e46cd553b52c361779a5507cf08ff0de596fd460d41"
 		score = 75
-		quality = -49
+		quality = -24
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -370323,8 +370936,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic_Tiny : FILE
 		date = "2021-01-07"
 		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L4204-L4413"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L4206-L4415"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "990e3f129b8ba409a819705276f8fa845b95dad0"
 		hash = "52ce724580e533da983856c4ebe634336f5fd13a"
 		hash = "0864f040a37c3e1cef0213df273870ed6a61e4bc"
@@ -370426,15 +371039,15 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic : FILE
 		date = "2021-03-07"
 		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L4415-L4716"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L4417-L4718"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75"
 		hash = "4cf6fbad0411b7d33e38075f5e00d4c8ae9ce2f6f53967729974d004a183b25c"
 		hash = "a91320483df0178eb3cafea830c1bd94585fc896"
 		hash = "f3398832f697e3db91c3da71a8e775ebf66c7e73"
 		logic_hash = "c1807922c71cb591ce63ea2d4531d85c5b45ad0f03db07381f8160aec18264ed"
 		score = 60
-		quality = -151
+		quality = -126
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -370593,14 +371206,14 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic_Registry_Reader : FILE
 		date = "2021-03-14"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L4718-L4865"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L4720-L4867"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4d53416398a89aef3a39f63338a7c1bf2d3fcda4"
 		hash = "f85cf490d7eb4484b415bea08b7e24742704bdda"
 		hash = "898ebfa1757dcbbecb2afcdab1560d72ae6940de"
 		logic_hash = "515bff52bebaad45481202ff934f8d1cbb79c27ccf47ca811077acacb7a47f13"
 		score = 50
-		quality = -53
+		quality = -28
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -370669,8 +371282,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Regeorg_CSHARP : FILE
 		date = "2021-01-11"
 		modified = "2023-07-05"
 		reference = "https://github.com/sensepost/reGeorg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L4867-L4977"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L4869-L4979"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c1f43b7cf46ba12cfc1357b17e4f5af408740af7ae70572c9cf988ac50260ce1"
 		hash = "479c1e1f1c263abe339de8be99806c733da4e8c1"
 		hash = "38a1f1fc4e30c0b4ad6e7f0e1df5a92a7d05020b"
@@ -370678,7 +371291,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Regeorg_CSHARP : FILE
 		hash = "aea0999c6e5952ec04bf9ee717469250cddf8a6f"
 		logic_hash = "0c68f5955df2e75c3b5b4f1c6398fd57add1f64bfb3d46ccebf1c6767f5d2eb1"
 		score = 75
-		quality = -57
+		quality = -7
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -370729,8 +371342,8 @@ rule SIGNATURE_BASE_WEBSHELL_CSHARP_Generic : FILE
 		date = "2021-01-11"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L4979-L5087"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L4981-L5089"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b6721683aadc4b4eba4f081f2bc6bc57adfc0e378f6d80e2bfa0b1e3e57c85c7"
 		hash = "4b365fc9ddc8b247a12f4648cd5c91ee65e33fae"
 		hash = "019eb61a6b5046502808fb5ab2925be65c0539b4"
@@ -370738,7 +371351,7 @@ rule SIGNATURE_BASE_WEBSHELL_CSHARP_Generic : FILE
 		hash = "a91320483df0178eb3cafea830c1bd94585fc896"
 		logic_hash = "fb367b79c8ed4a61618594db903cf3d70524685d7710d243163958ecb47634aa"
 		score = 75
-		quality = -30
+		quality = -5
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -370788,8 +371401,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Runtime_Compile : FILE
 		date = "2021-01-11"
 		modified = "2023-04-05"
 		reference = "https://github.com/antonioCoco/SharPyShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L5089-L5187"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L5091-L5189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e826c4139282818d38dcccd35c7ae6857b1d1d01"
 		hash = "e20e078d9fcbb209e3733a06ad21847c5c5f0e52"
 		hash = "57f758137aa3a125e4af809789f3681d1b08ee5b"
@@ -370801,7 +371414,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Runtime_Compile : FILE
 		hash = "8ce4eaf111c66c2e6c08a271d849204832713f8b66aceb5dadc293b818ccca9e"
 		logic_hash = "6699a44e396eedebb3bafa0e89c3b6d080586a158ed056ec7220bdf2ad764444"
 		score = 75
-		quality = -6
+		quality = 19
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -370854,8 +371467,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_SQL : FILE
 		date = "2021-03-14"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L5189-L5370"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L5191-L5372"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "216c1dd950e0718e35bc4834c5abdc2229de3612"
 		hash = "ffe44e9985d381261a6e80f55770833e4b78424bn"
 		hash = "3d7cd32d53abc7f39faed133e0a8f95a09932b64"
@@ -370958,13 +371571,13 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Scan_Writable : FILE
 		date = "2021-03-14"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L5372-L5515"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L5374-L5517"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2409eda9047085baf12e0f1b9d0b357672f7a152"
 		hash = "af1c00696243f8b062a53dad9fb8b773fa1f0395631ffe6c7decc42c47eedee7"
 		logic_hash = "80969fd0c27903dabf08a250a47971725ac5762fd2f9afd96167b8f88f277348"
 		score = 75
-		quality = -89
+		quality = -64
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -371031,8 +371644,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Regeorg : FILE
 		date = "2021-01-24"
 		modified = "2024-12-09"
 		reference = "https://github.com/sensepost/reGeorg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L5517-L5567"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L5519-L5569"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6db49e43722080b5cd5f07e058a073ba5248b584"
 		hash = "650eaa21f4031d7da591ebb68e9fc5ce5c860689"
 		hash = "00c86bf6ce026ccfaac955840d18391fbff5c933"
@@ -371040,7 +371653,7 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Regeorg : FILE
 		hash = "9108a33058aa9a2fb6118b719c5b1318f33f0989"
 		logic_hash = "9d4c60a4daaadf6cefe8bf1d84b1e4af491cd23136332db4a022715b265c8f4e"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -371074,14 +371687,14 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_HTTP_Proxy : FILE
 		date = "2021-01-24"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L5569-L5617"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L5571-L5619"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2f9b647660923c5262636a5344e2665512a947a4"
 		hash = "97c1e2bf7e769d3fc94ae2fc74ac895f669102c6"
 		hash = "2f9b647660923c5262636a5344e2665512a947a4"
 		logic_hash = "7183902d43fc633db06a41b4a6bc02d2eb5662b7ee08080b57563783b8b67568"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -371115,8 +371728,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Writer_Nano : FILE
 		date = "2021-01-24"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L5619-L5700"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L5621-L5702"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ac91e5b9b9dcd373eaa9360a51aa661481ab9429"
 		hash = "c718c885b5d6e29161ee8ea0acadb6e53c556513"
 		hash = "9f1df0249a6a491cdd5df598d83307338daa4c43"
@@ -371167,8 +371780,8 @@ rule SIGNATURE_BASE_EXT_WEBSHELL_JSP_Generic_Tiny : FILE
 		date = "2021-01-07"
 		modified = "2024-12-16"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L5702-L5787"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L5704-L5789"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8fd343db0442136e693e745d7af1018a99b042af"
 		hash = "87c3ac9b75a72187e8bc6c61f50659435dbdc4fde6ed720cebb93881ba5989d8"
 		hash = "1aa6af726137bf261849c05d18d0a630d95530588832aadd5101af28acc034b5"
@@ -371220,8 +371833,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic : FILE
 		date = "2021-01-07"
 		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L5789-L5883"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L5791-L5885"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4762f36ca01fb9cda2ab559623d2206f401fc0b1"
 		hash = "bdaf9279b3d9e07e955d0ce706d9c42e4bdf9aa1"
 		hash = "ee9408eb923f2d16f606a5aaac7e16b009797a07"
@@ -371281,8 +371894,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Base64 : FILE
 		date = "2021-01-24"
 		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L5885-L5962"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L5887-L5964"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "8b5fe53f8833df3657ae2eeafb4fd101c05f0db0"
 		hash = "1b916afdd415dfa4e77cecf47321fd676ba2184d"
 		logic_hash = "1787b7c6e587e1745930faaac5d28338a86baf6abc19be7c0ffe875029ff6ca1"
@@ -371336,8 +371949,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Processbuilder : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L5964-L6001"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L5966-L6003"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "82198670ac2072cd5c2853d59dcd0f8dfcc28923"
 		hash = "c05a520d96e4ebf9eb5c73fc0fa446ceb5caf343"
 		hash = "347a55c174ee39ec912d9107e971d740f3208d53af43ea480f502d177106bbe8"
@@ -371373,8 +371986,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Reflection : FILE
 		date = "2021-01-07"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L6003-L6085"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L6005-L6087"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "62e6c6065b5ca45819c1fc049518c81d7d165744"
 		hash = "bf0ff88cbb72c719a291c722ae3115b91748d5c4920afe7a00a0d921d562e188"
 		logic_hash = "386aeb3745c5dd815f00bbc941450a2c3f1ddfc2956c67ecd5bee9318b1756ef"
@@ -371420,8 +372033,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Classloader : FILE
 		date = "2021-01-07"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L6087-L6164"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L6089-L6166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6b546e78cc7821b63192bb8e087c133e8702a377d17baaeb64b13f0dd61e2347"
 		hash = "f3a7e28e1c38fa5d37811bdda1d6b0893ab876023d3bd696747a35c04141dcf0"
 		hash = "8ea2a25344e6094fa82dfc097bbec5f1675f6058f2b7560deb4390bcbce5a0e7"
@@ -371467,8 +372080,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Encoded_Shell : FILE
 		date = "2021-01-07"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L6166-L6192"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L6168-L6194"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "3eecc354390d60878afaa67a20b0802ce5805f3a9bb34e74dd8c363e3ca0ea5c"
 		hash = "f6c2112e3a25ec610b517ff481675b2ce893cb9f"
 		hash = "62e6c6065b5ca45819c1fc049518c81d7d165744"
@@ -371500,13 +372113,13 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Netspy : FILE
 		date = "2021-01-24"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L6194-L6260"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L6196-L6262"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "94d1aaabde8ff9b4b8f394dc68caebf981c86587"
 		hash = "3870b31f26975a7cb424eab6521fc9bffc2af580"
 		logic_hash = "65432e42ad2626b62b1d1a6298c301513c2fb03d89193a77b053069cebcb45e9"
 		score = 75
-		quality = -24
+		quality = 1
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -371551,8 +372164,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_By_String : FILE
 		date = "2021-01-09"
 		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L6262-L6361"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L6264-L6363"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e9060aa2caf96be49e3b6f490d08b8a996c4b084"
 		hash = "4c2464503237beba54f66f4a099e7e75028707aa"
 		hash = "06b42d4707e7326aff402ecbb585884863c6351a"
@@ -371618,8 +372231,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Input_Upload_Write : FILE
 		date = "2021-01-24"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L6363-L6423"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L6365-L6425"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ef98ca135dfb9dcdd2f730b18e883adf50c4ab82"
 		hash = "583231786bc1d0ecca7d8d2b083804736a3f0a32"
 		hash = "19eca79163259d80375ebebbc440b9545163e6a3"
@@ -371663,8 +372276,8 @@ rule SIGNATURE_BASE_WEBSHELL_Generic_OS_Strings : FILE
 		date = "2021-01-12"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L6425-L6594"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L6427-L6596"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d5bfe40283a28917fcda0cefd2af301f9a7ecdad"
 		hash = "fd45a72bda0a38d5ad81371d68d206035cb71a14"
 		hash = "b4544b119f919d8cbf40ca2c4a7ab5c1a4da73a3"
@@ -371673,7 +372286,7 @@ rule SIGNATURE_BASE_WEBSHELL_Generic_OS_Strings : FILE
 		hash = "0353ae68b12b8f6b74794d3273967b530d0d526f"
 		logic_hash = "10b956cac601c97d1483d35a7730d7178c4175800b4e4c9ed62ad583d3cac3d7"
 		score = 50
-		quality = -123
+		quality = -98
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -371744,8 +372357,8 @@ rule SIGNATURE_BASE_WEBSHELL_In_Image : FILE
 		date = "2021-02-27"
 		modified = "2024-03-11"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L6596-L6856"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L6598-L6858"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d4fde4e691db3e70a6320e78657480e563a9f87935af873a99db72d6a9a83c78"
 		hash = "84938133ee6e139a2816ab1afc1c83f27243c8ae76746ceb2e7f20649b5b16a4"
 		hash = "52b918a64afc55d28cd491de451bb89c57bce424f8696d6a94ec31fb99b17c11"
@@ -371873,8 +372486,8 @@ rule SIGNATURE_BASE_WEBSHELL_Mixed_OBFUSC : FILE
 		date = "2023-01-28"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L6858-L6882"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L6860-L6884"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "76cc6390cbdb81055c72edb124db2bf52e3d0b975406367a9c49a0ee6621d30b"
 		score = 50
 		quality = 85
@@ -371907,8 +372520,8 @@ rule SIGNATURE_BASE_WEBSHELL_Cookie_Post_Obfuscation : FILE
 		date = "2023-01-28"
 		modified = "2023-04-05"
 		reference = "https://github.com/SigmaHQ/Detection-Rule-License/blob/main/LICENSE.Detection.Rules.md"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_webshells.yar#L6884-L6910"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_webshells.yar#L6886-L6912"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "d08a00e56feb78b7f6599bad6b9b1d8626ce9a6ea1dfdc038358f4c74e6f65c9"
 		hash = "2ce5c4d31682a5a59b665905a6f698c280451117e4aa3aee11523472688edb31"
 		hash = "ff732d91a93dfd1612aed24bbb4d13edb0ab224d874f622943aaeeed4356c662"
@@ -371941,11 +372554,11 @@ rule SIGNATURE_BASE_Gen_Python_Reverse_Shell : FILE
 		date = "2018-02-24"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/en/file/9ec5102bcbabc45f2aa7775464f33019cfbe9d766b1332ee675957c923a17efd/analysis/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_python_reverse_shell.yara#L1-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_python_reverse_shell.yara#L1-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "12b1424265cd0ea62b8dd5c08933f1285a156d906df6c31ca9a94fbc303f248e"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = "FILE"
 		hash1 = "9ec5102bcbabc45f2aa7775464f33019cfbe9d766b1332ee675957c923a17efd"
 		hash2 = "bfb5c622a3352bb71b86df81c45ccefaa68b9f7cc0a3577e8013aad951308f12"
@@ -371972,8 +372585,8 @@ rule SIGNATURE_BASE_Apt_Nix_Elf_Derusbi_1 : FILE
 		date = "2016-02-29"
 		modified = "2023-05-04"
 		reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turbo_campaign.yar#L1-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turbo_campaign.yar#L1-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "61ef65a1500d3def3376a82bc376db451d202d18b03855ee279b6c01757deb2a"
 		score = 75
 		quality = 83
@@ -372030,8 +372643,8 @@ rule SIGNATURE_BASE_Apt_Nix_Elf_Derusbi_Kernelmodule_1 : FILE
 		date = "2016-02-29"
 		modified = "2023-05-04"
 		reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turbo_campaign.yar#L51-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turbo_campaign.yar#L51-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fab37e2dbe05c694da6e428aa922747b276c2827cbbd2b6c8002f0cc30c2870c"
 		score = 75
 		quality = 85
@@ -372071,8 +372684,8 @@ rule SIGNATURE_BASE_Apt_Nix_Elf_Derusbi_Linux_Sharedmemcreation_1 : FILE
 		date = "2016-02-29"
 		modified = "2023-12-05"
 		reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turbo_campaign.yar#L85-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turbo_campaign.yar#L85-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "adbdccea9ea7aefcca18d659c027a49e7e2e053873b77ddaf369203b3e301033"
 		score = 75
 		quality = 85
@@ -372093,8 +372706,8 @@ rule SIGNATURE_BASE_Apt_Nix_Elf_Derusbi_Linux_Strings_1 : FILE
 		date = "2016-02-29"
 		modified = "2023-12-05"
 		reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turbo_campaign.yar#L98-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turbo_campaign.yar#L98-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b54b406a562247d4c3d4a9c4d1b7584bdcecfe5b6c76867c04770e016eeb8c9a"
 		score = 75
 		quality = 83
@@ -372128,8 +372741,8 @@ rule SIGNATURE_BASE_Apt_Win_Exe_Trojan_Derusbi_1 : FILE
 		date = "2016-02-29"
 		modified = "2023-12-05"
 		reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turbo_campaign.yar#L130-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turbo_campaign.yar#L130-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "02fb4da724b257aef0ec0fecfe5b7a25a23fe4dd5baae0ddd2d21350b9af34e9"
 		score = 75
 		quality = 83
@@ -372180,8 +372793,8 @@ rule SIGNATURE_BASE_MAL_Enfal_Nov22 : FILE
 		modified = "2023-01-06"
 		old_rule_name = "Enfal_Malware"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.enfal"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_enfal.yar#L1-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_enfal.yar#L1-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bf349ba2b7bd635808b4ee23c6286e7dd403fbc185c6b59f0bb1fbf47ba7d9bb"
 		score = 75
 		quality = 85
@@ -372209,8 +372822,8 @@ rule SIGNATURE_BASE_Enfal_Malware_Backdoor : FILE
 		date = "2015-02-10"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_enfal.yar#L27-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_enfal.yar#L27-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6ce0c19e666cc0db50194bd56f51beddeee22c787b67810655241fdd4d34a31e"
 		score = 60
 		quality = 85
@@ -372244,8 +372857,8 @@ rule SIGNATURE_BASE_MAL_JS_NPM_Supplychain_Attack_Sep25 : FILE
 		date = "2025-09-09"
 		modified = "2025-09-17"
 		reference = "https://www.linkedin.com/feed/update/urn:li:activity:7370889385992437760/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_npm_supply_chain_sep25.yar#L1-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_npm_supply_chain_sep25.yar#L1-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "98d83d83e63bedeeb2a79acbccc9a738c0f2c93256817d87ed697cdec699c89f"
 		score = 85
 		quality = 85
@@ -372269,8 +372882,8 @@ rule SIGNATURE_BASE_MAL_JS_NPM_Supplychain_Compromise_Sep25 : FILE
 		date = "2025-09-16"
 		modified = "2025-09-17"
 		reference = "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_npm_supply_chain_sep25.yar#L20-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_npm_supply_chain_sep25.yar#L20-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6ddcf152ee8b90496d9d3f7f51dc239d927a3a2095082d13c6cc7e21819097f4"
 		score = 80
 		quality = 85
@@ -372295,8 +372908,8 @@ rule SIGNATURE_BASE_APT_APT41_POISONPLUG_3 : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt41.yar#L14-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt41.yar#L14-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b74b89ac382b2b839c169cd1388d86888172f133091afd079ec42c9380935fdc"
 		score = 80
 		quality = 85
@@ -372323,8 +372936,8 @@ rule SIGNATURE_BASE_APT_APT41_POISONPLUG_SHADOW : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt41.yar#L33-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt41.yar#L33-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fc923c7e85f3870e08a077b344e575d3c349fa02f3d218a9a7ec31992f14866b"
 		score = 85
 		quality = 85
@@ -372343,8 +372956,8 @@ rule SIGNATURE_BASE_APT_APT41_CRACKSHOT : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt41.yar#L46-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt41.yar#L46-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "70dd9edfc7f9ace7b00a35eb2ef664aa4fbaab8e2d268922d1593074897e769c"
 		score = 85
 		quality = 85
@@ -372370,8 +372983,8 @@ rule SIGNATURE_BASE_APT_APT41_POISONPLUG_2 : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt41.yar#L66-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt41.yar#L66-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f2ec2e91edaaf976169b1fa6645aeae75135e5d5f522e0fda2438f84d674f383"
 		score = 70
 		quality = 85
@@ -372397,8 +373010,8 @@ rule SIGNATURE_BASE_APT_APT41_POISONPLUG : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt41.yar#L84-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt41.yar#L84-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "34459c2a8a13b8084c93a640723a3e2b67d2f695ff84ab63f4e313cacc458f32"
 		score = 80
 		quality = 85
@@ -372426,8 +373039,8 @@ rule SIGNATURE_BASE_APT_APT41_HIGHNOON : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt41.yar#L108-L135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt41.yar#L108-L135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c8afa91f90157c3ac0f7954cd2d42022392c4e6f039d88d1dd4bace19028c2b1"
 		score = 85
 		quality = 85
@@ -372463,8 +373076,8 @@ rule SIGNATURE_BASE_APT_APT41_HIGHNOON_2 : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt41.yar#L137-L157"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt41.yar#L137-L157"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dc35b78df1631b1c9650de2bac625a7bc629225f36fe5e32fbff829cb77dc9ac"
 		score = 75
 		quality = 85
@@ -372490,8 +373103,8 @@ rule SIGNATURE_BASE_APT_APT41_HIGHNOON_BIN : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt41.yar#L159-L180"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt41.yar#L159-L180"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c6557bff952454482271d1b52fb37b2dd0471abd237449fd9c94b293ea5218b3"
 		score = 90
 		quality = 85
@@ -372518,8 +373131,8 @@ rule SIGNATURE_BASE_APT_APT41_HIGHNOON_BIN_2 : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt41.yar#L182-L200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt41.yar#L182-L200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1e3d622b4719962f59d95dbf1374c526c22461dd1d9313504f28e8e5c9184272"
 		score = 85
 		quality = 85
@@ -372547,8 +373160,8 @@ rule SIGNATURE_BASE_APT_APT41_Revokedcert_Aug19_1 : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt41.yar#L202-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt41.yar#L202-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f78c1310f99ac1993b01f3469f2f8e0765b79b2ea17fc6e7cff4e99949ca1139"
 		score = 60
 		quality = 85
@@ -372566,8 +373179,8 @@ rule SIGNATURE_BASE_APT_APT41_CN_ELF_Speculoos_Backdoor : FILE
 		date = "2020-04-14"
 		modified = "2023-12-05"
 		reference = "https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt41.yar#L233-L267"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt41.yar#L233-L267"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ee4cbbc5fc51fb24cbf6017dfb4763ac72a0b23a3b6e794b909e678ebfbabc03"
 		score = 90
 		quality = 85
@@ -372607,8 +373220,8 @@ rule SIGNATURE_BASE_APT12_Malware_Aug17 : FILE
 		date = "2017-08-30"
 		modified = "2023-12-05"
 		reference = "http://blog.macnica.net/blog/2017/08/post-fb81.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt12_malware.yar#L13-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt12_malware.yar#L13-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0766376689540680f8db699f64aa89fc32ddef619a74864eb816c598b8d08c8a"
 		score = 75
 		quality = 85
@@ -372630,11 +373243,11 @@ rule SIGNATURE_BASE_SUSP_Macos_Plist_Suspicious : FILE
 		modified = "2025-06-03"
 		old_rule_name = "gen_malware_MacOS_plist_suspicious"
 		reference = "https://objective-see.com/blog/blog_0x3A.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_malware_MacOS_plist_suspicious.yar#L1-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_malware_MacOS_plist_suspicious.yar#L1-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "52076ec107b5bcbbe35265dfc4034a6a25a453459d22392848980b22115f68bc"
 		score = 60
-		quality = 58
+		quality = 33
 		tags = "FILE"
 		hash1 = "0541fc6a11f4226d52ae3d4158deb8f50ed61b25bb5f889d446102e1ee57b76d"
 		hash2 = "6cc6abec7d203f99c43ce16630edc39451428d280b02739757f17fd01fc7dca3"
@@ -372691,8 +373304,8 @@ rule SIGNATURE_BASE_Datper_Backdoor : FILE
 		date = "2017-08-21"
 		modified = "2023-12-05"
 		reference = "http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_tick_datper.yar#L13-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_tick_datper.yar#L13-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eacdc648226f20fa3847f0b5e8cafcee59cc1c6274cabb885db297f5b5fceafb"
 		score = 75
 		quality = 85
@@ -372725,8 +373338,8 @@ rule SIGNATURE_BASE_EXP_Libre_Office_CVE_2018_16858 : CVE_2018_16858 FILE
 		date = "2019-02-01"
 		modified = "2023-12-05"
 		reference = "https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2018_16858.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2018_16858.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "95a02b70c117947ff989e3e00868c2185142df9be751a3fefe21f18fa16a1a6f"
 		logic_hash = "6dd34350f24945ba5a594acae96dc00bb200841a645443a70a59006cea1db949"
 		score = 75
@@ -372750,8 +373363,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_Mal_HTA : CVE_2017_8759 FILE
 		date = "2017-09-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Voulnet/CVE-2017-8759-Exploit-sample"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2017_8759.yar#L11-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2017_8759.yar#L11-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f98578104e411fcf75a46f8a0bc3e561c94d0ca4ad7c1aae2595d03a29efd74e"
 		score = 75
 		quality = 85
@@ -372774,8 +373387,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_Mal_Doc : CVE_2017_8759 FILE
 		date = "2017-09-14"
 		modified = "2023-11-21"
 		reference = "https://github.com/Voulnet/CVE-2017-8759-Exploit-sample"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2017_8759.yar#L26-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2017_8759.yar#L26-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0c81feebef463fee41661ca951a39ee789db5d36acc8262ddb391609d8680108"
 		score = 75
 		quality = 85
@@ -372802,8 +373415,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_SOAP_Via_JS : FILE
 		date = "2017-09-14"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/buffaloverflow/status/907728364278087680"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2017_8759.yar#L47-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2017_8759.yar#L47-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3c170479283fe859b9ecfba4834396aaf78b375472250a4b188bc913f69c97fd"
 		score = 60
 		quality = 81
@@ -372826,8 +373439,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_SOAP_Excel : CVE_2017_8759 FILE
 		date = "2017-09-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/buffaloverflow/status/908455053345869825"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2017_8759.yar#L63-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2017_8759.yar#L63-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "adea595b251796e93cdc54cc59198d88a68e28d42899c90721f63f6813df24fe"
 		score = 60
 		quality = 83
@@ -372849,8 +373462,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_SOAP_Txt : CVE_2017_8759 FILE
 		date = "2017-09-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Voulnet/CVE-2017-8759-Exploit-sample"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2017_8759.yar#L78-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2017_8759.yar#L78-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "184179006ed2ac2ad76e09c53196805fcb1b7380dab1d5740b4469a89d6b0b32"
 		score = 75
 		quality = 60
@@ -372874,8 +373487,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_WSDL_In_RTF : CVE_2017_8759 FILE
 		date = "2017-09-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/xdxdxdxdoa/status/908665278199996416"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2017_8759.yar#L94-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2017_8759.yar#L94-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "47adc7adfc55239792aef818648546adb1627e74690de0d811100cc49aab8c2f"
 		score = 75
 		quality = 85
@@ -372901,8 +373514,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lorenz_May21_1 : FILE
 		date = "2021-05-04"
 		modified = "2023-12-05"
 		reference = "Internal Research - DACH TE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_ransom_lorenz.yar#L1-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_ransom_lorenz.yar#L1-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "aec940deb2c3bc099a50a2e8f014ae425d306d331078d9ac2abc2ec7b8bf572e"
 		score = 75
 		quality = 85
@@ -372933,8 +373546,8 @@ rule SIGNATURE_BASE_Reflectiveloader : FILE
 		date = "2017-07-17"
 		modified = "2021-03-15"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_loaders.yar#L14-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_loaders.yar#L14-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4d839674f8d8181b11af964a7c84a9eb8f07623500dd2695fca9ca3b15c247e2"
 		score = 70
 		quality = 85
@@ -372963,8 +373576,8 @@ rule SIGNATURE_BASE_Reflective_DLL_Loader_Aug17_1 : FILE
 		date = "2017-08-20"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_loaders.yar#L53-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_loaders.yar#L53-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9ad012dda538d37242c92c6ed16a0fb1cd9252a2884387f8e7d9c80b041c8fea"
 		score = 75
 		quality = 85
@@ -372990,8 +373603,8 @@ rule SIGNATURE_BASE_DLL_Injector_Lynx : FILE
 		date = "2017-08-20"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_loaders.yar#L78-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_loaders.yar#L78-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1904b152c42126abd87671747dc2733e2a5e2a01ab55346c131fb430fe5ba58e"
 		score = 75
 		quality = 85
@@ -373021,8 +373634,8 @@ rule SIGNATURE_BASE_Reflective_DLL_Loader_Aug17_2 : FILE
 		date = "2017-08-20"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_loaders.yar#L102-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_loaders.yar#L102-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f01b2cf754c3527d0d7fd44c28d3cdb9327762572b43a7d6f7667e5c2a26ab17"
 		score = 60
 		quality = 85
@@ -373051,8 +373664,8 @@ rule SIGNATURE_BASE_Reflective_DLL_Loader_Aug17_3 : FILE
 		date = "2017-08-20"
 		modified = "2022-12-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_loaders.yar#L130-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_loaders.yar#L130-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4fbba94e6d3dc7b4976c90c0f95683c548f3c444bf5eaf0a7c55d96150978a67"
 		score = 75
 		quality = 85
@@ -373079,8 +373692,8 @@ rule SIGNATURE_BASE_Reflective_DLL_Loader_Aug17_4 : FILE
 		date = "2017-08-20"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_loaders.yar#L156-L176"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_loaders.yar#L156-L176"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b988ea586589dced18f2165eff431be897b3e96fce2d124f5f41d52b520ccd76"
 		score = 75
 		quality = 85
@@ -373107,8 +373720,8 @@ rule SIGNATURE_BASE_Quarkspwdump_Gen
 		date = "2015-09-29"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_quarkspwdump.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_quarkspwdump.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "327235260076f97c29acc1ca997205d08ef55fad795594fe2268f1d8e666d636"
 		score = 80
 		quality = 85
@@ -373140,8 +373753,8 @@ rule SIGNATURE_BASE_Industroyer_Malware_1 : FILE
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/x81cSy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_industroyer.yar#L12-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_industroyer.yar#L12-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "276b7abdf43b62c3943a8dc362e1c68b23cc505d288e4395a6ac3cb4795371f2"
 		score = 75
 		quality = 85
@@ -373175,8 +373788,8 @@ rule SIGNATURE_BASE_Industroyer_Malware_2 : FILE
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/x81cSy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_industroyer.yar#L39-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_industroyer.yar#L39-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cda3e21c130acd76785905364416b3e8803e866dd93529da57ec980e7af081b7"
 		score = 75
 		quality = 83
@@ -373222,8 +373835,8 @@ rule SIGNATURE_BASE_Industroyer_Portscan_3 : FILE
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/x81cSy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_industroyer.yar#L79-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_industroyer.yar#L79-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "539a420989c178b3fa26e313d23e9f9c6804aa6dbd2d94f463ae924d46ac2851"
 		score = 75
 		quality = 85
@@ -373253,8 +373866,8 @@ rule SIGNATURE_BASE_Industroyer_Portscan_3_Output
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/x81cSy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_industroyer.yar#L102-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_industroyer.yar#L102-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6a2fc7b66b1e93f523e08e12ba420d261bae198918bb09eac1a7cdecc04a6737"
 		score = 75
 		quality = 85
@@ -373277,8 +373890,8 @@ rule SIGNATURE_BASE_Industroyer_Malware_4 : FILE
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/x81cSy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_industroyer.yar#L117-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_industroyer.yar#L117-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cb850445eaf3e1a6c9a9d6c453ed0f6729a95a671a01ce8fbaddf15599e4f2ba"
 		score = 75
 		quality = 85
@@ -373303,8 +373916,8 @@ rule SIGNATURE_BASE_Industroyer_Malware_5 : FILE
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/x81cSy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_industroyer.yar#L136-L158"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_industroyer.yar#L136-L158"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9dfd3cfc724f0dfe090b1bcbf03b9ebd0d01b3d781f833a8ca6ba1451a63d5ad"
 		score = 75
 		quality = 85
@@ -373335,8 +373948,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_1 : FILE
 		date = "2019-10-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_trickbot.yar#L3-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_trickbot.yar#L3-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fef15c0bda6dc2b28f34791da3ca68a03f7368b63ead17e631a2d4f05d1b40e2"
 		score = 75
 		quality = 85
@@ -373364,8 +373977,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_2 : FILE
 		date = "2019-10-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_trickbot.yar#L24-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_trickbot.yar#L24-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "185e59c156218b418bec0c94144b19639c17e3a9595d993e3761eae15379f9fb"
 		score = 75
 		quality = 85
@@ -373390,8 +374003,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_3 : FILE
 		date = "2019-10-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_trickbot.yar#L40-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_trickbot.yar#L40-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "87860212077b63bf3e4835a3a64b934fc7edd3258355a3e94a69acaba39c2516"
 		score = 75
 		quality = 85
@@ -373417,8 +374030,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_4 : FILE
 		date = "2019-10-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_trickbot.yar#L58-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_trickbot.yar#L58-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c109510d86260b4173bbbac5fe69936acb109e7fdbe71fbe2955e5ed85f5cd85"
 		score = 75
 		quality = 85
@@ -373447,8 +374060,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_5 : FILE
 		date = "2019-10-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_trickbot.yar#L79-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_trickbot.yar#L79-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e304b236dd58faa0e6fdd73bc93c24f6ff0ec6c1f9a54b104f8e87441834e22b"
 		score = 75
 		quality = 85
@@ -373475,8 +374088,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_6 : FILE
 		date = "2019-10-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_trickbot.yar#L98-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_trickbot.yar#L98-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "599b1f56483f4ea267595b90dd4ef93b7e2147e4a0d8449cdd9d2539a96c3f79"
 		score = 75
 		quality = 85
@@ -373502,8 +374115,8 @@ rule SIGNATURE_BASE_Fakem_Generic : FILE
 		date = "2016-01-25"
 		modified = "2023-01-06"
 		reference = "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_fakem_backdoor.yar#L8-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_fakem_backdoor.yar#L8-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0ee606be48961d1e4c1fd9e0e10b53603cfd62cec652baef62f893c0a9e9684c"
 		score = 85
 		quality = 85
@@ -373547,8 +374160,8 @@ rule SIGNATURE_BASE_SUSP_VULN_DRV_PROCEXP152_May23 : FILE
 		date = "2023-05-05"
 		modified = "2023-07-28"
 		reference = "https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/thor_inverse_matches.yar#L502-L520"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/thor_inverse_matches.yar#L502-L520"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d988bba837b91b2ad7f69be8765a948848bce21e2daa53af602f714758cda4d4"
 		score = 50
 		quality = 85
@@ -373572,8 +374185,8 @@ rule SIGNATURE_BASE_Gazer_Certificate_1 : FILE
 		date = "2017-08-30"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_gazer.yar#L27-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_gazer.yar#L27-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ef248ac5cdde0034d940f80b32966fe64841dcf99923dfc0a7035354af963f56"
 		score = 75
 		quality = 85
@@ -373595,8 +374208,8 @@ rule SIGNATURE_BASE_Gazer_Logfile_Name_1 : FILE
 		date = "2017-08-30"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_gazer.yar#L41-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_gazer.yar#L41-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c893ec41884f106329350c079b087e41a5b9f1040ab0892c90c03972d49dc070"
 		score = 75
 		quality = 85
@@ -373619,8 +374232,8 @@ rule SIGNATURE_BASE_SUSP_BAT_Aux_Jan20_1 : FILE
 		date = "2020-01-29"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_bat_aux.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_bat_aux.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6b8cd9b7683a18a02a81222d6819fe903500702c83f198f73ac428d1bc91fb9a"
 		score = 65
 		quality = 85
@@ -373646,8 +374259,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Linux_Malware_Indicators_Aug20_1 : FILE
 		date = "2020-08-03"
 		modified = "2025-02-12"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_lnx_malware_indicators.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_lnx_malware_indicators.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fbe84c936709653480d469a07e284aea7ef68aedaaa4295073ce59d37eb6d791"
 		score = 65
 		quality = 85
@@ -373676,8 +374289,8 @@ rule SIGNATURE_BASE_Lightftp_Fftp_X86_64 : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/hfiref0x/LightFTP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/pup_lightftp.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/pup_lightftp.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f29a98a4014fc6c026aef4054bc2bee7bde2e9ad7f26f2368fdf0949f50847bb"
 		score = 50
 		quality = 85
@@ -373705,8 +374318,8 @@ rule SIGNATURE_BASE_Lightftp_Config : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/hfiref0x/LightFTP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/pup_lightftp.yar#L23-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/pup_lightftp.yar#L23-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ce9821213538d39775af4a48550eefa3908323c5"
 		logic_hash = "1e8c06dac9a5910816703ed15bef83116d9e2d9e612fda69697170ed98ee5f60"
 		score = 75
@@ -373734,8 +374347,8 @@ rule SIGNATURE_BASE_EXPL_Gitlab_CE_RCE_CVE_2021_22205 : CVE_2021_22205
 		date = "2021-10-26"
 		modified = "2023-12-05"
 		reference = "https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_gitlab_cve_2021_22205.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_gitlab_cve_2021_22205.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "54b841716a6bd56706c1c38fcda9a27ffd7feba2660602b191e8e347983e578d"
 		score = 70
 		quality = 85
@@ -373764,11 +374377,11 @@ rule SIGNATURE_BASE_EXPL_Gitlab_CE_RCE_Malformed_JPG_CVE_2021_22204 : CVE_2021_2
 		date = "2021-10-26"
 		modified = "2023-12-05"
 		reference = "https://attackerkb.com/topics/D41jRUXCiJ/cve-2021-22205/rapid7-analysis?referrer=blog"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_gitlab_cve_2021_22205.yar#L29-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_gitlab_cve_2021_22205.yar#L29-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0718ad24337acbb746c6e0d7e0b42d2d034ff583ec6fd12b34fda4737d7e78b0"
 		score = 70
-		quality = 58
+		quality = 83
 		tags = "CVE-2021-22204, CVE-2021-22205, FILE"
 
 	strings:
@@ -373787,8 +374400,8 @@ rule SIGNATURE_BASE_MAL_Icedid_GZIP_LDR_202104 : FILE
 		date = "2021-04-12"
 		modified = "2023-01-27"
 		reference = "https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_icedid.yar#L14-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_icedid.yar#L14-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7a7cc6c7dcbf43bace6a1f259af38560327c34386517e719ad81068b2d9b6659"
 		score = 75
 		quality = 85
@@ -373819,8 +374432,8 @@ rule SIGNATURE_BASE_MAL_Qbot_HTML_Smuggling_Indicators_Oct22_1 : FILE
 		date = "2022-10-07"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ankit_anubhav/status/1578257383133876225?s=20&t=Bu3CCJCzImpTGOQX_KGsdA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_qbot_payloads.yar#L2-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_qbot_payloads.yar#L2-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a5bd9eb72205f1398ec0b8773751309699b3267e0272dacf2728f8495c0c0ec2"
 		score = 75
 		quality = 83
@@ -373871,8 +374484,8 @@ rule SIGNATURE_BASE_Mal_Dropper_Httpexe_From_CAB : FILE
 		date = "2016-05-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/13Wgy1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_danti_svcmondr.yar#L10-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_danti_svcmondr.yar#L10-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d114a3ab348bba49a78852b87b712908bc974bf35a2b841099a232e761cad8f2"
 		score = 60
 		quality = 85
@@ -373896,8 +374509,8 @@ rule SIGNATURE_BASE_Mal_Http_EXE : FILE
 		date = "2016-05-25"
 		modified = "2023-01-27"
 		reference = "https://goo.gl/13Wgy1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_danti_svcmondr.yar#L27-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_danti_svcmondr.yar#L27-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0e28b64bbfd2b6d40f4bd82373624d22df3d5c45c22d7155747f0ff33976207d"
 		score = 80
 		quality = 85
@@ -373935,8 +374548,8 @@ rule SIGNATURE_BASE_Mal_Potplayer_DLL : FILE
 		date = "2016-05-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/13Wgy1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_danti_svcmondr.yar#L60-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_danti_svcmondr.yar#L60-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1d1b68fa8de2e4ddfa71cbcd5e166181370172cc8a3167ade2da393e4f7998f1"
 		score = 70
 		quality = 85
@@ -373961,8 +374574,8 @@ rule SIGNATURE_BASE_MAL_Webmonitor_RAT : FILE
 		date = "2018-04-13"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/04/unit42-say-cheese-webmonitor-rat-comes-c2-service-c2aas/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_webmonitor_rat.yar#L1-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_webmonitor_rat.yar#L1-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fbf6368527a7bd841b7679d668d6b77ce720fd0f6bcbd5fa9ff6301ae72199ec"
 		score = 75
 		quality = 85
@@ -373999,8 +374612,8 @@ rule SIGNATURE_BASE_MAL_WIPER_Bibi_Oct23 : FILE
 		date = "2023-11-01"
 		modified = "2023-12-05"
 		reference = "https://x.com/ESETresearch/status/1719437301900595444?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_bibi_wiper_oct23.yar#L24-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_bibi_wiper_oct23.yar#L24-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c22dc994005f91f81d0e8e5f8d400b12ecd28336866bc62b8527e104f6339372"
 		score = 75
 		quality = 85
@@ -374029,8 +374642,8 @@ rule SIGNATURE_BASE_Andromeda_Malbot_Jun_1A : FILE
 		date = "2017-06-30"
 		modified = "2022-12-21"
 		reference = "http://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli-hospitals/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_andromeda_jun17.yar#L12-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_andromeda_jun17.yar#L12-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5958608ad5527628c4b6cbe08badbff39a50dcdb6cf603f6fbb5fa32ef61c0c7"
 		score = 75
 		quality = 85
@@ -374064,8 +374677,8 @@ rule SIGNATURE_BASE_APT_MAL_Falsefont_Backdoor_Jan24 : FILE
 		date = "2024-01-11"
 		modified = "2024-04-24"
 		reference = "https://twitter.com/MsftSecIntel/status/1737895710169628824"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_peach_sandstorm.yar#L1-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_peach_sandstorm.yar#L1-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "364275326bbfc4a3b89233dabdaf3230a3d149ab774678342a40644ad9f8d614"
 		logic_hash = "9a1b3779b63dd7fa8ddc84067dec09542518e9acebbf5d3b45cb75ec4add1158"
 		score = 80
@@ -374096,8 +374709,8 @@ rule SIGNATURE_BASE_MAL_ELF_Xlogin_Nov24_1 : FILE
 		date = "2024-11-11"
 		modified = "2024-12-12"
 		reference = "https://blog.sekoia.io/solving-the-7777-botnet-enigma-a-cybersecurity-quest/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_xlogin_nov24.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_xlogin_nov24.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "42fe8a32022592ff976d6d2839d949e28f60c8958f64a20c1c3c9091fb64d31e"
 		score = 80
 		quality = 85
@@ -374124,8 +374737,8 @@ rule SIGNATURE_BASE_Destructive_Ransomware_Gen1 : FILE
 		date = "2018-02-12"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2018/02/olympic-destroyer.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_olympic_destroyer.yar#L13-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_olympic_destroyer.yar#L13-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1f7a41c5a7e812e0e26b346cc6465290b17aff31620cbcf6e01c569d8eea2dbd"
 		score = 75
 		quality = 85
@@ -374151,8 +374764,8 @@ rule SIGNATURE_BASE_Olympicdestroyer_Gen2 : FILE
 		date = "2018-02-12"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2018/02/olympic-destroyer.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_olympic_destroyer.yar#L30-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_olympic_destroyer.yar#L30-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1bcf0e95d9de62271a09f6ac64ce65debc91e541e1fccfe5c31661466c00bd5e"
 		score = 75
 		quality = 85
@@ -374185,8 +374798,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Commvault_CVE_2025_57791_Aug25_1 : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_commvault_cve_2025_57791.yar#L1-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_commvault_cve_2025_57791.yar#L1-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d5c6815a5ca3b03ef8f76ed7b378800012c763f90fcba2187bb07d81ce01d832"
 		score = 60
 		quality = 85
@@ -374208,8 +374821,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Commvault_CVE_2025_57791_Aug25_2 : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_commvault_cve_2025_57791.yar#L16-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_commvault_cve_2025_57791.yar#L16-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "61e3ddc09157badb2a1abf30da2cc35cac1a723db1134a37cb667be78209b845"
 		score = 65
 		quality = 85
@@ -374231,11 +374844,11 @@ rule SIGNATURE_BASE_SUSP_EXPL_Commvault_CVE_2025_57791_Artifact_Aug25 : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_commvault_cve_2025_57791.yar#L30-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_commvault_cve_2025_57791.yar#L30-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7a3f57509dc7e986fd6d00204deb5baec815e04e0e140a7751bab8ce18e8da62"
 		score = 75
-		quality = 35
+		quality = 60
 		tags = "FILE"
 
 	strings:
@@ -374256,8 +374869,8 @@ rule SIGNATURE_BASE_EXPL_JSP_Commvault_CVE_2025_57791_Aug25_1 : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_commvault_cve_2025_57791.yar#L47-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_commvault_cve_2025_57791.yar#L47-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "359b35ced874244901f64bc09456cfec7079421ef6bab58ea95a3b1887ecc858"
 		score = 75
 		quality = 85
@@ -374279,8 +374892,8 @@ rule SIGNATURE_BASE_EXPL_JSP_Commvault_CVE_2025_57791_Aug25_2 : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_commvault_cve_2025_57791.yar#L61-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_commvault_cve_2025_57791.yar#L61-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3375a33556a9b479f0c170de6e06c80ab0277f1356e4ac44bfe51d6a65a578fe"
 		score = 75
 		quality = 85
@@ -374303,11 +374916,11 @@ rule SIGNATURE_BASE_EXPL_LOG_Commvault_CVE_2025_57791_Indicator_Shell_Drop_Aug25
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_commvault_cve_2025_57791.yar#L76-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_commvault_cve_2025_57791.yar#L76-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f0e9fedba803b0cd8b1469bad7a50bf4647f7e2f786520caf5a79ac626879125"
 		score = 70
-		quality = 60
+		quality = 85
 		tags = ""
 
 	strings:
@@ -374325,8 +374938,8 @@ rule SIGNATURE_BASE_Shimrat
 		date = "2015-11-20"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_mofang.yar#L1-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_mofang.yar#L1-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0dd19e6a65b06bd5846ec224f01c3feea066540317223d1991154b2305882b20"
 		score = 75
 		quality = 85
@@ -374359,8 +374972,8 @@ rule SIGNATURE_BASE_Shimratreporter
 		date = "2015-11-20"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_mofang.yar#L28-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_mofang.yar#L28-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "931d65628e5f0b7c63fe270b0a6cd3890f41a4ee7e253ce056b37f2d55542258"
 		score = 75
 		quality = 85
@@ -374392,8 +375005,8 @@ rule SIGNATURE_BASE_VULN_Erlang_OTP_SSH_CVE_2025_32433_Apr25 : CVE_2025_32433 FI
 		date = "2025-04-18"
 		modified = "2025-04-28"
 		reference = "https://www.upwind.io/feed/cve-2025-32433-critical-erlang-otp-ssh-vulnerability-cvss-10"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/vuln_erlang_otp_ssh_cve_2025_32433.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/vuln_erlang_otp_ssh_cve_2025_32433.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "77d23956bd467a6eb56a91fa7a4bd939873363cd101a9d21b5b298c7b2e6c1ec"
 		score = 60
 		quality = 85
@@ -374419,8 +375032,8 @@ rule SIGNATURE_BASE_Beacon_K5Om : FILE
 		date = "2017-06-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt19.yar#L10-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt19.yar#L10-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4b1ec0fc6c0ad4e76c526f7568153bca62f9bffdd38a3b1eaa51a37a1dcab226"
 		score = 75
 		quality = 85
@@ -374449,8 +375062,8 @@ rule SIGNATURE_BASE_FE_LEGALSTRIKE_MACRO
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt19.yar#L34-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt19.yar#L34-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b38edeedcc02168d3ba7e82c3f5c6963ffc8ce1688eeb424ce686484f3687512"
 		score = 75
 		quality = 85
@@ -374475,8 +375088,8 @@ rule SIGNATURE_BASE_FE_LEGALSTRIKE_RTF : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_apt19.yar#L52-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_apt19.yar#L52-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "af811694076f7d53ee76713538839c4ec82c591518d59d5988dcb893bfd32ffe"
 		score = 75
 		quality = 85
@@ -374504,8 +375117,8 @@ rule SIGNATURE_BASE_EXPL_Zoho_RCE_Fix_Lines_Dec21_1 : FILE
 		date = "2021-12-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1467784104930385923"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_zoho_rcef_logs.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_zoho_rcef_logs.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e6d9c3364da57c03a5e838f485deefabec2f3ec67d19a9017e564ba702a72d03"
 		score = 65
 		quality = 85
@@ -374531,8 +375144,8 @@ rule SIGNATURE_BASE_APT_PY_Bluelight_Loader : INKYSQUID
 		date = "2021-06-22"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_inkysquid.yar#L39-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_inkysquid.yar#L39-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e7e18a6d648b1383706439ba923335ac4396f6b5d2a3dc8f30f63ded7df29eda"
 		score = 75
 		quality = 85
@@ -374559,8 +375172,8 @@ rule SIGNATURE_BASE_APT_MAL_Win_Decrok : INKYSQUID
 		date = "2021-06-23"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_inkysquid.yar#L61-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_inkysquid.yar#L61-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6a452d088d60113f623b852f33f8f9acf0d4197af29781f889613fed38f57855"
 		logic_hash = "47fa03e95ac17ba7195858cd63b1769e5d56ab8a5edf872b345989b767050b87"
 		score = 75
@@ -374586,8 +375199,8 @@ rule SIGNATURE_BASE_APT_NK_Scarcruft_RUBY_Shellcode_XOR_Routine : APT
 		date = "2021-05-20"
 		modified = "2023-12-05"
 		reference = "https://medium.com/s2wlab/matryoshka-variant-of-rokrat-apt37-scarcruft-69774ea7bf48"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_inkysquid.yar#L104-L133"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_inkysquid.yar#L104-L133"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a97041a06729d639c22a4ee272cc96555345b692fc0da8b62e898891d02b23ea"
 		score = 75
 		quality = 85
@@ -374611,8 +375224,8 @@ rule SIGNATURE_BASE_APT_NK_Scarcruft_Evolved_ROKRAT : APT FILE
 		date = "2021-07-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/s2wlab/matryoshka-variant-of-rokrat-apt37-scarcruft-69774ea7bf48"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nk_inkysquid.yar#L135-L179"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nk_inkysquid.yar#L135-L179"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "01a2f410687c943d6c6e421ffacfe42f9e7b6afb82e43ba03a8d525e075a3a3c"
 		score = 75
 		quality = 85
@@ -374650,8 +375263,8 @@ rule SIGNATURE_BASE_SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1 : FILE
 		date = "2022-03-03"
 		modified = "2022-03-04"
 		reference = "https://twitter.com/cyb3rops/status/1499514240008437762"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_nvidia_leaked_cert.yar#L4-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_nvidia_leaked_cert.yar#L4-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e7e9e58ec1e3922471ad3ffd4ad9fbb3ac4b3c3841c35d1cd8886607f3cf1ab9"
 		score = 70
 		quality = 85
@@ -374669,8 +375282,8 @@ rule SIGNATURE_BASE_MAL_UNC2891_Slapstick : FILE
 		date = "2022-03-30"
 		modified = "2023-01-05"
 		reference = "https://github.com/fboldewin/YARA-rules/tree/master"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_unc2891_mal_jan23.yar#L19-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_unc2891_mal_jan23.yar#L19-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4bc51a47a1b620c3bb950c287c38a37e528e79f9720fb4d9fa9ebecbeca82036"
 		score = 75
 		quality = 85
@@ -374697,8 +375310,8 @@ rule SIGNATURE_BASE_SUSP_VHD_Suspicious_Small_Size : FILE
 		date = "2019-12-21"
 		modified = "2023-01-27"
 		reference = "https://twitter.com/MeltX0R/status/1208095892877774850"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_vhd_anomaly.yar#L2-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_vhd_anomaly.yar#L2-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0bd5b113714854feaa89d52d4bab6a4a00f0dcb7fd816fa7b036eb43d3ea0dd8"
 		score = 50
 		quality = 83
@@ -374726,8 +375339,8 @@ rule SIGNATURE_BASE_Ghostdragon_Gh0Strat : FILE
 		date = "2016-04-23"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/the-ghost-dragon"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ghostdragon_gh0st_rat.yar#L8-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ghostdragon_gh0st_rat.yar#L8-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b67c7ff76c14e771c4e952a408c2c006c9ae88fda97b775747a95322aff355e7"
 		score = 75
 		quality = 83
@@ -374775,8 +375388,8 @@ rule SIGNATURE_BASE_Ghostdragon_Gh0Strat_Sample2 : FILE
 		date = "2016-04-23"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/the-ghost-dragon"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ghostdragon_gh0st_rat.yar#L54-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ghostdragon_gh0st_rat.yar#L54-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f41776a033be766844c9867902d2ef9b79bf59bdf212f0158eccf79db0810460"
 		score = 75
 		quality = 85
@@ -374802,8 +375415,8 @@ rule SIGNATURE_BASE_Ghostdragon_Gh0Strat_Sample3
 		date = "2016-04-23"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/the-ghost-dragon"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ghostdragon_gh0st_rat.yar#L77-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ghostdragon_gh0st_rat.yar#L77-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "39ddb94ac14032f88e54e413ed650277e95f6dcf66219fcf43a01aff1f10a058"
 		score = 75
 		quality = 85
@@ -374829,8 +375442,8 @@ rule SIGNATURE_BASE_Susp_File_Enumerator_With_Encrypted_Resource_101 : FILE
 		date = "2025-01-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stonedrill.yar#L12-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stonedrill.yar#L12-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2cd0a5f1e9bcce6807e57ec8477d222a"
 		hash = "c843046e54b755ec63ccb09d0a689674"
 		logic_hash = "0a207038b3cbba88d05cd6a053fd14337ac1fbb08b2a532b542ee2bb6b881a5a"
@@ -374857,8 +375470,8 @@ rule SIGNATURE_BASE_Stonedrill_Main_Sub : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stonedrill.yar#L43-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stonedrill.yar#L43-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "794094c0cbb81f6f971e16de36d444351b17cf38a91d8210f914b80da7d9ed26"
 		score = 75
 		quality = 85
@@ -374882,8 +375495,8 @@ rule SIGNATURE_BASE_Stonedrill_BAT_1 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stonedrill.yar#L65-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stonedrill.yar#L65-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d7263a527cae45072082c0f2fd0abc33acb2a25b34c06becf36fbd36f0697d5c"
 		score = 75
 		quality = 85
@@ -374909,8 +375522,8 @@ rule SIGNATURE_BASE_Stonedrill_Service_Install : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stonedrill.yar#L82-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stonedrill.yar#L82-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "52abe90c7f87ffeace4b58f9959e5a21c475bfa7ae2c5bc2744fe5fe43ffdda8"
 		score = 75
 		quality = 85
@@ -374935,8 +375548,8 @@ rule SIGNATURE_BASE_Stonedrill_Ntssrvr32 : FILE
 		date = "2017-03-07"
 		modified = "2023-01-27"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stonedrill.yar#L98-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stonedrill.yar#L98-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f1122aba53f32b10bd5f43cb619aa5d668b1457f3a5ea2a68c97254ab8631faa"
 		score = 75
 		quality = 85
@@ -374964,8 +375577,8 @@ rule SIGNATURE_BASE_Stonedrill_Malware_2 : FILE
 		date = "2017-03-07"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stonedrill.yar#L120-L145"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stonedrill.yar#L120-L145"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "cb1f8b24465ad8ca19dd540b1f8b63a73bc2624958bf45547b15c10583d07281"
 		score = 75
 		quality = 60
@@ -374999,8 +375612,8 @@ rule SIGNATURE_BASE_Stonedrill : FILE
 		date = "2017-03-07"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stonedrill.yar#L147-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stonedrill.yar#L147-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ef7173e259f985083d5451a2d464047b40112a084a05d471797d5dbf2d0fb21d"
 		score = 75
 		quality = 85
@@ -375031,8 +375644,8 @@ rule SIGNATURE_BASE_Stonedrill_VBS_1 : FILE
 		date = "2017-03-07"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_stonedrill.yar#L172-L192"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_stonedrill.yar#L172-L192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "79416d27a6a09d544becd84f8e551c09b94c97181f8fddc481f47e42763d47ac"
 		score = 75
 		quality = 85
@@ -375061,8 +375674,8 @@ rule SIGNATURE_BASE_Sofacy_Malware_Strangespaces : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_dec15.yar#L8-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_dec15.yar#L8-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ee8bbebaa0978d038424cee3775ba312476afa014ce0d57c73d6844f758116ca"
 		score = 75
 		quality = 85
@@ -375087,8 +375700,8 @@ rule SIGNATURE_BASE_Sofacy_Malware_AZZY_Backdoor_1 : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_dec15.yar#L25-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_dec15.yar#L25-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb"
 		logic_hash = "9c99f218d856d374423cada147bc38c8319f9ebff1e43e012143fad7af992d29"
 		score = 75
@@ -375113,8 +375726,8 @@ rule SIGNATURE_BASE_Sofacy_AZZY_Backdoor_Implant_1 : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_dec15.yar#L42-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_dec15.yar#L42-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "1bab1a3e0e501d3c14652ecf60870e483ed4e90e500987c35489f17a44fef26c"
 		logic_hash = "b6ddf1274ed78db0c7183e3cc8063c01e4d011bc2947ec05449f3fd0df2050e7"
 		score = 75
@@ -375141,8 +375754,8 @@ rule SIGNATURE_BASE_Sofacy_AZZY_Backdoor_Helperdll : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_dec15.yar#L61-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_dec15.yar#L61-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "6cd30c85dd8a64ca529c6eab98a757fb326de639a39b597414d5340285ba91c6"
 		logic_hash = "100903551eeacf4266fc97a09949bdafe05e94698bed7cea295c8e970df22ec8"
 		score = 75
@@ -375167,8 +375780,8 @@ rule SIGNATURE_BASE_Sofacy_Collectorstealer_Gen1 : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_dec15.yar#L80-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_dec15.yar#L80-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1b6693fa45fed5ed001d8fb4b43427c7036d95cb36b125e7242864d000085018"
 		score = 75
 		quality = 85
@@ -375195,8 +375808,8 @@ rule SIGNATURE_BASE_Sofacy_Collectorstealer_Gen2 : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_dec15.yar#L99-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_dec15.yar#L99-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "e917166adf6e1135444f327d8fff6ec6c6a8606d65dda4e24c2f416d23b69d45"
 		hash = "92dcb0d8394d0df1064e68d90cd90a6ae5863e91f194cbaac85ec21c202f581f"
 		hash = "b1f2d461856bb6f2760785ee1af1a33c71f84986edf7322d3e9bd974ca95f92d"
@@ -375223,8 +375836,8 @@ rule SIGNATURE_BASE_Sofacy_Collectorstealer_Gen3 : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_dec15.yar#L118-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_dec15.yar#L118-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "92dcb0d8394d0df1064e68d90cd90a6ae5863e91f194cbaac85ec21c202f581f"
 		hash = "4e4606313c423b681e11110ca5ed3a2b2632ec6c556b7ab9642372ae709555f3"
 		logic_hash = "8e7f56013629d8b4d0c7600552590e8073deb16d5b6dced11444c2110b88f387"
@@ -375256,8 +375869,8 @@ rule SIGNATURE_BASE_Winnti_Fonfig : FILE
 		date = "2017-01-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/VbvJtL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_ms_report_201701.yar#L10-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_ms_report_201701.yar#L10-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "715892268431bf76cf9bf0bdbeaf4129befdc590b5b2dcae479d95dfe77561a4"
 		score = 75
 		quality = 85
@@ -375281,8 +375894,8 @@ rule SIGNATURE_BASE_Winnti_Nlaifsvc : FILE
 		date = "2017-01-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/VbvJtL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_ms_report_201701.yar#L26-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_ms_report_201701.yar#L26-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7268c79baf37174e04b391ae42cdd6014f17478c5b89d0c7b8042eb839324f87"
 		score = 75
 		quality = 85
@@ -375307,8 +375920,8 @@ rule SIGNATURE_BASE_CVE_2015_1701_Taihou : CVE_2015_1701 FILE
 		date = "2015-05-13"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/W4nU0q"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2015_1701.yar#L2-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2015_1701.yar#L2-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d230e036c303642c40bdf83be2b097f6e447a7e7d4292c495179edbae8a4124c"
 		score = 70
 		quality = 85
@@ -375342,8 +375955,8 @@ rule SIGNATURE_BASE_EXPL_CVE_2021_1647_Apr21_1 : CVE_2021_1647 FILE
 		date = "2021-05-04"
 		modified = "2023-12-05"
 		reference = "https://attackerkb.com/topics/DzXZpEuBeP/cve-2021-1647-microsoft-windows-defender-zero-day-vulnerability"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/expl_cve_2021_1647.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/expl_cve_2021_1647.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b0e1809ba10e5ea624e1c4d2e948c928c590b40e6315def8cb1216930ead8579"
 		score = 75
 		quality = 85
@@ -375369,8 +375982,8 @@ rule SIGNATURE_BASE_HKTL_Reverse_Connect_TCP_PTY_Shell : FILE
 		date = "2019-10-19"
 		modified = "2023-12-05"
 		reference = "https://github.com/infodox/python-pty-shells/blob/master/tcp_pty_backconnect.py"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_python_pty_shell.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_python_pty_shell.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6b92077f9ff775ae3f8166f47a32aaa872fcbf7fcefc3789e5411388aac5403a"
 		score = 75
 		quality = 85
@@ -375395,8 +376008,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Gen_1 : FILE
 		date = "2016-04-22"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nanocore_rat.yar#L8-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nanocore_rat.yar#L8-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "09fab3ef1b4ca9092fd69fb09c4ef759946fcb5b84161441bff797bb4009ed00"
 		score = 70
 		quality = 85
@@ -375423,8 +376036,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Gen_2 : FILE
 		date = "2016-04-22"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nanocore_rat.yar#L28-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nanocore_rat.yar#L28-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "23b3d149012fb8395b7daa2ecaf3ee66fdeac352ac94d632d76e52df2c6e8ea6"
 		score = 100
 		quality = 85
@@ -375449,8 +376062,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Sample_1 : FILE
 		date = "2016-04-22"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nanocore_rat.yar#L46-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nanocore_rat.yar#L46-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c74e5fe7e9d4dd7f032281b0e617f2355bc5844acf04a8ffbfd42165c7d9b8e4"
 		score = 75
 		quality = 85
@@ -375475,8 +376088,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Sample_2 : FILE
 		date = "2016-04-22"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nanocore_rat.yar#L64-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nanocore_rat.yar#L64-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "505176b7320e95c652f0b6fdc6fadc3d16ff30115263862ba61209fa2fb82a2d"
 		score = 75
 		quality = 85
@@ -375501,8 +376114,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Feb18_1 : FILE
 		date = "2018-02-19"
 		modified = "2023-12-05"
 		reference = "Internal Research - T2T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nanocore_rat.yar#L92-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nanocore_rat.yar#L92-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "824fd7304fb298ced69811078aa2dd23d7116554cffb8b6e4b690fccc93a4caf"
 		score = 75
 		quality = 85
@@ -375531,8 +376144,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Feb18_2 : FILE
 		date = "2018-02-19"
 		modified = "2023-12-05"
 		reference = "Internal Research - T2T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_nanocore_rat.yar#L117-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_nanocore_rat.yar#L117-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c104e431a4ecc0d18d7eb74e7a55d32bf8978ee922637d48f3f6a9466a0f5b1a"
 		score = 75
 		quality = 85
@@ -375563,8 +376176,8 @@ rule SIGNATURE_BASE_Corkowdll : FILE
 		date = "2016-01-02"
 		modified = "2023-12-05"
 		reference = "https://www.group-ib.ru/brochures/Group-IB-Corkow-Report-EN.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_corkow_dll.yar#L3-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_corkow_dll.yar#L3-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "072112c79f20ba08b7ef71d3dacff7eb947b4a27bf6381ce788e229f2f791cdf"
 		score = 75
 		quality = 85
@@ -375586,8 +376199,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Conticrypter
 		date = "2021-03-17"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_ransom_conti.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_ransom_conti.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "256fbd028a91da45049e2e861e16e97201f09cb92ab049eda373c80e6a796726"
 		score = 75
 		quality = 85
@@ -375612,8 +376225,8 @@ rule SIGNATURE_BASE_HKTL_Khepri_Beacon_Sep21_1 : FILE
 		date = "2021-09-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/geemion/Khepri/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_khepri.yar#L2-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_khepri.yar#L2-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c688dbda6006ef28305285f6aeec24a23cbfe9174d09cf4e3586bd0cf7290e60"
 		score = 90
 		quality = 85
@@ -375649,8 +376262,8 @@ rule SIGNATURE_BASE_Shifu_Banking_Trojan : FILE
 		date = "2015-09-01"
 		modified = "2023-12-05"
 		reference = "https://securityintelligence.com/shifu-masterful-new-banking-trojan-is-attacking-14-japanese-banks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_shifu_trojan.yar#L8-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_shifu_trojan.yar#L8-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f65fa80638e6a8bf8c5afb3dbe1262572ca0a7c56507369934ac3d958f3e6267"
 		score = 75
 		quality = 85
@@ -375678,8 +376291,8 @@ rule SIGNATURE_BASE_SHIFU_Banking_Trojan : FILE
 		date = "2015-10-31"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/52n8WE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_shifu_trojan.yar#L29-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_shifu_trojan.yar#L29-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "01f5217ee4e81b0b2ff37ccc7eed353ace26aa68538cce5bc207c0c071f0850a"
 		score = 70
 		quality = 85
@@ -375721,8 +376334,8 @@ rule SIGNATURE_BASE_SUSP_CMD_Var_Expansion : FILE
 		date = "2018-09-26"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/asfakian/status/1044859525675843585"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_susp_cmd_var_expansion.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_susp_cmd_var_expansion.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "68ce14cac07494645f3b5f1d61012e4fe21cfa9fa7ad4019add2368b568fe043"
 		score = 60
 		quality = 85
@@ -375744,8 +376357,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Malicious_Samples_Mar23_1 : FILE
 		date = "2023-03-29"
 		modified = "2023-04-20"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L3-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L3-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "68f4007791d365900c84e32e076aa3cac9f3a9ed46de297f1005306554ee13f5"
 		score = 85
 		quality = 85
@@ -375776,8 +376389,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Malicious_Samples_Mar23_2 : FILE
 		date = "2023-03-29"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/dan__mayer/status/1641170769194672128?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L32-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L32-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dec8310c1f5b304a755737a0005bb33b1762f21ed380b2b98b0f5427948ab930"
 		score = 80
 		quality = 60
@@ -375805,8 +376418,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Malicious_Samples_Mar23_3
 		date = "2023-03-29"
 		modified = "2023-12-05"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L56-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L56-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "adfe04904d796690631e5841ee1ee10c767f9f4c340e5b9df78918e981359d4d"
 		score = 80
 		quality = 85
@@ -375833,8 +376446,8 @@ rule SIGNATURE_BASE_SUSP_APT_MAL_NK_3CX_Malicious_Samples_Mar23_1
 		date = "2023-03-29"
 		modified = "2023-04-20"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L81-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L81-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dcce1f5e769a2821d746a960cd333f8042fb71c8469aa41c29bbbd0dce79369c"
 		score = 75
 		quality = 85
@@ -375859,8 +376472,8 @@ rule SIGNATURE_BASE_APT_SUSP_NK_3CX_RC4_Key_Mar23_1 : FILE
 		date = "2023-03-29"
 		modified = "2023-12-05"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L100-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L100-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8324b537b149ad3816b12ae0f887f66a284a8e1ef4fe7cf51eb21d59c0f055b9"
 		score = 70
 		quality = 85
@@ -375886,8 +376499,8 @@ rule SIGNATURE_BASE_SUSP_3CX_App_Signed_Binary_Mar23_1 : FILE
 		date = "2023-03-29"
 		modified = "2023-12-05"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L119-L139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L119-L139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "3834b5ebb5a0db27a452fda1c97c921b2c9c8702505738232b15a3ed4a47dc47"
 		score = 65
 		quality = 85
@@ -375912,8 +376525,8 @@ rule SIGNATURE_BASE_SUSP_3CX_MSI_Signed_Binary_Mar23_1 : FILE
 		date = "2023-03-29"
 		modified = "2023-12-05"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L141-L166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L141-L166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b0fa9821a02803473ce8139b19d005968b03c9765cff5b9ae5428a259d88cc9f"
 		score = 60
 		quality = 85
@@ -375939,8 +376552,8 @@ rule SIGNATURE_BASE_APT_MAL_Macos_NK_3CX_Malicious_Samples_Mar23_1 : FILE
 		date = "2023-03-30"
 		modified = "2023-12-05"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L168-L184"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L168-L184"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c2733c2f7dcca82e5a0b2301777fb54853d04dfa893bcf88ecbec34d37e1a38a"
 		score = 80
 		quality = 85
@@ -375965,8 +376578,8 @@ rule SIGNATURE_BASE_APT_MAL_Macos_NK_3CX_DYLIB_Mar23_1
 		date = "2023-03-30"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e52c76de1e995cc7084ddb390b60f4bc66e5bdf89aaa28ef3fd70578ed3145a6"
 		score = 80
 		quality = 85
@@ -375998,8 +376611,8 @@ rule SIGNATURE_BASE_APT_SUSP_NK_3CX_Malicious_Samples_Mar23_1
 		date = "2023-03-30"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L216-L232"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L216-L232"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6ab8a4ac184eaba6eb56bfc49d6fa03f9b0877d75294aa9a242e9ac96482fab0"
 		score = 70
 		quality = 85
@@ -376024,8 +376637,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Malicious_Samples_Mar23_4
 		date = "2023-03-29"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/WhichbufferArda/status/1641404343323688964?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L234-L249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L234-L249"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "851c2c99ebafd4e5e9e140cfe3f2d03533846ca16f8151ae8ee0e83c692884b7"
 		logic_hash = "2fd56527a094b1f155cf33af402328835d4fb8aee9a058742d3e3763acef9e46"
 		score = 80
@@ -376049,8 +376662,8 @@ rule SIGNATURE_BASE_MAL_3Cxdesktopapp_Macos_Backdoor_Mar23 : FILE
 		date = "2023-03-30"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67"
 		logic_hash = "777a0a29c376f3697021dd627e716c31bda7933c5f40a8fe79b80e3cea46ce43"
 		score = 80
@@ -376075,8 +376688,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_ICONIC_Stealer_Mar23_1 : FILE
 		date = "2023-03-31"
 		modified = "2023-12-05"
 		reference = "https://github.com/volexity/threat-intel/blob/main/2023/2023-03-30%203CX/attachments/iconicstealer.7z"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L279-L304"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L279-L304"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1f57a2af4a5b9e71e2b72ddc3839400731d9d37eb4349c393b37b3f86c0c7f73"
 		score = 80
 		quality = 85
@@ -376105,8 +376718,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Macos_Elextron_App_Mar23_1 : FILE
 		date = "2023-03-31"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L306-L328"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L306-L328"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "00dd28c3edd94e04e35ee9e3a43c30b5a0a1ad21ec8ecf2099bbeb9de2fca8d0"
 		score = 80
 		quality = 85
@@ -376132,8 +376745,8 @@ rule SIGNATURE_BASE_MAL_3Cxdesktopapp_Macos_Updateagent_Mar23 : FILE
 		date = "2023-03-30"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/patrickwardle/status/1641692164303515653?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L330-L354"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L330-L354"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9e9a5f8d86356796162cee881c843cde9eaedfb3"
 		logic_hash = "0818a8f0b59a9baaefaa0b505f8261e0e0df283e79da8e95dc71e9afdca224ab"
 		score = 80
@@ -376159,8 +376772,8 @@ rule SIGNATURE_BASE_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23_2
 		date = "2023-04-29"
 		modified = "2023-12-05"
 		reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L373-L392"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L373-L392"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "c4887a5cd6d98e273ba6e9ea3c1d8f770ef26239819ea24a1bfebd81d6870505"
 		logic_hash = "a15f7f06be5e620baf33d595afc35246dae0307978984af832940a74ef2c84eb"
 		score = 80
@@ -376187,8 +376800,8 @@ rule SIGNATURE_BASE_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23_3
 		date = "2023-04-29"
 		modified = "2023-12-05"
 		reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L394-L410"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L394-L410"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "595392959b609caf088d027a23443cf2fefd043607ccdec3de19ad3bb43a74b1"
 		logic_hash = "58f860926db4a7dfefbd39ee35efaa0081b7e31a361efce02f5144266ab652a6"
 		score = 80
@@ -376213,8 +376826,8 @@ rule SIGNATURE_BASE_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23_4
 		date = "2023-04-29"
 		modified = "2023-12-05"
 		reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_mal_3cx_compromise_mar23.yar#L412-L428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_mal_3cx_compromise_mar23.yar#L412-L428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9b0761f81afb102bb784b398b16faa965594e469a7fcfdfd553ced19cc17e70b"
 		logic_hash = "ad22df404d948073428fc35b0c8fbfea25da3bc66e46ea6397ff751ae65d5939"
 		score = 80
@@ -376240,8 +376853,8 @@ rule SIGNATURE_BASE_Microcin_Sample_1 : FILE
 		date = "2017-09-26"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_microcin.yar#L13-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_microcin.yar#L13-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e7eb967035257490db2537ba46fd1f1e378fc33f93e7f65412949e987194a9db"
 		score = 75
 		quality = 85
@@ -376270,8 +376883,8 @@ rule SIGNATURE_BASE_Microcin_Sample_2 : FILE
 		date = "2017-09-26"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_microcin.yar#L38-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_microcin.yar#L38-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "99feb3e1672f69c4cf41a100e9ba64421fd75c3554306a1bf1475da6f1e14ed1"
 		score = 75
 		quality = 85
@@ -376295,8 +376908,8 @@ rule SIGNATURE_BASE_Microcin_Sample_3 : FILE
 		date = "2017-09-26"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_microcin.yar#L54-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_microcin.yar#L54-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bf1227460f1fc4a7bede853b0d4f15b520db870ac7ce2e6684dc195ea6322e82"
 		score = 75
 		quality = 85
@@ -376320,8 +376933,8 @@ rule SIGNATURE_BASE_Microcin_Sample_4 : FILE
 		date = "2017-09-26"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_microcin.yar#L70-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_microcin.yar#L70-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1293fbd1a6b440168bb1d7b250df0c8a1a7f99a7fb603a6abec7fe7ba20cf4f5"
 		score = 75
 		quality = 85
@@ -376350,8 +376963,8 @@ rule SIGNATURE_BASE_Microcin_Sample_5 : FILE
 		date = "2017-09-26"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_microcin.yar#L92-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_microcin.yar#L92-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "18b9b80ad3c27f32c71197f33e5e99742662cf5cf4ed5f83d574d44ba63f8b5f"
 		score = 75
 		quality = 85
@@ -376379,8 +376992,8 @@ rule SIGNATURE_BASE_Microcin_Sample_6 : FILE
 		date = "2017-09-26"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_microcin.yar#L112-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_microcin.yar#L112-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "280fb17b5ed5ff1c8018e426969f75e18589eabeb2a20e0e623f206e72e8958d"
 		score = 75
 		quality = 85
@@ -376406,8 +377019,8 @@ rule SIGNATURE_BASE_ATM_Malware_Javadispcash_1 : FILE
 		date = "2019-03-28"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/r3c0nst/status/1111254169623674882"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_atm_javadipcash.yar#L1-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_atm_javadipcash.yar#L1-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "9a714571281844cfe7193b7c183b86b797ef5de5d1922eacaf45dad8d41cfc52"
 		score = 75
 		quality = 85
@@ -376435,8 +377048,8 @@ rule SIGNATURE_BASE_HKTL_Powersploit
 		date = "2018-06-23"
 		modified = "2023-12-05"
 		reference = "https://www.hybrid-analysis.com/sample/16937e76db6d88ed0420ee87317424af2d4e19117fe12d1364fee35aa2fadb75?environmentId=100"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_powersploit_dropper.yar#L1-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_powersploit_dropper.yar#L1-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "00bc389147926f3b474a7072381bb8b9cddad3ff581a5d2182006a674e0c0163"
 		score = 75
 		quality = 81
@@ -376460,8 +377073,8 @@ rule SIGNATURE_BASE_Venom_Rootkit : FILE
 		date = "2017-01-12"
 		modified = "2023-12-05"
 		reference = "https://security.web.cern.ch/security/venom.shtml"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_venom_linux_rootkit.yar#L10-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_venom_linux_rootkit.yar#L10-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0b2211edc6737e9da3e43bec9ef823e80c6bd6463adbb10d6839e9914aed22ac"
 		score = 75
 		quality = 85
@@ -376494,8 +377107,8 @@ rule SIGNATURE_BASE_APT_Lazarus_Dropper_Jun18_1 : FILE
 		date = "2018-06-01"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DrunkBinary/status/1002587521073721346"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_jun18.yar#L13-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_jun18.yar#L13-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "868297209177471f29c9653747d3205f55a14b74a5da64562b20ebeadb14b1cf"
 		score = 60
 		quality = 40
@@ -376521,8 +377134,8 @@ rule SIGNATURE_BASE_APT_Lazarus_RAT_Jun18_1 : FILE
 		date = "2018-06-01"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DrunkBinary/status/1002587521073721346"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_jun18.yar#L34-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_jun18.yar#L34-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7260f766ffd1122319ca69a6c87b0baa98d5727929f2e063a5b2edb05a44d827"
 		score = 75
 		quality = 85
@@ -376558,8 +377171,8 @@ rule SIGNATURE_BASE_APT_Lazarus_RAT_Jun18_2 : FILE
 		date = "2018-06-01"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DrunkBinary/status/1002587521073721346"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_lazarus_jun18.yar#L68-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_lazarus_jun18.yar#L68-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b22b8386791e86f787efc40a394bbabdb4a009fc2d1a7b87aaf5039fc977a5bd"
 		score = 75
 		quality = 85
@@ -376585,8 +377198,8 @@ rule SIGNATURE_BASE_APT_ME_Bigbang_Gen_Jul18_1 : FILE
 		date = "2018-07-09"
 		modified = "2023-12-05"
 		reference = "https://research.checkpoint.com/apt-attack-middle-east-big-bang/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bigbang.yar#L3-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bigbang.yar#L3-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "496994ee035aa09233c648cf4ec0d1e84ceb970917b4dc5208a1390ec6eb39c2"
 		score = 75
 		quality = 85
@@ -376619,8 +377232,8 @@ rule SIGNATURE_BASE_APT_ME_Bigbang_Mal_Jul18_1 : FILE
 		date = "2018-07-09"
 		modified = "2023-12-05"
 		reference = "https://research.checkpoint.com/apt-attack-middle-east-big-bang/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_bigbang.yar#L31-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_bigbang.yar#L31-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "da45482b465549fce0f088c5818dff4a734faa2e4fbcec43b750893d1c3fefad"
 		score = 75
 		quality = 85
@@ -376650,8 +377263,8 @@ rule SIGNATURE_BASE_Hermes2_1 : FILE
 		date = "2017-10-11"
 		modified = "2023-12-05"
 		reference = "https://baesystemsai.blogspot.de/2017/10/taiwan-heist-lazarus-tools.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_hermes_ransom.yar#L1-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_hermes_ransom.yar#L1-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "b27881f59c8d8cc529fa80a58709db36"
 		logic_hash = "85a7b3ec89f2bf32e5520a7c5c84661383be71abd8dae3d072d75d5b1118db24"
 		score = 75
@@ -376684,8 +377297,8 @@ rule SIGNATURE_BASE_MAL_Passwordstate_Moserware_Backdoor_Apr21_1 : FILE
 		date = "2021-04-25"
 		modified = "2023-12-05"
 		reference = "https://thehackernews.com/2021/04/passwordstate-password-manager-update.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/mal_passwordstate_backdoor.yar#L1-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/mal_passwordstate_backdoor.yar#L1-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "46bf5b7f4f75997535742021d1d5c2129daae0b3836c08383058e5e5b8e27d93"
 		score = 75
 		quality = 85
@@ -376714,8 +377327,8 @@ rule SIGNATURE_BASE_OSX_Backdoor_Bella : FILE
 		date = "2018-02-23"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/JohnLaTwC/status/911998777182924801"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_osx_backdoor_bella.yar#L2-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_osx_backdoor_bella.yar#L2-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "4288a81779a492b5b02bad6e90b2fa6212fa5f8ee87cc5ec9286ab523fc02446 cec7be2126d388707907b4f9d681121fd1e3ca9f828c029b02340ab1331a5524 e1cf136be50c4486ae8f5e408af80b90229f3027511b4beed69495a042af95be"
 		logic_hash = "c2fa72072decd850698fbaaa9c2a6687cdf64e6bac068ff52a97963053db4339"
 		score = 75
@@ -376750,8 +377363,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Scripts
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron_extras.yar#L1-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron_extras.yar#L1-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "275ec8de40ae973b4ec4c891c56a70fc2fd05abff258b8015d986d0106506367"
 		score = 75
 		quality = 85
@@ -376785,8 +377398,8 @@ rule SIGNATURE_BASE_HKTL_Dsniff
 		date = "2019-02-19"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron_extras.yar#L27-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron_extras.yar#L27-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0edd3ba7e78ee2810aa3c7643a96382c1fe0b5e627913a5a9bac2e83c8d40274"
 		score = 55
 		quality = 85
@@ -376807,8 +377420,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Arping_Module
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron_extras.yar#L41-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron_extras.yar#L41-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d87e91441994c4ed863596d79c108c9f72adfb708f885cb63a881eb25aa089b7"
 		score = 75
 		quality = 85
@@ -376832,8 +377445,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Kblogi_Module
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron_extras.yar#L57-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron_extras.yar#L57-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "bba87b17a62fc968e89d4f6d10de06875c6b7f47c8bb7ae3f7932804b23a8e87"
 		score = 75
 		quality = 85
@@ -376857,8 +377470,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Basex_Module
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron_extras.yar#L73-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron_extras.yar#L73-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "90cfb58017d62312c56908aca1a48bb7425f5cd51540298ecf65305b46ffb2c8"
 		score = 75
 		quality = 85
@@ -376882,8 +377495,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Dext_Module
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron_extras.yar#L89-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron_extras.yar#L89-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7dbfb3ddfffa6fa65800e07fdcc527650474740afa658567efe46830587cedae"
 		score = 75
 		quality = 85
@@ -376908,8 +377521,8 @@ rule SIGNATURE_BASE_Hacktool_This_Cruft : FILE
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron_extras.yar#L106-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron_extras.yar#L106-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "875c34e8048c3f98afc97683d0b3086c3396753cd9fb14bc68681c63ed77fd51"
 		score = 60
 		quality = 85
@@ -376931,8 +377544,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M1 : FILE
 		date = "2016-08-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron_extras.yar#L130-L148"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron_extras.yar#L130-L148"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c81c996e487bdd840111513724ccf1220ee3bd8280d776aa4c128ef5263ee136"
 		score = 75
 		quality = 85
@@ -376959,8 +377572,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M2 : FILE
 		date = "2016-08-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron_extras.yar#L150-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron_extras.yar#L150-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "57099a802ee62a5183156f0b30713553b6fd83bbb5e1b453e9b25da0109b8777"
 		score = 75
 		quality = 85
@@ -376986,8 +377599,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M3 : FILE
 		date = "2016-08-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron_extras.yar#L169-L186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron_extras.yar#L169-L186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "739414990d112dd16e01831408ba745b04fae7621eb9074f73babbc40b69e1ad"
 		score = 75
 		quality = 85
@@ -377013,8 +377626,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M4 : FILE
 		date = "2016-08-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron_extras.yar#L188-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron_extras.yar#L188-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0735ba9591a9cf06cd13ba480b4559ef83105ab08ffcec21ebbbfdf3766edb93"
 		score = 75
 		quality = 85
@@ -377041,8 +377654,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M6 : FILE
 		date = "2016-08-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron_extras.yar#L208-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron_extras.yar#L208-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "95ca9a0b2e71e7152d20a01d238e7362024c6dac6fc95ed2ebfa96dcbc8dbd40"
 		score = 75
 		quality = 85
@@ -377069,8 +377682,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M7 : FILE
 		date = "2016-08-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_project_sauron_extras.yar#L228-L261"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_project_sauron_extras.yar#L228-L261"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d132ddeb1d26b035565d3707b73d401fb413315febe26ac291cb05bfeca7c41d"
 		score = 75
 		quality = 85
@@ -377107,8 +377720,8 @@ rule SIGNATURE_BASE_Hiddencobra_Rule_1
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-164A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hidden_cobra.yar#L11-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hidden_cobra.yar#L11-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e8bb844d72b7d7564caec0d0842889000c77611eeb24ac5c5cb35072a92c9d10"
 		score = 75
 		quality = 85
@@ -377136,8 +377749,8 @@ rule SIGNATURE_BASE_Hiddencobra_Rule_3
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-164A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hidden_cobra.yar#L52-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hidden_cobra.yar#L52-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6c0e385e46fe9d6cde7d2bc8ef059cfd8c33ef5b17e9fcd7cea97863fb8d2c24"
 		score = 75
 		quality = 85
@@ -377177,8 +377790,8 @@ rule SIGNATURE_BASE_APT_Hiddencobra_Ghostsecret_1 : FILE
 		date = "2018-08-11"
 		modified = "2023-12-05"
 		reference = "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hidden_cobra.yar#L87-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hidden_cobra.yar#L87-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b1e72ca66520152b444cc415bdf54921ebba9671519d3b0327316cee2bf0ba1d"
 		score = 75
 		quality = 85
@@ -377202,8 +377815,8 @@ rule SIGNATURE_BASE_APT_Hiddencobra_Ghostsecret_2 : FILE
 		date = "2018-08-11"
 		modified = "2023-12-05"
 		reference = "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hidden_cobra.yar#L103-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hidden_cobra.yar#L103-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "878711f5e1a8a3cfefdaf13fc08a4778fba9d2f729248784cf72b610c8bc5e17"
 		score = 75
 		quality = 85
@@ -377229,8 +377842,8 @@ rule SIGNATURE_BASE_APT_MAL_HOPLIGHT_NK_Hiddencobra_Apr19_1 : FILE
 		date = "2019-04-13"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR19-100A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hidden_cobra.yar#L124-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hidden_cobra.yar#L124-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "6cd036129ea54f4e3a2c52bf9ebd04e2d368e737cf83ca34a8feb79ea477a3af"
 		score = 75
 		quality = 85
@@ -377253,8 +377866,8 @@ rule SIGNATURE_BASE_APT_MAL_HOPLIGHT_NK_Hiddencobra_Apr19_2 : FILE
 		date = "2019-04-13"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR19-100A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hidden_cobra.yar#L139-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hidden_cobra.yar#L139-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "741d69b470ac230d502116ebd5f09bbf4bdbbbdd7e70b97a4bd5d3f2c8e148ef"
 		score = 75
 		quality = 85
@@ -377279,8 +377892,8 @@ rule SIGNATURE_BASE_APT_MAL_HOPLIGHT_NK_Hiddencobra_Apr19_3 : FILE
 		date = "2019-04-13"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR19-100A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hidden_cobra.yar#L156-L185"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hidden_cobra.yar#L156-L185"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5cbdf0c4c5025bc1d95d27a32fa69efb329e8f74243646a31458fea225d21875"
 		score = 75
 		quality = 85
@@ -377315,8 +377928,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_Loader : FILE
 		date = "2022-04-14"
 		modified = "2025-07-01"
 		reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_twisted_panda.yar#L1-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_twisted_panda.yar#L1-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b7f4f31a26b5f968b1d5c82d9165b4d45d75336993b113dda54fd37f628639ee"
 		score = 80
 		quality = 85
@@ -377342,8 +377955,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_SPINNER_1 : FILE
 		date = "2022-04-14"
 		modified = "2025-07-01"
 		reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_twisted_panda.yar#L46-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_twisted_panda.yar#L46-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e7abe4b3f4225596131882a9175f9ac2e45ba00557950772a8e4d1eaeab97d05"
 		score = 80
 		quality = 85
@@ -377369,8 +377982,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_SPINNER_2 : FILE
 		date = "2022-04-14"
 		modified = "2025-07-01"
 		reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_twisted_panda.yar#L82-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_twisted_panda.yar#L82-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d1e34903e58fb76671a076acbb9f26e10d511c8f00be90b4901d61b73b90a9a7"
 		score = 80
 		quality = 85
@@ -377398,8 +378011,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_64Bit_Loader : FILE
 		date = "2022-04-14"
 		modified = "2025-07-01"
 		reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_twisted_panda.yar#L120-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_twisted_panda.yar#L120-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "644547f9fa6ca3f34ea32e06896f341e0c92f5c57dee3c478aed0cdf87b2f3de"
 		score = 80
 		quality = 85
@@ -377423,8 +378036,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_Droppers : FILE
 		date = "2022-04-14"
 		modified = "2025-07-01"
 		reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_cn_twisted_panda.yar#L157-L194"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_cn_twisted_panda.yar#L157-L194"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "820b4796511dcf98cdc8017a39cc2c65e44d8d9a20f55803aa1ddd36f649c83a"
 		score = 80
 		quality = 85
@@ -377453,8 +378066,8 @@ rule SIGNATURE_BASE_SUSP_ELF_LNX_UPX_Compressed_File : FILE
 		date = "2018-12-12"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_elf_file_anomalies.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_elf_file_anomalies.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0d310de1ab68bd6da9ae057c7edea0d6b24d408f85ec40c2306f1ac8a2bc2f55"
 		score = 40
 		quality = 85
@@ -377479,8 +378092,8 @@ rule SIGNATURE_BASE_Hiddencobra_R4_Wiper_1 : FILE
 		date = "2017-12-12"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hiddencobra_wiper.yar#L8-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hiddencobra_wiper.yar#L8-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "0e88b7f8491e87cce0deb5f246ca521bdb556b9c79c697559bdf8b0b332e714e"
 		score = 75
 		quality = 85
@@ -377502,8 +378115,8 @@ rule SIGNATURE_BASE_Hiddencobra_R4_Wiper_2 : FILE
 		date = "2017-12-12"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hiddencobra_wiper.yar#L22-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hiddencobra_wiper.yar#L22-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "f537f67be28f854db0d56199d2a43f90cf6c80469a6f9853db0cd550440c7e1f"
 		score = 75
 		quality = 85
@@ -377525,8 +378138,8 @@ rule SIGNATURE_BASE_Apt_Win32_Dll_Rat_Hizorrat : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hizor_rat.yar#L1-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hizor_rat.yar#L1-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4e3224d34db788d2cba9da74690bf75429d6e8a516d7666d0331e465d08640cb"
 		score = 75
 		quality = 85
@@ -377557,8 +378170,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_1 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_molerats_jul17.yar#L11-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_molerats_jul17.yar#L11-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1b7f00dfb83f5da46663d94f238b55e375743edbdb01701a78922b87c72c518a"
 		score = 75
 		quality = 85
@@ -377581,8 +378194,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_2 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_molerats_jul17.yar#L27-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_molerats_jul17.yar#L27-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "35a517039474dcc5d503a48ca17e544166ee2ed44417ea5e7711093d3956f80c"
 		score = 75
 		quality = 85
@@ -377607,8 +378220,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_3 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_molerats_jul17.yar#L44-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_molerats_jul17.yar#L44-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4829905ede523fd9ed2cdf610f8fce4c0a5d993885e1897d1782ca70e96fa9a2"
 		score = 75
 		quality = 85
@@ -377633,8 +378246,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_4 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_molerats_jul17.yar#L61-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_molerats_jul17.yar#L61-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "dec058ae52a860f4850d7b8024b96c5a9044fdcebadbc12b384f5a6dfae91634"
 		score = 75
 		quality = 85
@@ -377659,8 +378272,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_5 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_molerats_jul17.yar#L78-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_molerats_jul17.yar#L78-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "eb2bb54fc1749d8422cdc8e084e1fa66981611128f56e7d7d678f177d37b7cdd"
 		score = 75
 		quality = 85
@@ -377686,8 +378299,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_Dropper : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_molerats_jul17.yar#L97-L112"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_molerats_jul17.yar#L97-L112"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b356d8dbca8f4d11dda976e7eb03c993d05af35d13113b8c85fb07531a0203dc"
 		score = 75
 		quality = 85
@@ -377712,8 +378325,8 @@ rule SIGNATURE_BASE_Hiddencobra_BANKSHOT_Gen : FILE
 		date = "2017-12-26"
 		modified = "2022-06-10"
 		reference = "https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hiddencobra_bankshot.yar#L11-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hiddencobra_bankshot.yar#L11-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "db4d396736ab42942f1a11a819419410e388b011e8992ad187c2f484d637c99c"
 		score = 75
 		quality = 83
@@ -377767,8 +378380,8 @@ rule SIGNATURE_BASE_Unauthorized_Proxy_Server_RAT
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_hiddencobra_bankshot.yar#L67-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_hiddencobra_bankshot.yar#L67-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7ede26272ddcb25dca2b44ff08b232f358078872f6cf76491b0fd8d65772c60d"
 		score = 75
 		quality = 85
@@ -377804,8 +378417,8 @@ rule SIGNATURE_BASE_URL_File_Local_EXE : FILE
 		date = "2017-10-04"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/malwareforme/status/915300883012870144"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/gen_url_to_local_exe.yar#L1-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/gen_url_to_local_exe.yar#L1-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "b85b723142f52ade68f6eb8ba54bb7dffafce0df6d1ae8a7c08b3ce621ccadd4"
 		score = 60
 		quality = 60
@@ -377829,8 +378442,8 @@ rule SIGNATURE_BASE_Tophat_Malware_Jan18_1 : FILE
 		date = "2018-01-29"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/#appendix"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_tophat.yar#L13-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_tophat.yar#L13-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "69a1e1105b28d66203f74e68038efacc926e501e28a73865485adf2fd7fc0ac0"
 		score = 75
 		quality = 85
@@ -377861,8 +378474,8 @@ rule SIGNATURE_BASE_Tophat_Malware_Jan18_2 : FILE
 		date = "2018-01-29"
 		modified = "2023-01-06"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/#appendix"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_tophat.yar#L38-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_tophat.yar#L38-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2321e89559363c04ef0e92a9c9e03d11ff27410103b3aaba954b544e33961b2f"
 		score = 75
 		quality = 85
@@ -377890,8 +378503,8 @@ rule SIGNATURE_BASE_Tophat_BAT : FILE
 		date = "2018-01-29"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/#appendix"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_tophat.yar#L62-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_tophat.yar#L62-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "5dc58fa39d8b2aed95b39da575191fe5d10d5dd95b57c320cde8983505e7184f"
 		score = 75
 		quality = 85
@@ -377917,8 +378530,8 @@ rule SIGNATURE_BASE_SUSP_BAT_OBFUSC_Jul24_1 : FILE
 		date = "2024-07-12"
 		modified = "2024-12-12"
 		reference = "https://x.com/0xToxin/status/1811656147943752045"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/susp_bat_obfusc_jul24.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/susp_bat_obfusc_jul24.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "683f4651eb8c5b74eca16e7f97c5c44f0d70f045ea49f1f3726cb6975aba2ab9"
 		score = 70
 		quality = 85
@@ -377939,8 +378552,8 @@ rule SIGNATURE_BASE_SUSP_BAT_OBFUSC_Jul24_2 : FILE
 		date = "2024-07-12"
 		modified = "2024-12-12"
 		reference = "https://x.com/0xToxin/status/1811656147943752045"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/susp_bat_obfusc_jul24.yar#L18-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/susp_bat_obfusc_jul24.yar#L18-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "729ec93d180bf39c146c3fd847655340428abc3231b556ca51d3ca68825e7c3e"
 		score = 70
 		quality = 85
@@ -377961,8 +378574,8 @@ rule SIGNATURE_BASE_SUSP_BAT_OBFUSC_Jul24_3 : FILE
 		date = "2024-07-12"
 		modified = "2024-12-12"
 		reference = "https://x.com/0xToxin/status/1811656147943752045"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/susp_bat_obfusc_jul24.yar#L37-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/susp_bat_obfusc_jul24.yar#L37-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ecbe7850349f0368620ff4294e5d0ca277983799eed510f8bf8abe4d4c192197"
 		score = 70
 		quality = 85
@@ -377985,8 +378598,8 @@ rule SIGNATURE_BASE_MAL_Devilstongue_Hijackdll : FILE
 		date = "2021-07-15"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_candiru.yar#L3-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_candiru.yar#L3-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "4ad58a77f9ab5fa078dc40f3ec1d0b0180f25ff3ea304a3c85889df29739e0f5"
 		score = 80
 		quality = 85
@@ -378015,8 +378628,8 @@ rule SIGNATURE_BASE_Hdroot_Sample_Jul17_1 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "Winnti HDRoot VT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_hdroot.yar#L11-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_hdroot.yar#L11-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "41127e6d70af4b095555285f3d5570fc4dbe2a7918664502057cdc4fed8fab33"
 		score = 75
 		quality = 85
@@ -378041,8 +378654,8 @@ rule SIGNATURE_BASE_Hdroot_Sample_Jul17_2 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "Winnti HDRoot VT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_hdroot.yar#L28-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_hdroot.yar#L28-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "94288abb5c4da7c4b07eeae55070797af1556dac35ad012aff1bbe8c05e0a215"
 		score = 75
 		quality = 85
@@ -378085,8 +378698,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Jul17_1A : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "Winnti HDRoot VT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_winnti_hdroot.yar#L66-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_winnti_hdroot.yar#L66-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e23af53be3e700055ea6536669065c131e7f674d45e43a389447c8c1f549dee5"
 		score = 75
 		quality = 85
@@ -378113,11 +378726,11 @@ rule SIGNATURE_BASE_LOG_APT_WEBSHELL_Solarwinds_SUNBURST_Report_Webshell_Dec20_2
 		date = "2020-12-21"
 		modified = "2023-12-05"
 		reference = "https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_solarwinds_susp_sunburst.yar#L21-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_solarwinds_susp_sunburst.yar#L21-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ec52e244a483ace0f6932b553b159b23b767c00d1f64a4711e5f359832e846f5"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = ""
 
 	strings:
@@ -378135,8 +378748,8 @@ rule SIGNATURE_BASE_APT_Hiddencobra_Enc_PK_Header : HIDDEN_COBRA TYPEFRAME FILE
 		date = "2018-04-12"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ar18_165a.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ar18_165a.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d0c8345b69e5f421fd93bc239031f2e51a120ae64be1eca0c1fdae2aa55ac42a"
 		score = 75
 		quality = 85
@@ -378163,8 +378776,8 @@ rule SIGNATURE_BASE_APT_Hiddencobra_Import_Obfuscation_2 : HIDDEN_COBRA TYPEFRAM
 		date = "2018-04-12"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ar18_165a.yar#L21-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ar18_165a.yar#L21-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d52fc053afc6b3beb35a6dfd0f9b3714a5bad4e9b0dcfcce7be87d65f0a0c23e"
 		score = 75
 		quality = 85
@@ -378194,8 +378807,8 @@ rule SIGNATURE_BASE_APT_NK_AR18_165A_Hiddencobra_Import_Deob : HIDDEN_COBRA TYPE
 		date = "2018-04-12"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ar18_165a.yar#L43-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ar18_165a.yar#L43-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "ae769e62fef4a1709c12c9046301aa5d"
 		hash = "e48fe20eblf5a5887f2ac631fed9ed63"
 		logic_hash = "2eff83738ca4f2db8327c1ee2a9539d7ce882a315025a656d391c16079e432cb"
@@ -378222,8 +378835,8 @@ rule SIGNATURE_BASE_APT_NK_AR18_165A_1 : FILE
 		date = "2018-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_ar18_165a.yar#L62-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_ar18_165a.yar#L62-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "7b87c537c9ff38329a5e1e39d5ad1d6cef724c580f246721443eab603534b29d"
 		score = 75
 		quality = 85
@@ -378247,8 +378860,8 @@ rule SIGNATURE_BASE_Wannacry_Ransomware : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HG2j5T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_wannacry.yar#L12-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_wannacry.yar#L12-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "a652444d7946dbbc4fae76cd01f2e20993999fd1e6fc48a9ac0da57aab87a2da"
 		score = 75
 		quality = 83
@@ -378290,8 +378903,8 @@ rule SIGNATURE_BASE_Wannacry_Ransomware_Gen : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-132A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_wannacry.yar#L48-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_wannacry.yar#L48-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "8f81c918dc1e2c8ef2e334ae504f88b10aef9e54a64486061d45296d2d738aab"
 		score = 75
 		quality = 85
@@ -378319,8 +378932,8 @@ rule SIGNATURE_BASE_Wanncry_M_Vbs : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HG2j5T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_wannacry.yar#L68-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_wannacry.yar#L68-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "e4606834535b4cad2e0d4a9bf6519fc4d749422fa4920f91fed9147ccfdff090"
 		score = 75
 		quality = 85
@@ -378345,8 +378958,8 @@ rule SIGNATURE_BASE_Wanncry_BAT : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HG2j5T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_wannacry.yar#L85-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_wannacry.yar#L85-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "472c6aa0f1b5229d639ef347ea39947d3fd292cda3c4086e29a19b64daad4f3f"
 		score = 75
 		quality = 85
@@ -378372,8 +378985,8 @@ rule SIGNATURE_BASE_Wannacry_Ransomnote : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HG2j5T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_wannacry.yar#L103-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_wannacry.yar#L103-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "da814848f4616166bd7b92fa1d55a54b565fa8e6036cb895e5795448e989a99d"
 		score = 75
 		quality = 85
@@ -378397,8 +379010,8 @@ rule SIGNATURE_BASE_APT_Lazaruswannacry : FILE
 		date = "2017-05-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/neelmehta/status/864164081116225536"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/crime_wannacry.yar#L121-L147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/crime_wannacry.yar#L121-L147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "9c7c7149387a1c79679a87dd1ba755bc"
 		hash = "ac21c8ad899727137c4b94458d7aa8d8"
 		logic_hash = "8b32f1ea45a346088a18761540df3387997b53ea853f7a53cd292c9224f11209"
@@ -378434,8 +379047,8 @@ rule SIGNATURE_BASE_Zxshell_Related_Malware_CN_Group_Jul17_1 : FILE
 		date = "2017-07-08"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/cat-phishing/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_zxshell.yar#L12-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_zxshell.yar#L12-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "30195ff91bd62e32784040f9ec2cf72db90ef1c75056abfd9740f35ce1baccd9"
 		score = 75
 		quality = 85
@@ -378463,8 +379076,8 @@ rule SIGNATURE_BASE_Zxshell_Related_Malware_CN_Group_Jul17_2 : FILE
 		date = "2017-07-08"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/cat-phishing/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_zxshell.yar#L32-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_zxshell.yar#L32-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "d7c9f2af3842d60cf4b0b64bdb687a32014b449b42b101394e0424c12fc2808e"
 		score = 75
 		quality = 85
@@ -378498,8 +379111,8 @@ rule SIGNATURE_BASE_Zxshell_Related_Malware_CN_Group_Jul17_3 : FILE
 		date = "2017-07-08"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/cat-phishing/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_zxshell.yar#L60-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_zxshell.yar#L60-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1d7dd59cf6ef24ce47431f9f3fbc980019880082b4e6162bae70b64abaa26db7"
 		score = 75
 		quality = 85
@@ -378523,8 +379136,8 @@ rule SIGNATURE_BASE_Zxshell_Jul17 : FILE
 		date = "2017-07-08"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/cat-phishing/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_zxshell.yar#L76-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_zxshell.yar#L76-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "2c7467417ffc8b0ed3037ace9ce4183c9d4a90d1c087a420dd3c7a9c422621b1"
 		score = 75
 		quality = 85
@@ -378560,8 +379173,8 @@ rule SIGNATURE_BASE_Zxshell_20171211_Chrsben : FILE
 		date = "2017-12-11"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/snc85M"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_zxshell.yar#L115-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_zxshell.yar#L115-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "361441404582b0eaca25954f7fe1a3a3b9fefd15cac78d61408bc50aeb78bb61"
 		score = 75
 		quality = 85
@@ -378587,8 +379200,8 @@ rule SIGNATURE_BASE_MAL_DNSPIONAGE_Malware_Nov18 : FILE
 		date = "2018-11-30"
 		modified = "2023-01-06"
 		reference = "https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dnspionage.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dnspionage.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "c7f148b790c391283ac833236ad7fd3af7af517098adeaf88b8ee8d95df11487"
 		score = 75
 		quality = 85
@@ -378615,8 +379228,8 @@ rule SIGNATURE_BASE_APT_Dnspionage_Karkoff_Malware_Apr19_1 : FILE
 		date = "2019-04-24"
 		modified = "2023-12-05"
 		reference = "https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_dnspionage.yar#L23-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_dnspionage.yar#L23-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1e8157cec7e70f7c95dffecd1c5a820f29825586a95f2a5c6e4db0a51b1d4708"
 		score = 75
 		quality = 85
@@ -378648,8 +379261,8 @@ rule SIGNATURE_BASE_Apt_RU_Turla_Kazuar_Debugview_Pefeatures : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.epicturla.com/blog/sysinturla"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_kazuar.yar#L15-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_kazuar.yar#L15-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "10c2e47e5c1885c7dc19d1fb7933c9b15911cbe4c6fba99b7f763738ae934126"
 		score = 85
 		quality = 85
@@ -378670,8 +379283,8 @@ rule SIGNATURE_BASE_APT_MAL_RU_Turla_Kazuar_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://www.epicturla.com/blog/sysinturla"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_turla_kazuar.yar#L61-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_turla_kazuar.yar#L61-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "547ed3cd88057ab91a0804ecf515eacca04fcf6e490aed1ee0f6a26c3d6b8268"
 		score = 75
 		quality = 85
@@ -378699,12 +379312,12 @@ rule SIGNATURE_BASE_EXPL_Office_Templateinjection_Aug19 : FILE
 		modified = "2025-03-20"
 		old_rule_name = "EXPL_Office_TemplateInjection"
 		reference = "https://attack.mitre.org/techniques/T1221/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/susp_office_template_injection.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/susp_office_template_injection.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "f2bdf3716b39d29a9c6c3b7b3355e935594b8d8e9149a784a59dc2381fa1628a"
 		logic_hash = "8f79a12a7d1e7284fe19d925910988dbbe7448e73df8d5d075310997d09a6348"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -378724,8 +379337,8 @@ rule SIGNATURE_BASE_EXPL_RAR_Archive_With_Path_Traversal_Aug25 : CVE_2025_8088 C
 		date = "2025-08-11"
 		modified = "2025-08-11"
 		reference = "https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_rar_archive_with_path_traversal_aug25.yar#L1-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_rar_archive_with_path_traversal_aug25.yar#L1-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		hash = "2a8fafa01f6d3863c87f20905736ebab28d6a5753ab708760c0b6cf3970828c3"
 		hash = "dfab2f25c9d870f30bbc4abb873d155cf4904ece536714fb9cd32b2e0126dfab"
 		hash = "107f3d1fe28b67397d21a6acca5b6b35def1aeb62a67bc10109bd73d567f9806"
@@ -378751,11 +379364,11 @@ rule SIGNATURE_BASE_Rtf_CVE_2018_0802 : CVE_2018_0802 FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://www.freebuf.com/vuls/159789.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/exploit_cve_2018_0802.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/exploit_cve_2018_0802.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "ac1cd4f2162d2c8415e2ee5167cabb8e8aff08a06afe244f5bfe099f2d3fbeb4"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = "CVE-2018-0802, FILE"
 
 	strings:
@@ -378774,8 +379387,8 @@ rule SIGNATURE_BASE_Sofacy_Fybis_ELF_Backdoor_Gen1 : FILE
 		date = "2016-02-13"
 		modified = "2023-01-27"
 		reference = "http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_fysbis.yar#L9-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_fysbis.yar#L9-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "fb5239aa75512c8c83b066e64b75469f90fb22cb0918af1e44edb29e7ab38206"
 		score = 80
 		quality = 85
@@ -378807,8 +379420,8 @@ rule SIGNATURE_BASE_Sofacy_Fysbis_ELF_Backdoor_Gen2 : FILE
 		date = "2016-02-13"
 		modified = "2023-12-05"
 		reference = "http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/yara/apt_sofacy_fysbis.yar#L37-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/1cfa4a0b2f6be888aa4e12b6dd48e39a5df3939c/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/yara/apt_sofacy_fysbis.yar#L37-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/72d12c2f43c845ceafba3e7011c166df020fb990/LICENSE"
 		logic_hash = "1d50a789e9c43fce27f3ad390cbdd9533c61e4f263cec1aa1abfba6545e55c57"
 		score = 80
 		quality = 85